[Closed] ativtmx.dll virus!

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

[Closed] ativtmx.dll virus!

Options

cereal_killerxx View Member Profile	Dec 15 2008, 12:40 AM Post #1
Authentic Member Group: Authentic Member Posts: 28 Joined: 15-December 08 Member No.: 82,965 Operating System: Windows XP Professional SP3	For the past few days, my computer has been acting slower in Internet Explorer and Firefox Mozilla. It has been either going slow when moving to pages or redirecting me to another site or 404 type of page. So, I decided to update my Spybot search and destroy and download AVG antivirus free with all the newest updates. Rebooted my computer into safe mode. After scanning with both programs and finding quite a bit of stuff, i went back into regular mode only to find that every minute or so, AVG pops up with ativtmx.dll virus. And for all I know, there still might be more viruses and stuff! Please help! Here's my log file from hijackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:38:08 AM, on 12/15/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\lxddcoms.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O1 - Hosts: 208.69.57.87 game01.us.segaonline.jp O1 - Hosts: 208.69.57.87 patch01.us.segaonline.jp O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {52A94784-A36E-4517-8729-0456A7098E23} - C:\Program Files\MSN\mesofimyt.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: (no name) - {68EF0032-B354-4A54-9E49-FFFDABDB2936} - C:\WINDOWS\system32\ativtmx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {983CD211-164D-48C7-9B84-38E1745DCA1C} - C:\WINDOWS\system32\ativvax.dll (file missing) O2 - BHO: 0 - {9F754ED1-20E8-4123-A898-D6C75F20638F} - C:\Program Files\Common Files\qufax.dll (file missing) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Svcs: Dnscache] C:\DOCUME~1\Jesse\LOCALS~1\Temp\16360\explorer.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [install] C:\WINDOWS\WINDOWS\install.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [install] C:\WINDOWS\WINDOWS\install.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F091885-8A80-478E-8F48-C53508CA12FD} (DekaronAutoPlay Control) - http://file.dekaron.co.kr/_DownUtil/syscab/Dekaron.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://legendofares.netgame.com/download/m...anagerv1001.cab O16 - DPF: {9BEEA7FF-FF76-403C-B124-86D9835435F0} (GameChu Login Control) - http://file.gamechu.net/dl/download/sessionctrl.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://keycrypt.levelupgames.co.in/nProtec...crypt/npkcx.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.phreik.com/controls/msnchat45.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat,avgrsstx.dll O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing) O21 - SSODL: JkSwxZfo - {588C74B3-F226-DE19-2803-20D675DC3D2B} - C:\WINDOWS\system32\yi.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\system32\aspi67655.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: spoolsv.exe - Unknown owner - c:\windows\system32\drivers\etc\Services.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11505 bytes

Replies

cereal_killerxx View Member Profile	Dec 15 2008, 03:15 PM Post #2
Authentic Member Group: Authentic Member Posts: 28 Joined: 15-December 08 Member No.: 82,965 Operating System: Windows XP Professional SP3	My computer still has issues. That dll file i mentioned earlier still pops up from AVG whenever I open up anything (I think I forgot to mention that before). Here are all the log files: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:10:52 PM, on 12/15/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: (no name) - {68EF0032-B354-4A54-9E49-FFFDABDB2936} - C:\WINDOWS\system32\ativtmx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F091885-8A80-478E-8F48-C53508CA12FD} (DekaronAutoPlay Control) - http://file.dekaron.co.kr/_DownUtil/syscab/Dekaron.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://legendofares.netgame.com/download/m...anagerv1001.cab O16 - DPF: {9BEEA7FF-FF76-403C-B124-86D9835435F0} (GameChu Login Control) - http://file.gamechu.net/dl/download/sessionctrl.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.phreik.com/controls/msnchat45.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: spoolsv.exe - Unknown owner - c:\windows\system32\drivers\etc\Services.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9511 bytes ComboFix 08-12-15.01 - Jesse 2008-12-15 15:57:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1536 [GMT -5:00] Running from: c:\documents and settings\Jesse\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Jesse\Application Data\inst.exe c:\temp\17o7 c:\temp\17o7\tmpTF.log c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\cs_cache.ini c:\windows\system32\config\systemprofile\application data\.rdr.ini c:\windows\system32\dumphive.exe c:\windows\system32\Process.exe c:\windows\system32\smpi1 c:\windows\system32\smpi1\DealioKit1-stub-0.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\WINDOWS . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASPI113210 -------\Legacy_CORE -------\Legacy_DRIVERPP -------\Legacy_EXAMPLE -------\Legacy_GB -------\Legacy_NDNET1 -------\Legacy_RUNTIME -------\Legacy_WINCOM32 -------\Service_aspi113210 ((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 ))))))))))))))))))))))))))))))) . 2008-12-15 15:27 . 2008-12-15 15:27 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll 2008-12-15 15:19 . 2008-12-15 15:19 <DIR> d-------- c:\windows\ERUNT 2008-12-15 15:08 . 2008-12-15 15:48 <DIR> d-------- C:\SDFix 2008-12-15 01:37 . 2008-12-15 01:37 <DIR> d-------- c:\program files\Trend Micro 2008-12-15 01:20 . 2008-12-15 01:20 <DIR> d-------- c:\program files\ERUNT 2008-12-14 20:11 . 2008-12-14 20:11 <DIR> d-------- c:\program files\PrevxCSI 2008-12-14 20:11 . 2008-12-14 20:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2008-12-14 20:11 . 2008-12-14 20:11 26,808 --a------ c:\windows\system32\drivers\pxark.sys 2008-12-14 20:09 . 2008-12-14 20:09 8,576 --a------ c:\windows\system32\drivers\jwuevecbaupr.sys 2008-12-14 16:51 . 2008-12-14 16:51 <DIR> d-------- c:\documents and settings\Administrator\Pavark 2008-12-14 16:34 . 2008-12-14 16:34 <DIR> d-------- c:\documents and settings\Jesse\Pavark 2008-12-14 16:34 . 2008-12-14 16:34 8,576 --a------ c:\windows\system32\drivers\cbqwlbykjvtj.sys 2008-12-14 16:28 . 2008-12-15 00:56 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-12-14 16:26 . 2008-12-14 16:26 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-12-14 16:26 . 2008-12-14 16:26 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-12-14 16:25 . 2008-12-15 09:26 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-12-14 16:25 . 2008-12-14 16:25 <DIR> d-------- c:\program files\AVG 2008-12-14 16:25 . 2008-12-14 16:25 <DIR> d-------- c:\documents and settings\Jesse\Application Data\AVGTOOLBAR 2008-12-14 16:25 . 2008-12-14 16:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-12-14 16:25 . 2008-12-14 16:25 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-12-14 14:51 . 2008-12-14 14:51 <DIR> d--hs---- c:\documents and settings\Jesse\PrivacIE 2008-12-14 14:44 . 2008-12-14 14:45 <DIR> d--h-c--- c:\windows\ie8 2008-12-14 04:00 . 2008-12-14 17:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier 2008-12-13 01:59 . 2008-04-13 19:11 95,744 --a------ c:\windows\system32\ativtmx.dll 2008-12-07 20:06 . 2008-12-07 20:13 <DIR> d-------- c:\program files\Phantasy Star Online Blue Burst 2008-12-04 16:48 . 2008-12-04 16:48 <DIR> d-------- c:\windows\system32\AGEIA 2008-12-04 16:48 . 2008-12-04 16:48 <DIR> d-------- c:\program files\AGEIA Technologies 2008-12-04 16:19 . 2008-12-12 15:31 <DIR> d-------- c:\program files\SpeedFan 2008-12-04 16:19 . 2008-12-04 16:19 45 --a------ c:\windows\system32\initdebug.nfo 2008-11-21 14:12 . 2008-11-21 14:12 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-11-21 14:12 . 2008-11-21 14:12 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2008-11-21 14:12 . 2008-11-21 14:12 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-15 19:31 --------- d-----w c:\program files\Steam 2008-12-14 19:44 31,616 ----a-w c:\windows\system32\drivers\Winir18.sys 2008-12-13 22:05 --------- d-----w c:\documents and settings\Jesse\Application Data\Vso 2008-12-13 09:46 --------- d-----w c:\documents and settings\Jesse\Application Data\mIRC 2008-12-04 22:08 --------- d-----w c:\program files\Java 2008-12-04 21:48 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-02 19:52 --------- d-----w c:\program files\StepMania 2008-11-21 19:29 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-21 19:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-17 20:39 --------- d-----w c:\program files\Lx_cats 2008-11-03 07:07 --------- d-----w c:\program files\SHARP 2008-10-26 23:39 --------- d-----w c:\program files\Midway Home Entertainment 2008-10-25 03:43 --------- d-----w c:\documents and settings\Jesse\Application Data\Move Networks 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 08:03 --------- d-----w c:\program files\LibUSB-Win32-0.1.10.1 2008-09-23 21:12 9,216 ----a-w C:\MsnHandWriting.dll 2008-02-27 05:46 47,360 ----a-w c:\documents and settings\Jesse\Application Data\pcouffin.sys 2008-02-06 21:15 87,608 ----a-w c:\documents and settings\Jesse\Application Data\ezpinst.exe 2007-05-07 04:10 279 ----a-w c:\program files\Common Files\qufax 2007-04-30 15:06 142 ----a-w c:\program files\Common Files\rtenem.html 2006-09-20 20:15 94,080 ----a-w c:\documents and settings\Jesse\Application Data\ezplay.sys 2007-06-02 18:24 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2007-06-02 18:24 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2007-06-02 18:24 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-07-11 02:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071020080711\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68EF0032-B354-4A54-9E49-FFFDABDB2936}] 2008-04-13 19:11 95744 --a------ c:\windows\system32\ativtmx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-11 180269] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-14 1261336] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2005-11-11 c:\windows\soundman.exe] c:\documents and settings\Jesse\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll "VIDC.JPEG"= JpegCode.dll "VIDC.MJPG"= JpegCode.dll "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winir18.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Jesse^Start Menu^Programs^Startup^Registration Far Cry.LNK] path=c:\documents and settings\Jesse\Start Menu\Programs\Startup\Registration Far Cry.LNK backup=c:\windows\pss\Registration Far Cry.LNKStartup [HKLM\~\startupfolder\C:^Documents and Settings^Jesse^Start Menu^Programs^Startup^Z_Start.lnk] path=c:\documents and settings\Jesse\Start Menu\Programs\Startup\Z_Start.lnk backup=c:\windows\pss\Z_Start.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-06-11 13:32 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2006-11-07 10:29 50736 c:\program files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-05-04 10:39 149040 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] --a------ 2006-10-31 19:34 43008 c:\program files\BitTorrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2006-06-12 13:32 700416 c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 04:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1] --a------ 2003-06-20 07:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 07:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] --a------ 2007-04-19 13:26 484904 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon] --a------ 2007-04-30 07:19 20480 c:\program files\Lexmark 2500 Series\lxddamon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe] --a------ 2007-06-11 18:27 291760 c:\program files\Lexmark 2500 Series\lxddmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] --a------ 2003-06-20 07:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-05-04 10:59 161328 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA Performance Examiner] --a------ 2008-10-07 13:33 797216 c:\windows\system32\nvcplui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2003-06-20 07:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2003-06-20 07:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-03-14 20:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-11 15:15 1410296 c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-09-11 23:10 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-08-28 09:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2006-06-21 12:14 35328 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2006-11-30 21:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2005-11-11 13:07 90112 c:\windows\soundman.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\system32\\sessmgr.exe"= R0 bkokjiex;bkokjiex;c:\windows\system32\drivers\bkokjiex.sys [2004-08-04 23424] R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-12-14 26808] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-14 97928] R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2006-08-29 13696] R1 BS_I2cIo;BS_I2cIo;\??\c:\windows\system32\drivers\BS_I2cIo.sys [2008-01-26 8192] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-14 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-14 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-14 76040] R2 CSIScanner;CSIScanner;"c:\program files\PrevxCSI\prevxcsi.exe" /service [2008-12-14 927288] R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service [] R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2005-12-31 24652] S0 Winir18;Winir18;c:\windows\system32\Drivers\Winir18.sys [2006-08-29 31616] S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2008-06-20 99248] S2 spoolsv.exe;spoolsv.exe;c:\windows\system32\drivers\etc\Services.exe /name:"spoolsv.exe" /start:"install.exe" [] S3 Acapips;Acapips; [] S3 BS_Flash;BS_Flash;\??\c:\program files\Tseries BIOS Update\Award\BS_Flash.sys [2008-07-16 3604] S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2008-10-16 28672] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-06-22 17920] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-06-22 7680] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-22 21632] S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;c:\windows\system32\DRIVERS\LSPMUSBX.sys [2004-07-26 666624] S3 XDva008;XDva008;\??\c:\windows\system32\XDva008.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{880e7acc-e6c6-11db-bb88-00e04ce9d8a9}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce79a42c-406f-11db-baa4-00e04ce9d8a9}] \Shell\AutoRun\command - E:\LaunchU3.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - BHO-{52A94784-A36E-4517-8729-0456A7098E23} - c:\program files\MSN\mesofimyt.dll BHO-{983CD211-164D-48C7-9B84-38E1745DCA1C} - c:\windows\system32\ativvax.dll BHO-{9F754ED1-20E8-4123-A898-D6C75F20638F} - c:\program files\Common Files\qufax.dll HKCU-Run-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe ShellExecuteHooks-{009D739E-D7A2-456A-AE04-EB9ABF822FE4} - c:\docume~1\Jesse\LOCALS~1\Temp\aow.dll SSODL-JkSwxZfo-{588C74B3-F226-DE19-2803-20D675DC3D2B} - c:\windows\system32\yi.dll MSConfigStartUp-au - c:\program files\Dealio\DealioAU.exe MSConfigStartUp-Brave-Sentry - c:\program files\BraveSentry\BraveSentry.exe MSConfigStartUp-Configuration Manager - c:\windows\cfg32.exe MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe MSConfigStartUp-install - c:\windows\WINDOWS\install.exe MSConfigStartUp-LoadMSvcmm - c:\program files\Movielink\MovielinkManager\Movielink User.exe MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~1.DLL MSConfigStartUp-NielsenOnline - c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe MSConfigStartUp-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe MSConfigStartUp-Pinnacle Game Profiler - c:\program files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE MSConfigStartUp-runner1 - c:\windows\retadpu27.exe MSConfigStartUp-spoolsvv - c:\windows\system32\spoolsvv.exe MSConfigStartUp-System - c:\windows\system32\kernels32.exe MSConfigStartUp-Windows update loader - c:\windows\xpupdate.exe MSConfigStartUp-{C7-74-4B-B2-ZN} - c:\windows\system32\dwdsregt.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ IE: ???????????????????????? IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: ???????????????????????? - c:\program files\Megaupload\Mega Manager\mm_file.htm c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab c:\windows\Downloaded Program Files\SysReqLab3.osd c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll c:\windows\system32\olepro32.dll c:\windows\Downloaded Program Files\DekaronAutoPlay.ocx c:\windows\Downloaded Program Files\GHSysInfo.ocx O16 -: {4F091885-8A80-478E-8F48-C53508CA12FD} hxxp://file.dekaron.co.kr/_DownUtil/syscab/Dekaron.CAB c:\windows\Downloaded Program Files\Dekaron.inf c:\windows\system32\sessionctrl.dll - O16 -: {9BEEA7FF-FF76-403C-B124-86D9835435F0} hxxp://file.gamechu.net/dl/download/sessionctrl.cab c:\windows\Downloaded Program Files\sessionctrl.inf FF - ProfilePath - c:\documents and settings\Jesse\Application Data\Mozilla\Firefox\Profiles\nssaw6hh.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-15 16:01:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\CTSVCCDA.EXE c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\lxddcoms.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\AVG\AVG8\avgrsx.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe . ********************************************************************** . Completion time: 2008-12-15 16:05:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-15 21:05:00 Pre-Run: 10,891,501,568 bytes free Post-Run: 10,873,139,200 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 327 --- E O F --- 2008-12-14 19:50:15 SDFix: Version 1.240 Run by Jesse on Mon 12/15/2008 at 03:28 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Rootkit Found : C:\WINDOWS\system32\drivers\WINMU86.sys - Rootkit Pandex/Cutwail - Runtime.sys Name : Driver WINMU86 Path : \??\C:\WINDOWS\system32\spoolsvv.sys System32\Drivers\Winmu86.sys Driver - Deleted WINMU86 - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting Service WINMU86 - Deleted after Reboot Checking Files : Trojan Files Found: C:\WINDOWS\system32\qvx5gamet2.exe - Deleted C:\Documents and Settings\Jesse\Application Data\.rdr.ini - Deleted C:\WINDOWS\s32.txt - Deleted C:\WINDOWS\search_res.txt - Deleted C:\WINDOWS\system32\drivers\etc\xdcc.ini - Deleted C:\WINDOWS\system32\kr_done1 - Deleted C:\WINDOWS\system32\WinCtrl32.dll - Deleted C:\WINDOWS\ws386.ini - Deleted C:\WINDOWS\system32\drivers\WINMU86.sys - Deleted Folder C:\Documents and Settings\All Users\Documents\Settings - Removed Folder C:\Program Files\Ipwindows - Removed Folder C:\Temp\tn3 - Removed Folder C:\WINDOWS\system32\drivers\etc\channels - Removed Folder C:\WINDOWS\system32\drivers\etc\download - Removed Folder C:\WINDOWS\system32\drivers\etc\scripts - Removed Folder C:\WINDOWS\system32\drivers\etc\server - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-15 15:44:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:675a2658 "s2"=dword:3f96d3a3 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:d6,69,eb,2a,33,1d,fe,f2,a6,a3,33,f8,56,03,3a,38,de,43,27,14,0b,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,11,cc,ab,9f,5f,7d,f9,2e,79,d6,03,45,8f,f7,ab,c8,b7,.. "khjeh"=hex:08,a2,a2,65,8c,ce,3e,cb,f8,7b,6c,60,4c,85,09,89,66,c8,18,77,dd,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:4c,cc,11,08,b3,f0,fc,f4,33,d7,a3,6b,ac,f4,f4,0d,49,01,34,26,d5,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:d6,69,eb,2a,33,1d,fe,f2,a6,a3,33,f8,56,03,3a,38,de,43,27,14,0b,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,11,cc,ab,9f,5f,7d,f9,2e,79,d6,03,45,8f,f7,ab,c8,b7,.. "khjeh"=hex:08,a2,a2,65,8c,ce,3e,cb,f8,7b,6c,60,4c,85,09,89,66,c8,18,77,dd,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:39,fc,c8,cf,8b,82,2c,9d,82,2a,4b,d0,aa,f9,d7,08,c8,12,69,68,d6,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:d6,69,eb,2a,33,1d,fe,f2,a6,a3,33,f8,56,03,3a,38,de,43,27,14,0b,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,11,cc,ab,9f,5f,7d,f9,2e,79,d6,03,45,8f,f7,ab,c8,b7,.. "khjeh"=hex:08,a2,a2,65,8c,ce,3e,cb,f8,7b,6c,60,4c,85,09,89,66,c8,18,77,dd,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:4c,cc,11,08,b3,f0,fc,f4,33,d7,a3,6b,ac,f4,f4,0d,49,01,34,26,d5,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services** : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "c:\\windows\\system32\\drivers\\etc\\install.exe"="c:\\windows\\system32\\drivers\\etc\\install.exe::Enabled:mIRC" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe::Enabled:Windows Live Call" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Lexmark 2500 Series\\app4r.exe"="C:\\Program Files\\Lexmark 2500 Series\\App4R.exe::Enabled:Printing Application" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe::Enabled:Windows Live Call" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll" Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll" Sun 13 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\SDHelper (Spybot - Search & Destroy)\SDHelper.dll" Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll" Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll" Sun 13 Apr 2008 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe" Wed 18 Oct 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe" Tue 3 Apr 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 6 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll" Finished!

Posts in this topic

cereal_killerxx [Closed] ativtmx.dll virus! Dec 15 2008, 12:40 AM

IndiGenus Hi and welcome to the forums here at WTT. Yes... Dec 15 2008, 08:15 AM

cereal_killerxx My computer still has issues. That dll file i ment... Dec 15 2008, 03:15 PM

IndiGenus This is a very seriously infected machine, with so... Dec 15 2008, 04:16 PM

cereal_killerxx The dll I mentioned earlier doesn't seem to po... Dec 15 2008, 04:50 PM

IndiGenus Download GMER from here: http://www.gmer.net/files... Dec 15 2008, 09:55 PM

cereal_killerxx GMER 1.0.14.14536 - http://www.gmer.net Rootkit sc... Dec 16 2008, 12:32 AM

IndiGenus Please download the OTMoveIt3 by OldTimer. Save i... Dec 16 2008, 01:42 PM

cereal_killerxx Here are the new logs: ========== PROCESSES =====... Dec 16 2008, 02:21 PM

IndiGenus 1. Please download The Avenger by Swandog46 to you... Dec 16 2008, 08:13 PM

cereal_killerxx Once again, another program that seems to fail L... Dec 16 2008, 09:38 PM

IndiGenus OK I don't think it's the tools fault here... Dec 17 2008, 01:03 PM

cereal_killerxx Here are the new log files once again. ComboFix ... Dec 17 2008, 02:16 PM

IndiGenus Finally! Sorry I did not see that service r... Dec 17 2008, 02:31 PM

cereal_killerxx Whatever problems/viruses are going on, they are a... Dec 17 2008, 09:47 PM

IndiGenus Hi, QUOTE Whatever problems/viruses are going on,... Dec 18 2008, 06:36 AM

cereal_killerxx While using javara to remove the older versions, i... Dec 18 2008, 02:35 PM

IndiGenus Did you try downloading Java right from the site, ... Dec 18 2008, 02:44 PM

cereal_killerxx That seemed to work Is there anything left to do ... Dec 18 2008, 03:29 PM

IndiGenus I think you are clean. How's it running now? Dec 18 2008, 03:41 PM

cereal_killerxx I'm still randomly getting those runtime error... Dec 18 2008, 04:57 PM

IndiGenus Can you give me a little more detail. Such as... ... Dec 18 2008, 05:42 PM

IndiGenus Due to inactivity this topic will be closed. If yo... Dec 26 2008, 04:12 PM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal Google Redirect Virus	1	ladykrimson	45	Today, 12:21 AM Last post by: oldman960
Infections Removal Facebook youtube video virus 12	15	ladyixnay	650	Yesterday, 11:40 PM Last post by: oldman960
Infections Removal Facebook Youtube Virus	2	voodu	135	Yesterday, 07:53 PM Last post by: ken545
Infections Removal [Resolved] Pesky Virus - Need help to be sure it is removed	8	3streamMusic	206	Yesterday, 06:18 PM Last post by: LDTate