Multiple Virus

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 5:49 am

found a post that looks very similar to my problem!!! And you were the mod for him (http://www.geekpolice.net/virus-spyware-malware-removal-f11/win32-cryptor-t12275-30.htm)

I was gonna create my own script for the files on my computer, but will wait for professional to help me.

EDIT:

I made my own script based on your advice to another (DON'T WORRY! I WON'T EXECUTE IT UNTIL I GET A PROFESSIONAL'S OPINION)!

heres what I would have done:

Code:

Drivers to disable:
geyekrntqvoxie

Drivers to delete:
geyekrntqvoxie

Files to delete:
c:\windows\system32\geyekrhpptxniw.dat
c:\windows\system32\geyekrnjsqrbbm.dat
c:\windows\system32\geyekrvibpvqwk.dll
c:\windows\system32\geyekrpjyjtred.dll
c:\Windows\system32\drivers\geyekrbndqupbe.sys

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\geyekrntqvoxie
HKLM\SYSTEM\ControlSet003\Services\geyekrntqvoxie
HKLM\SYSTEM\ControlSet004\Services\geyekrntqvoxie


But I can wait a little longer, PLEASE. I thank you so much if you can help me.

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 8:03 am

Doctor inferno, can you help me?

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 9:52 am

Sophar detected this in addition:

C:\Windows\System32\drivers\geyekrsbmxtfyx.sys
C:\Windows\System32\drivers\geyekrbndqupbe.sys
C:\Windows\System32\geyekredqbkoxn.dll
C:\Windows\System32\geyekrvceiditw.dat
C:\Windows\System32\geyekrlnrrrxnp.dll
C:\Windows\System32\cngaudit.dll
C:\Windows\System32\geyekrhpptxniw.dat
C:\Windows\System32\geyekrpjyjtred.dll
C:\Windows\System32\geyekrvibpvqwk.dll
C:\Windows\System32\geyekrnjsqrbbm.dat



And somehow it disabled my genuine windows serial, I am afraid to type it in the box in case it steals it.


P.S: 3AM Here now and I have been refreshing page for 8 hours i think lol... Guess it's time to shut down my computer and give tomorrow 1 last shot before I reformat. Hope you respond soon Sad tearing

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 10:41 am

Another test, Just trying to run all so you can see all at once and help easier.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-02 03:32:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\geyekrntqvoxie]
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=str(2):"\systemroot\system32\drivers\geyekrbndqupbe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\geyekrntqvoxie\main]
"aid"="10200"
"sid"="3"
"cmddelay"=dword:00003840

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\geyekrntqvoxie\main\injector]
"*"="geyekrwsp.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\geyekrntqvoxie\modules]
"geyekrrk.sys"="\systemroot\system32\drivers\geyekrbndqupbe.sys"
"geyekrcmd.dll"="\systemroot\system32\geyekrvibpvqwk.dll"
"geyekrlog.dat"="\systemroot\system32\geyekrnjsqrbbm.dat"
"geyekrwsp.dll"="\systemroot\system32\geyekrpjyjtred.dll"
"geyekr.dat"="\systemroot\system32\geyekrhpptxniw.dat"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\geyekrntqvoxie]
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=str(2):"\systemroot\system32\drivers\geyekrbndqupbe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\geyekrntqvoxie\main]
"aid"="10200"
"sid"="3"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\geyekrntqvoxie\modules]
"geyekrrk.sys"="\systemroot\system32\drivers\geyekrbndqupbe.sys"
"geyekrcmd.dll"="\systemroot\system32\geyekredqbkoxn.dll"
"geyekrlog.dat"="\systemroot\system32\geyekrvceiditw.dat"
"geyekrwsp.dll"="\systemroot\system32\geyekrlnrrrxnp.dll"
"geyekr.dat"="\systemroot\system32\geyekrduijfiqy.dat"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\geyekrntqvoxie]
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=str(2):"\systemroot\system32\drivers\geyekrbndqupbe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\geyekrntqvoxie\main]
"aid"="10200"
"sid"="3"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\geyekrntqvoxie\modules]
"geyekrrk.sys"="\systemroot\system32\drivers\geyekrbndqupbe.sys"
"geyekrcmd.dll"="\systemroot\system32\geyekredqbkoxn.dll"
"geyekrlog.dat"="\systemroot\system32\geyekrvceiditw.dat"
"geyekrwsp.dll"="\systemroot\system32\geyekrlnrrrxnp.dll"
"geyekr.dat"="\systemroot\system32\geyekrduijfiqy.dat"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001
"IconServiceLib"="IconCodecService.dll"
"DdeSendTimeout"=dword:00000000
"DesktopHeapLogging"=dword:00000001
"GDIProcessHandleQuota"=dword:00002710
"ShutdownWarningDialogTimeout"=dword:ffffffff
"USERPostMessageLimit"=dword:00002710
"USERProcessHandleQuota"=dword:00002710
@="mnmsrvc"
"DeviceNotSelectedTimeout"="15"
"Spooler"="yes"
"TransmissionRetryTimeout"="90"
"USERNestedWindowLimit"=dword:00000032

scanning hidden files ...


//This is where the program shuts down.

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by Metalmusk on Wed Sep 02, 2009 12:39 pm

Can you check the size of this file - cngaudit.dll

it will be located in

C:\Windows\System32\cngaudit.dll

Metalmusk
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-21
OS OS : XP
Points Points : 27900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by Belahzur on Wed Sep 02, 2009 1:35 pm

Hello.
Where did you get catchme? if you have a full Combofix log, can you post it please?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 8:53 pm

11.5 KB

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 9:05 pm

don't remember where I got it, was searching for anti rootkit programs to scan to see which ones worked. Combofix closes down immediately after attempting to scan. Anything posted is logs i found as far as they could get before being shut down.

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 9:31 pm

Was really hoping to have a suggestion when I woke up Sad tearing. Wish you were on longer.

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by Belahzur on Wed Sep 02, 2009 10:06 pm

Can you post a new GMER log? I want to check something.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 10:10 pm

found hidden malicious services in which I disabled in registry. Restarted computer and it allowed me to run combo-fix! It restarted, and now am in safe mode running a quick MBAM scan. I will post the Malware Byetes log if you want as soon as it is done.

Was planning on booting in normal mode to do full scan afterwards too and run all scans for fresh logs.

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 10:32 pm

First quickscan of Malware Bytes in safe mode:

Malwarebytes' Anti-Malware 1.40
Database version: 2732
Windows 6.0.6002 Service Pack 2 (Safe Mode)

9/2/2009 3:12:37 PM
mbam-log-2009-09-02 (15-12-24).txt

Scan type: Quick Scan
Objects scanned: 91445
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Justyn\Desktop\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Users\Justyn\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.


//those were combofix renamed, so I chose ignore.

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 10:55 pm

Here was the first scan of Combo-fix log: (forgot to post earlier)

ComboFix 09-08-31.03 - Justyn 09/02/2009 14:41.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2573 [GMT -7:00]
Running from: c:\users\Justyn\Desktop\Combo-Fix.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\WMEncoder.msi
c:\windows\system32\w32apiw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_geyekrntqvoxie
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_geyekrntqvoxie


((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))
.

2009-09-02 10:51 . 2009-09-02 10:51 -------- d-----w- c:\program files\trend micro
2009-09-02 09:29 . 2009-06-18 19:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-09-02 08:50 . 2009-09-02 08:50 -------- d-----w- c:\program files\Sophos
2009-09-02 02:58 . 2009-09-02 02:58 -------- d-----w- C:\iDEFENSE
2009-09-02 02:54 . 2009-09-02 10:25 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-01 05:02 . 2009-09-02 04:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-01 04:42 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-01 04:42 . 2009-09-02 09:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-01 04:42 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-01 04:39 . 2009-09-01 04:39 -------- d-----w- C:\_OTM
2009-09-01 00:17 . 2009-09-01 00:17 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-09-01 00:06 . 2009-09-01 00:07 117760 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-01 00:06 . 2009-09-01 00:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2009-08-31 23:51 . 2009-08-31 23:52 117760 ----a-w- c:\users\Justyn\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-31 23:50 . 2009-08-31 23:50 -------- d-----w- c:\users\Justyn\AppData\Roaming\SUPERAntiSpyware.com
2009-08-31 23:13 . 2009-08-31 23:13 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-31 22:15 . 2009-08-31 22:15 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-08-31 22:10 . 2009-08-31 22:10 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2009-08-31 21:08 . 2009-08-31 21:08 -------- d-----w- c:\users\Justyn\AppData\Roaming\Malwarebytes
2009-08-31 21:08 . 2009-08-31 21:08 -------- d-----w- c:\programdata\Malwarebytes
2009-08-30 10:00 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-20 02:14 . 2009-08-20 02:14 -------- d-----w- c:\users\Justyn\AppData\Local\TechSmith
2009-08-20 01:24 . 2009-08-20 01:24 -------- d-----w- c:\windows\system32\QuickTime
2009-08-20 01:23 . 2009-08-20 01:23 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-08-20 01:23 . 2009-08-20 01:23 -------- d-----w- c:\program files\TechSmith
2009-08-20 01:02 . 2005-06-15 10:00 102400 ----a-w- c:\windows\system32\tsccvid.dll
2009-08-13 22:56 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-13 22:56 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-13 22:56 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-13 22:56 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-13 22:56 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-13 22:56 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-13 22:56 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-13 22:56 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-11 18:51 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 18:51 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 18:51 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 18:51 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 18:51 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 18:51 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 18:51 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 18:51 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-06 05:32 . 2009-08-06 05:32 -------- d-----w- c:\program files\Eltima Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 20:54 . 2009-09-02 20:54 5018 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-09-02 02:33 . 2009-05-26 09:01 1356 ----a-w- c:\users\Justyn\AppData\Local\d3d9caps.dat
2009-09-01 02:24 . 2009-09-01 02:24 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-01 00:45 . 2009-06-12 07:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-01 00:17 . 2009-05-27 15:35 112408 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-31 22:51 . 2009-05-26 10:17 -------- d-----w- c:\program files\MPlayer for Windows
2009-08-21 06:41 . 2009-07-09 21:25 -------- d-----w- c:\program files\PopCap Games
2009-08-18 06:45 . 2009-05-26 10:15 -------- d-----w- c:\program files\AllToAVI
2009-08-13 23:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-12 10:09 . 2009-05-26 04:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-12 10:02 . 2009-04-18 01:15 -------- d-----w- c:\programdata\Microsoft Help
2009-07-21 21:52 . 2009-07-28 19:54 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 19:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 19:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 19:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-14 21:50 . 2009-05-26 12:58 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 01:59 . 2009-07-12 01:59 -------- d-----w- c:\program files\AC3Filter
2009-07-09 21:25 . 2009-07-09 21:25 -------- d-----w- c:\programdata\PopCap Games
2009-06-23 16:40 . 2009-05-26 00:12 112408 ----a-w- c:\users\Justyn\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-22 10:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-15 14:53 . 2009-07-14 22:34 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-14 22:34 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-14 22:34 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-14 22:34 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-14 22:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-26 00:11 . 2009-05-26 00:11 13 --sh--r- c:\windows\System32\drivers\fbd.sys
.

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 10:55 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-30 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):80,f9,84,c9,23,f3,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1807422815-738861055-1700803671-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1807422815-738861055-1700803671-500]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{711C5B84-0C3E-416A-89B9-1350A4ED4FEC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{25905A1D-1F5E-47B2-B09C-EEF478C4E851}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{96860A96-0D2A-41A4-B0E1-34BCAF32B006}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{EA08C4D4-2078-4D85-B6DD-B699421FA7F7}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{4FEA6F7A-EEE3-4BC0-9AE8-0A2869114AD2}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{897D469D-2E34-4EDD-AB76-86BDB48292BF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{76A7691E-FD0E-43E8-AE65-D77446D438F2}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D30B2C49-5B28-4541-BF67-194BA9EA2DB0}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{E19DFC26-5237-4A4E-934F-F5D6B8B417E4}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [4/17/2009 6:55 PM 20384]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\System32\SAVRKBootTasks.sys [9/2/2009 2:29 AM 18816]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [5/15/2009 8:23 PM 176128]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [4/17/2008 12:19 AM 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [12/3/2007 5:03 PM 126976]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [5/5/2008 11:06 AM 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [4/24/2008 6:35 PM 73728]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe --> c:\program files\Jumpstart\jswpsapi.exe [?]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [5/16/2008 10:59 AM 9216]
S4 VMLIV;VMLIV;c:\users\JUSTYN\AppData\Local\Temp\VMLIV.exe --> c:\users\JUSTYN\AppData\Local\Temp\VMLIV.exe [?]
S4 ZQTY;ZQTY;c:\users\JUSTYN\AppData\Local\Temp\ZQTY.exe --> c:\users\JUSTYN\AppData\Local\Temp\ZQTY.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
IE: Download Video - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: netzero.com
Trusted Zone: netzero.net
TCP: {CA815AB6-B3EE-45F6-BB70-FF51C8C23AF7} = 68.87.69.146,68.87.85.98
FF - ProfilePath - c:\users\Justyn\AppData\Roaming\Mozilla\Firefox\Profiles\d9533ooq.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-02 14:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\D74B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\atieclxx.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\agrsmsvc.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-09-02 14:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-02 21:55

Pre-Run: 157,075,496,960 bytes free
Post-Run: 156,926,767,104 bytes free

266 --- E O F --- 2009-08-30 10:01

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 11:16 pm

Hijackthis log?:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:57 PM, on 9/2/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Download Video - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA815AB6-B3EE-45F6-BB70-FF51C8C23AF7}: NameServer = 68.87.69.146,68.87.85.98
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - C:\Program Files\Jumpstart\jswpsapi.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5542 bytes

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Wed Sep 02, 2009 11:36 pm

MY windows sticker Activation key won't work! it's on limited accessiblilty mode. grrr!

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Thu Sep 03, 2009 12:01 am

This is what it says:

the product key you have entered does not appear to be a valid windows vista product key.

100% sure it is I have the reciept and sticker on bottom of laptop and everything!

This malware messed up my system.


Last edited by justyn on Thu Sep 03, 2009 12:02 am; edited 1 time in total

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by Belahzur on Thu Sep 03, 2009 12:01 am

Hello.
There isn't much we can do about activiation, you'll need to ring Microsoft and explain your situation.

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Thu Sep 03, 2009 12:03 am

ok Thanks, did you notice anything to delete from hijackthis?

I will download that free antivirus you listed.

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by Belahzur on Thu Sep 03, 2009 12:04 am

Hello.
The Hijack This scan looks good, nothing that alerts me from here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Thu Sep 03, 2009 12:28 am

you usually say run combofix /u after using it.

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Thu Sep 03, 2009 3:47 am

Oh shoot, Took a deeper look it goes farther. I deleted some more geyekrXXXXX keys and found VMLIV and ZQTY services. here is partial log of a part of gmer.

GMER 1.0.15.15077 [gzwoy4u6.exe] - [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-02 20:46:29
Windows 6.0.6002 Service Pack 2


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet004\Services\VMLIV@Type 272
Reg HKLM\SYSTEM\ControlSet004\Services\VMLIV@Start 4
Reg HKLM\SYSTEM\ControlSet004\Services\VMLIV@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet004\Services\VMLIV@ImagePath C:\Users\JUSTYN\AppData\Local\Temp\VMLIV.exe
Reg HKLM\SYSTEM\ControlSet004\Services\VMLIV@DisplayName VMLIV
Reg HKLM\SYSTEM\ControlSet004\Services\VMLIV@ObjectName LocalSystem

---- EOF - GMER 1.0.15 ----

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Thu Sep 03, 2009 3:55 am

You know I am so infested with virus I am gonna just reformat... but i wanna use my computer... and this infection is the worst in history of malware.

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by Belahzur on Thu Sep 03, 2009 2:45 pm

So did you format, or still need help?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Multiple Virus

Post by justyn on Thu Sep 03, 2009 11:13 pm

Alright I formatted since they said some of my windows files may be corrupted. Thanks for all the help though, I learned a lot. Computer runs good as new lol... cause it is new again.

Anyways i got 60 - day trail of norton 360 again when I reformatted/installed. Is that a good antivirus? I don't want any malware to get by.

I wish everyone luck who gets the same problem.

justyn
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-09-01
OS OS : Windows Vista Home Premium (32-bit)
Points Points : 26566
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple Virus

Post by Origin on Fri Sep 04, 2009 1:28 am

I recommend using Avira free, its way better then Norton:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31473
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum