"Internet Security 2010" problem - Malware

View previous topic View next topic Go down

"Internet Security 2010" problem - Malware

Post by dg1267 on 21st December 2009, 5:48 am

My computer has been infected with IS2010 and it's wreaking havoc. When I boot up, I have to do so by getting past the welcome screen and then opening my task manager and starting "explorer". Even then all of my icons on my desktop have a blue background. I'm running XP home SP3. My system restore is locked up as well. I've downloaded HJT and did a report. Here it is. I want to say thank you in advance for providing this service. You guys are great!

btw, I have Malwarebytes installed, but it won't let me update the latest updates. I did try to run MBAM without the updates but it did nothing. to help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:53 PM, on 12/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\msc.exe
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\JAMESK~1\LOCALS~1\Temp\r.exe
C:\Documents and Settings\James Kaiser\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Qzeligegopepubi] rundll32.exe "C:\WINDOWS\owicaken.dll",Startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Zeldar] C:\DOCUME~1\JAMESK~1\LOCALS~1\Temp\r.exe
O4 - HKUS\S-1-5-21-4239781055-3274666663-2365450077-1016\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User 'holdemmanager02')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: absoƖute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\James Kaiser\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: absoƖute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\James Kaiser\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra button: The Poker Community - {23ce1f91-bc56-49f9-be01-bddf4ef76305} - C:\Documents and Settings\James Kaiser\Start Menu\Programs\The Poker Community\The Poker Community.lnk (HKCU)
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra button: Walker Poker - {533caed3-32dd-436e-9e56-27e70d5190bb} - C:\Documents and Settings\James Kaiser\Start Menu\Programs\Walker Poker\Walker Poker.lnk (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\James Kaiser\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11902 bytes

dg1267
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-21
OS OS : Windows XP Home SP3
Points Points : 25632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by Dr Jay on 21st December 2009, 9:20 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by dg1267 on 21st December 2009, 3:03 pm

Okay, tried to d/l CF and it does the d/l, but once I try to run it it gives me a message saying

"Alert! It is not safe to continue! The contents of CF has been compromised. Please d/l a fresh copy from http//:bleepingcomputer.com/combofix/how-to-use-combofix". You may be infected with a file patching virus 'Virut'.

So I went to bleepingcomputer.com and tried a new copy and it did the same thing twice. I'm not able to go to the Forospyware link, it's being blocked.

dg1267
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-21
OS OS : Windows XP Home SP3
Points Points : 25632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by Dr Jay on 21st December 2009, 9:09 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by dg1267 on 21st December 2009, 9:38 pm

I deleted and re-downloaded Malwarebytes and had it look for another update, but got this error message again...

"An error occurred. Please report the following error code to the Malwarebytes Anti-Malware support team.

Error Code: 732(12007,0)"

I went ahead and continued on with the full scan. I'll have the results up as soon as it's finished. Thanks.

dg1267
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-21
OS OS : Windows XP Home SP3
Points Points : 25632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by dg1267 on 21st December 2009, 11:47 pm

Okay, here's the MBAM log file.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/21/2009 5:39:10 PM
mbam-log-2009-12-21 (17-39-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 328183
Time elapsed: 1 hour(s), 25 minute(s), 29 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 8
Registry Values Infected: 11
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 30

Memory Processes Infected:
C:\WINDOWS\msc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\FastNetSrv.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fastnetsrv (Backdoor.Refpron) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ias (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FASTNETSRV (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: streavfg.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\streavfg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\James Kaiser\Local Settings\Temporary Internet Files\Content.IE5\41M7OT63\flash-HQ-plugin[1].45244.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Bodog Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsts.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndisdrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\86.tmp (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT7E.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmdtc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\lsm32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msc.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BtwSrv32.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opeia.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FastNetSrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\f.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

dg1267
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-21
OS OS : Windows XP Home SP3
Points Points : 25632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by Dr Jay on 22nd December 2009, 1:18 am

Download [You must be registered and logged in to see this link.]

  • Load SuperAntiSpyware and click the Check for updates button.
  • Once the update is finished click the Scan your computer button.
  • Check Perform Complete Scan and then next.
  • SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by dg1267 on 22nd December 2009, 2:35 am

Here is the log from the SASW


SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 12/21/2009 at 08:23 PM

Application Version : 4.32.1000

Core Rules Database Version : 4401
Trace Rules Database Version: 2235

Scan type : Complete Scan
Total Scan Time : 00:51:39

Memory items scanned : 495
Memory threats detected : 1
Registry items scanned : 5337
Registry threats detected : 15
File items scanned : 23881
File threats detected : 105

Trojan.Dropper/Gen-C
C:\DOCUME~1\JAMESK~1\LOCALS~1\TEMP\R.EXE
C:\DOCUME~1\JAMESK~1\LOCALS~1\TEMP\R.EXE
[Zeldar] C:\DOCUME~1\JAMESK~1\LOCALS~1\TEMP\R.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\G.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\H.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\I.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\J.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\K.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\L.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\M.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\N.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\O.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\P.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\Q.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\R.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\S.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\T.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\U.EXE
C:\WINDOWS\Prefetch\R.EXE-3789750E.pf

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID

Adware.Tracking Cookie
C:\Documents and Settings\James Kaiser\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@enhance[2].txt
C:\Documents and Settings\James Kaiser\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@interclick[1].txt
C:\Documents and Settings\James Kaiser\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@icityfind[1].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@invitemedia[2].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@[You must be registered and logged in to see this link.]
C:\Documents and Settings\James Kaiser\Cookies\system@overture[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@statcounter[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@[You must be registered and logged in to see this link.]
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@interclick[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@[You must be registered and logged in to see this link.]
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@oneclicklocal[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@collective-media[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@adcloudmedia[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@invitemedia[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@[You must be registered and logged in to see this link.]
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@click[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@teennick[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@realmedia[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@[You must be registered and logged in to see this link.]
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@[You must be registered and logged in to see this link.]
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@roadandtrack[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@accounts[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@intermundomedia[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@2o7[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@[You must be registered and logged in to see this link.]
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@lockedonmedia[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@icityfind[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@[You must be registered and logged in to see this link.]
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@symptomfind[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@gostats[3].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@gostats[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@[You must be registered and logged in to see this link.]
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@media6degrees[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@trafficdashboard[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@burstnet[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@enhance[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@chitika[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james [You must be registered and logged in to see this link.][1].txt

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-4239781055-3274666663-2365450077-1007\SOFTWARE\FunWebProducts

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Rogue.InternetSecurity2010
HKU\S-1-5-21-4239781055-3274666663-2365450077-1007\Software\IS2010
C:\Program Files\InternetSecurity2010
C:\Documents and Settings\James Kaiser\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
C:\Documents and Settings\James Kaiser\Desktop\Internet Security 2010.lnk
C:\Documents and Settings\James Kaiser\Start Menu\Internet Security 2010.lnk

Trojan.Agent/Gen-AVP
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\AVP.EXE

Trojan.Agent/Gen-Backdoor[FakeAlert]
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\MDM.EXE

Adware.Casino Games (Golden Palace Casino)
C:\PROGRAM FILES\BODOG CASINO\CASINO.EXE

Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\IPRIPV32.DLL

Trojan.Agent/Gen
C:\WINDOWS\TEMP\VRT2.TMP

Trojan.Dropper/Win-NV
C:\WINDOWS\TEMP\VRT5.TMP
C:\WINDOWS\TEMP\VRT85.TMP

dg1267
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-21
OS OS : Windows XP Home SP3
Points Points : 25632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by Dr Jay on 22nd December 2009, 3:47 am

I saw you had applied for GeekPolice Academy. As soon as you get your computer clean, you may join. This will be the easiest way for you to keep going in the academy, instead of worrying about your computer.

Please perform a scan with [You must be registered and logged in to see this link.].
[You must be registered and logged in to see this link.]

  • Before starting your scan, disable antivirus or antispyware software.
  • Read the "Advantages - Requirements and Limitations" then press the ACCEPT... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the SETTINGS... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the SAVE... button afterwards:

    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases:

  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste the contents of that file in your next reply.

*Note: This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools. Some online scanners will detect existing anti-virus software and they may interfere or stop the scan. If that occurs, disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by dg1267 on 22nd December 2009, 8:41 am

C:\WINDOWS\$NtServicePackUninstall$\wabmig.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wbemtest.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wextract.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\winhlp32.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\winver.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wmplayer.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wordpad.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wpabaln.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wpnpinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wuauclt1.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\xcopy.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB896428$\telnet.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB922582$\fltmc.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB923561$\wordpad.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB923561_0$\wordpad.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB925720$\magnify.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB925720$\narrator.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB925720$\osk.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB925720$\utilman.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB951978$\cscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB951978$\wscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB952069_WM9$\logagent.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB955839$\tzchange.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB956572$\sc.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB956572$\services.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB956572_0$\sc.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB956572_0$\services.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB956572_0$\wmiprvse.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB958215_0$\iedw.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB960859$\telnet.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB960859_0$\telnet.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB963027_0$\iedw.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB969897_0$\iedw.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB970653-v3$\tzchange.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB972260_0$\iedw.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB976098-v2$\tzchange.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe Suspicious: Type_Win32 1
C:\WINDOWS\ALCMTR.EXE Suspicious: Type_Win32 1
C:\WINDOWS\amcap533.exe Suspicious: Type_Win32 1
C:\WINDOWS\Help\SBSI\Training\ounins32_s.exe Suspicious: Type_Win32 1
C:\WINDOWS\Help\SBSI\Training\usersid.exe Suspicious: Type_Win32 1
C:\WINDOWS\hh.exe Suspicious: Type_Win32 1
C:\WINDOWS\inf\unregmp2.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{9527A496-5DF9-412A-ADC7-168BA5379CA6}\ARPPRODUCTICON.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{B0DF58A2-40DF-4465-AA56-38623EC9938C}\ARPPRODUCTICON.exe Suspicious: Type_Win32 1

dg1267
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-21
OS OS : Windows XP Home SP3
Points Points : 25632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by dg1267 on 22nd December 2009, 8:42 am

C:\WINDOWS\Installer\{B0DF58A2-40DF-4465-AA56-38623EC9938C}\NewShortcut11_759E0B26521F4666BEAF33B31123216E.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{B0DF58A2-40DF-4465-AA56-38623EC9938C}\NewShortcut1_B0DF58A240DF4465AA5638623EC9938C.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{B823632F-3B72-4514-8861-B961CE263224}\psql.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe Suspicious: Type_Win32 1
C:\WINDOWS\IsUninst.exe Suspicious: Type_Win32 1
C:\WINDOWS\iun6002.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe Suspicious: Type_Win32 1
C:\WINDOWS\msagent\agentsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\network diagnostic\xpnetdiag.exe Suspicious: Type_Win32 1
C:\WINDOWS\notepad.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\regedit.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\accwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\actmovie.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\admin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ahui.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\alg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\at.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\atmadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\attrib.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\auditusr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\author.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\blastcln.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cacls.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cisvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cmd.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cmstp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\comrepl.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\comrereg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\conime.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dcomcnfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\defrag.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dialer.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\diantz.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\diskpart.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dllhost.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dmremote.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dumprep.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dwwin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\evntwin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\extrac32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\findstr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fltmc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fontview.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\forcedos.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fpcount.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fsquirt.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\[You must be registered and logged in to see this link.] Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fxscover.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\grpconv.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\help.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\helpctr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\hh.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\hscupd.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\icwconn2.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\icwrmind.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ie4uinit.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\iedw.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\iexpress.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\imapi.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\inetwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ipconfig.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ipv6.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ipxroute.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\irftp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\cintsetp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\cplexe.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjpdsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjpinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjprw.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\pintlphr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\tintlphr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lhmstsc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\locator.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\logman.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\logon.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\logonui.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lsass.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\magnify.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\makecab.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\migload.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\migregdb.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\migwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\migwiza.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mmcperf.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mnmsrvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mobsync.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mofcomp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mplay32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\msconfig.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\msdtc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mshta.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\msiexec.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\msimn.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\msiregmv.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\msoobe.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mspaint.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mstinit.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mtstocom.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\muisetup.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\napstat.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\narrator.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\nddeapir.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\net.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\net1.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\netdde.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\netsetup.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\netsh.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\netstat.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\notepad.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\nppagent.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\nslookup.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\odbcad32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\odbcconf.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\oemig50.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\oobebaln.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\osk.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\packager.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\perfmon.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\pinball.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ping.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\powercfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\progman.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\proquota.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\proxycfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\qprocess.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rasphone.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rcimlby.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rcp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rdpclip.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rdsaddin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rdshost.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\reg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\regedit.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\regsvr32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rexec.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rsh.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rstrui.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rtcshare.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\runonce.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\savedump.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\scardsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\scrcons.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\scrnsave.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sdbinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\services.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sessmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sethc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\setup.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\setup50.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\setupn.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\shmgrate.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\shrpubw.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\shtml.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\shutdown.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sigverif.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\skeys.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\slrundll.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\slserv.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\smbinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\smi2smir.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\smlogsvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sndrec32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\snmp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\snmptrap.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sort.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\spdwnwxp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\spider.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\spupdwxp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ss3dfo.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ssbezier.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ssflwbox.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ssmarque.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ssmypics.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ssmyst.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sspipes.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ssstars.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sstext3d.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\stimon.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvwin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\svchost.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sysocmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\tcptest.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\telnet.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\tourstrt.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\tp4mon.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\tracert.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\tzchange.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\uploadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\upnpcont.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ups.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\userinit.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\utilman.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\verclsid.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\vssvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wab.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wabmig.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wbemtest.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wextract.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\winhlp32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\winver.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wmiadap.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wmiapsrv.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wordpad.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wpabaln.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wpnpinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wuauclt1.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\xcopy.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\xpnetdg.exe Suspicious: Type_Win32 1
C:\WINDOWS\setpwr32.exe Suspicious: Type_Win32 1
C:\WINDOWS\Setup533\OtherDriver\RemoveMSDC.exe Suspicious: Type_Win32 1
C:\WINDOWS\Setup533\OtherDriver\Setup2k.exe Suspicious: Type_Win32 1
C:\WINDOWS\Setup533\Remove.exe Suspicious: Type_Win32 1
C:\WINDOWS\Setup533\XPPlugIn\Setup2k.exe Suspicious: Type_Win32 1
C:\WINDOWS\ShowBmp.exe Suspicious: Type_Win32 1
C:\WINDOWS\slrundll.exe Suspicious: Type_Win32 1
C:\WINDOWS\SOUNDMAN.EXE Suspicious: Type_Win32 1
C:\WINDOWS\system32\accwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\actmovie.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE Suspicious: Type_Win32 1
C:\WINDOWS\system32\ahui.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\alg(3).exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\alg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\arp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\at.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\atmadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\attrib.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\auditusr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\blastcln.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\bootok.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\bootvrfy.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cacls.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\calc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\charmap.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\chkdsk.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\chkntfs.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cidaemon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cisvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ckcnv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cleanmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cliconfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\clipbrd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\clipsrv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cmd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cmdl32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cmmon32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cmstp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Com\comrepl.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Com\comrereg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\comp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\compact.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\conime.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\convert.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ctfmon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dcomcnfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ddeshare.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\defrag.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dfrgfat.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dfrgntfs.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\diantz.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\diskpart.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\diskperf.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\cscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\dlimport.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\logagent.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\mplay32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\sc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\services.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\setup_wm.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\telnet.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\unregmp2.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\wmiprvse.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\wmplayer.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\wordpad.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\wscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllhost.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllhst3g.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dmadmin.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dmremote.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\doskey.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dplaysvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dpnsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dpvsetup.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\drmupgds.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\drwtsn32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dumprep.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dvdplay.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dvdupgrd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dwwin.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\esentutl.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\eudcedit.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\eventvwr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\expand.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\extrac32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\faxpatch.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\find.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\findstr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\finger.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fltmc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fontview.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\forcedos.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\freecell.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fsquirt.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fsutil.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\[You must be registered and logged in to see this link.] Suspicious: Type_Win32 1
C:\WINDOWS\system32\fxsclnt.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fxscover.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fxssend.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fxssvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\grpconv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Hdaudpropshortcut.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\help.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\hostname.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ie4uinit.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\iexpress.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\imapi.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ipconfig.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ipsec6.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ipv6.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ipxroute.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\keystone.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\label.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\lights.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\lnkstub.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\locator.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\lodctr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\logagent.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\logman.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\logoff.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\logon.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\logonui.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\lpq.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\lpr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\lsass(3).exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\magnify.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\makecab.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\migpwd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mmcperf.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mnmsrvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mobsync.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mountvol.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mplay32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mpnotify.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mrinfo.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\msdtc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\msg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mshearts.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mshta.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\msiexec.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mspaint.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\msswchx.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mstinit.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mstsc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\napstat.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\narrator.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nbtstat.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nddeapir.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\net.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\net1.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\netdde.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\netsetup.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\netsh.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\netstat.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\notepad.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\npp\nppagent.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nslookup.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ntsd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ntvdm.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nvappbar.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nvcolor.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nvcplui.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nvsvc32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nvudisp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nvunrm.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\odbcad32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\odbcconf.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\oobe\msoobe.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\oobe\oobebaln.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\osk.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\osuninst.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\packager.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\pathping.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\pentnt.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\perfmon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ping.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ping6.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\powercfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\print.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\progman.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\proquota.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\proxycfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\qappsrv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\qprocess.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\qwinsta.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rasautou.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rasdial.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rasphone.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rcimlby.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rcp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rdpclip.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rdsaddin.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rdshost.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\recover.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\reg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\regini.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\regsvr32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\regwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\replace.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\reset.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Restore\rstrui.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Restore\srdiag.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rexec.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\route.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\routemon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rsh.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rsm.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rsmsink.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rsmui.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rsvp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rtcshare.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\runas.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rundll32(2).exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rundll32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\runonce.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rwinsta.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\savedump.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\scardsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\scrnsave.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\sdbinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sessmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sethc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\setup.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\setupn.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sfc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\shadow.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\shmgrate.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\shrpubw.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\shutdown.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sigverif.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\skeys.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\slrundll.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\slserv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\smbinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\smlogsvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sndrec32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sndvol32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sol.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sort.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\spdwnwxp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\spider.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\spoolsv(2).exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\spoolsv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\spupdwxp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ss3dfo.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\ssbezier.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\ssflwbox.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\ssmarque.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\ssmypics.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\ssmyst.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\sspipes.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\ssstars.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\sstext3d.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\stimon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\subst.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\svchost(3).exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\syncapp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\syskey.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sysocmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\taskman.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\taskmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tcmsetup.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tcpsvcs.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\telnet.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tftp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tourstart.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tracert.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tracert6.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tscon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tscupgrd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tsdiscon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tskill.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tsshutdn.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tzchange.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\unlodctr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\upnpcont.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ups.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\URTTemp\regtlib.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\userinit.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usmt\migload.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usmt\migwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usmt\migwiza.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usmt\migwiz_a.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usrmlnka.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usrprbda.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usrshuta.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\utilman.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\uwdf.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\verclsid.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\verifier.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\vssadmin.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\vssvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\w32tm.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\mofcomp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\scrcons.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\unsecapp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\wbemtest.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\winmgmt.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\wmiadap.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\wmiapsrv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\wmiprvse.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wdfmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wextract.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wiaacmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\winhlp32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\winmine.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\winmsd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\winver.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wpabaln.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wpdshextautoplay.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wpnpinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\write.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wscntfy.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wuauclt1.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wupdmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\xcopy.exe Suspicious: Type_Win32 1
C:\WINDOWS\TASKMAN.EXE Suspicious: Type_Win32 1
C:\WINDOWS\Temp\VRT1.tmp Infected: Trojan.Win32.Koblu.bpd 1
C:\WINDOWS\twunk_32.exe Suspicious: Type_Win32 1
C:\WINDOWS\winhlp32.exe Suspicious: Type_Win32 1

Selected area has been scanned.

dg1267
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-21
OS OS : Windows XP Home SP3
Points Points : 25632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by dg1267 on 22nd December 2009, 8:43 am

Wow, I thought I'd never get done with that! Shocking Whoa

I've had two kids and changed addresses three times since I started that scan! LMBO or ROFL

dg1267
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-21
OS OS : Windows XP Home SP3
Points Points : 25632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by Dr Jay on 22nd December 2009, 11:37 am

Your computer is infected with a dangerous infection:
[You must be registered and logged in to see this link.]

We have hit a dead end. Please tell me when you have completed a reformat and reinstall.

I am sorry for the bad news. I do not understand why these mean people make such harsh viruses, and I wish there was a way to clean your system without everything being damaged. But, the problem is, cleaning the system, most files will be damaged. It is like trying to clean up a city that just had a tornado or hurricane run through it. Takes rebuilding, and time to set back up. All of those files listed as suspicious are fully legitimate system files that are infected. This is nȯne other than Virut.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by dg1267 on 22nd December 2009, 4:53 pm

Ouch! Let me think

But okay, I can deal with that. Just one question. I'm going to save my pictures (just ones of family and friends). Is it going to be alright to restore these once I've reformatted and reinstalled? Should I run them through a program first before I do? If so, what program?

By the way, even though it ended up bad news, I really appreciate your help and this website. I've already signed up for the academy and hopefully will be able to give back. Big Grin

dg1267
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-21
OS OS : Windows XP Home SP3
Points Points : 25632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by Dr Jay on 22nd December 2009, 7:29 pm

Scan them with Jotti. If they come back uninfected, then they are fine and can be moved safely.

Jotti File Submission:
  • Please go to [You must be registered and logged in to see this link.]

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\SYSTEM\AnyFile.jpg


  • Click on the submit button


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by dg1267 on 22nd December 2009, 9:13 pm

Thank you so much for all your help. As far as what we can do, I guess it's fixed and you can set it as so. Thank You!

dg1267
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-21
OS OS : Windows XP Home SP3
Points Points : 25632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by Dr Jay on 23rd December 2009, 3:45 am

Ok. You have now been added to GeekPolice Academy. When you are ready, read your PM which contains all the information to get started.

Start when ready. I recommend to read all the tutorials and then do log 1.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: "Internet Security 2010" problem - Malware

Post by dg1267 on 23rd December 2009, 4:23 am

Awesome! I'll get started right away.

I've concluded that I'm gonna have to do a wipe/reinstall, but I'm trying one more thing while I wait on my xp disc to be delivered. AVG has a program called rmvirut.exe I downloaded it and have it running on my comp right now. Hopefully that will fix it, but after all that you've done and that I've done since, I doubt it. Oh well. Thanks again for all your help.

dg1267
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-21
OS OS : Windows XP Home SP3
Points Points : 25632
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum