Adware, malware, spyware, hijacker discussion and information

[Gain Knowledge]  [Install Prevention]  [Maintain Security]  [Spyware Removal Help]


It is currently Thu Apr 24, 2014 11:40 am

All times are UTC - 7 hours


Forum rules


ATTN:!! Only users pre-approved by TeMerc may offer help and assistance in malware removal. Any and all unauthorized posts will be removed without notice. Please read this thread for proper HijackThis! installation.



Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: Virus Protector = Unusable Pc
PostPosted: Tue Mar 09, 2010 6:59 pm 
Offline

Joined: Thu Oct 30, 2008 7:46 pm
Posts: 18
Hi there TeMerc,

My wifes Pc has gotten this Virus Protector that would run on startup (in safe mode also) & has made the Pc unusable.A pop-up & quarantine from Avira did get it to stop running but the desktop is blank except for the wallpaper. The Task manager will only work as admin in safe mode now, but that is the only thing that will work. Is there any way to get this fixed or at least a way to get to some of my files on here to save them to disk? There is an awful lot of irreplaceable stuff in there & any help would be great.
Thx!

Edit: I was able to run a system restore using the task manager & running explorer.exe to access windows. I will run malwarebytes & Hijackthis tomorrow & post them.



IP:
top
Top
 Profile Send private message  
 
 Post subject: Re: Virus Protector = Unusable Pc
PostPosted: Tue Mar 09, 2010 11:30 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
kmabigtime wrote:
Hi there TeMerc,

My wifes Pc has gotten this Virus Protector that would run on startup (in safe mode also) & has made the Pc unusable.A pop-up & quarantine from Avira did get it to stop running but the desktop is blank except for the wallpaper. The Task manager will only work as admin in safe mode now, but that is the only thing that will work. Is there any way to get this fixed or at least a way to get to some of my files on here to save them to disk? There is an awful lot of irreplaceable stuff in there & any help would be great.
Thx!

Edit: I was able to run a system restore using the task manager & running explorer.exe to access windows. I will run malwarebytes & Hijackthis tomorrow & post them.
Welcome back.

If MBAM does not run, try this random installer.

Just , save it to the desktop and double-click it. See if it runs. Be sure the default 'Quick' scan is selected.
http://mbam.malwarebytes.org/program/ra ... taller.php

This special version will need to be deleted from the desktop after it's first use. If it runs, be sure you click the 'Remove selected' button, send me the scan log regardless if the malware appears to have been removed or not. If it still does not run for any reason at all, please move onto Part 2, below, read slowly and carefully. DO NOT reply back without either an Malwarebytes log or the ntbtlog file.

Part 2: This is a default operation of Windows and when done correctly, works every time. It has been built into every single version of Windows since it's inception, over 20 years ago.

Open 'My Computer', and double-click the (C:) Drive icon, then double-click the 'Windows' icon folder and look for the following file: ntbtlog <<<<this file(it's actually may be an icon and not have any file extension)....if it's present , delete it. Then reboot as instructed below. If it's not present then reboot as instructed below.

Part 3: Reboot, this way:
Click the 'Start' button, select 'Turn Off Computer', then choose 'Restart'
Immediately begin tapping the <F8> key to enter the Advanced Boot Menu.(This may take several tries, it's all about the timing).
A menu will appear, the 'Advanced Boot Menu', with several choices to choose from.
From the advanced boot menu choose "enable boot logging" then hit enter. This should reboot the system, if it does not, reboot manually.
Once the system boots to normal mode, look for that file:
C:\windows\ntbtlog.txt <<<--this one

Open it up and it will open in default Notepad format. Save the file to your desktop for easy recall. Then reply to me and attach that file for my review.

If you cannot find the file, please repeat the procedure and it ought to appear.

Reference link:
http://www.watchingthenet.com/how-to-en ... ndows.html

We'll proceed based on the output of that file. This WILL NOT fix anything or make any changes to your system. We're simply looking for some specific files.

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject: Re: Virus Protector = Unusable Pc
PostPosted: Wed Mar 10, 2010 5:01 pm 
Offline

Joined: Thu Oct 30, 2008 7:46 pm
Posts: 18
The random installer MBAM would not run : Error 703 (0,0). Here is the ntbtlog as per your instructions. Thx for your help, it is always appreciated wrshp


Attachments:
File comment: ntbtlog
ntbtlog.txt [12.49 KiB]
Downloaded 108 times

IP:
top
Top
 Profile Send private message  
 
 Post subject: Re: Virus Protector = Unusable Pc
PostPosted: Wed Mar 10, 2010 6:54 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
Thanks for the log, no rootkit listed in it.

Lets collect some more info off the system to see if we can spot the malicious files.

Download RSIT from the link below and save it to your desktop.
http://images.malwareremoval.com/random/RSIT.exe
You may have to change the name, change it to winlogon.exe
Double click on the file to run it.
Click Continue at the disclaimer screen. Please allow the download of Trend Micro's HijackThis to collect additional information not included in the default RSIT output.
Once it has finished, two logs will open.

Please paste the contents of LOG.txt (<<will be maximized-displayed on desktop)

***PLEASE DO NOT SEND INFO.TXT... if I need it I will ask specifically for it.***

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject: Re: Virus Protector = Unusable Pc
PostPosted: Fri Mar 12, 2010 4:09 am 
Offline

Joined: Thu Oct 30, 2008 7:46 pm
Posts: 18
Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2010-03-12 06:02:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 177 GB (77%) free of 230 GB
Total RAM: 2046 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:50 AM, on 3/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.3.7.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-456764235644} (AtlAtomadersCtlAttrib Class) - http://kraisoft.com/files/online/atomaders.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7700289312
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11826 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\B90F09869304B672.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-19 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2008-08-06 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-19 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-19 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"ftutil2"=ftutil2.dll,SetWriteCacheMode []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-06-23 86016]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-06-23 81920]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2004-12-14 663552]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-07-28 221184]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-14 68856]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe clear []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-23 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:*:Enabled:World in Conflict"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afb04d85-aad6-11dc-8aae-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3a45044-60f5-11dd-8b3d-0018f3cba970}]
shell\AutoRun\command - K:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-03-12 06:02:44 ----D---- C:\rsit
2010-03-12 06:02:44 ----D---- C:\Program Files\trend micro
2010-03-10 18:45:25 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-09 22:20:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-02-25 03:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

======List of files/folders modified in the last 1 months======

2010-03-12 06:02:49 ----D---- C:\WINDOWS\Prefetch
2010-03-12 06:02:44 ----D---- C:\Program Files
2010-03-12 06:01:28 ----D---- C:\Program Files\Mozilla Firefox
2010-03-12 04:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-11 08:35:00 ----D---- C:\WINDOWS\Temp
2010-03-10 18:45:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-10 18:45:47 ----D---- C:\WINDOWS\Registration
2010-03-10 18:45:47 ----AD---- C:\WINDOWS
2010-03-09 22:21:09 ----HD---- C:\WINDOWS\inf
2010-03-09 22:21:01 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-03-09 22:21:01 ----D---- C:\Program Files\Movie Maker
2010-03-09 22:20:44 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-09 22:15:33 ----D---- C:\WINDOWS\system32\config
2010-03-09 22:15:11 ----D---- C:\WINDOWS\system32\wbem
2010-03-09 22:14:48 ----D---- C:\WINDOWS\system32
2010-03-09 22:09:29 ----SHD---- C:\WINDOWS\CSC
2010-03-09 22:00:07 ----A---- C:\WINDOWS\win.ini
2010-03-09 22:00:07 ----A---- C:\WINDOWS\system.ini
2010-03-09 22:00:04 ----D---- C:\WINDOWS\pss
2010-03-08 09:00:09 ----D---- C:\WINDOWS\system32\drivers
2010-03-02 00:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-25 08:30:51 ----SHD---- C:\WINDOWS\Installer
2010-02-25 03:00:47 ----A---- C:\WINDOWS\imsins.BAK
2010-02-25 03:00:43 ----D---- C:\WINDOWS\ie8updates
2010-02-19 12:25:19 ----SD---- C:\WINDOWS\Tasks
2010-02-19 12:25:16 ----D---- C:\Program Files\Google
2010-02-19 07:29:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-05-16 229376]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-10 9728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-06-23 1095680]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-09-21 20240]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-12-08 185089]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ELService;Intel(R) Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe [2006-06-02 180224]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-01 66872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-01-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-01 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


There ya go, thx



IP:
top
Top
 Profile Send private message  
 
 Post subject: Re: Virus Protector = Unusable Pc
PostPosted: Sat Mar 13, 2010 10:12 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
Thanks for the log.

Download The Avenger from the link below:
http://swandog46.geekstogo.com/avenger2/download.php
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the code box by highlighting it and then pressing Ctrl+C.
Code:
Files to delete:
C:\WINDOWS\tasks\B90F09869304B672.job

  • In the avenger window, click the Paste Script from Clipboard, button.
  • Click the Execute button.
  • You will be asked "Are you sure you want to execute the current script"
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behavior.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please attach this scan log. Even if you experience errors with the program, please check for the log in the above mentioned location.

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject: Re: Virus Protector = Unusable Pc
PostPosted: Tue Mar 16, 2010 5:42 pm 
Offline

Joined: Thu Oct 30, 2008 7:46 pm
Posts: 18
Sorry for the delay. here is what you asked for:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\tasks\B90F09869304B672.job" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Last edited by kmabigtime on Thu Mar 18, 2010 6:17 pm, edited 1 time in total.


IP:
top
Top
 Profile Send private message  
 
 Post subject: Re: Virus Protector = Unusable Pc
PostPosted: Tue Mar 16, 2010 5:52 pm 
Offline

Joined: Thu Oct 30, 2008 7:46 pm
Posts: 18
Also, here is the Avira report after I did the system restore, 40 detections:

Avira AntiVir Personal
Report file date: Tuesday, March 09, 2010 22:21

Scanning for 1835516 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DAVE

Version information:
BUILD.DAT : 9.0.0.419 21701 Bytes 1/22/2010 18:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 12/9/2009 02:38:13
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 23:28:20
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 23:28:21
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 02:39:22
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 02:39:11
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 12:58:03
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 12:58:03
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 12:58:03
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 12:58:04
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 12:58:04
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 12:58:04
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 12:58:04
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 12:58:04
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 12:58:04
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 12:27:02
VBASE014.VDF : 7.10.4.243 2048 Bytes 3/8/2010 12:27:02
VBASE015.VDF : 7.10.4.244 2048 Bytes 3/8/2010 12:27:02
VBASE016.VDF : 7.10.4.245 2048 Bytes 3/8/2010 12:27:02
VBASE017.VDF : 7.10.4.246 2048 Bytes 3/8/2010 12:27:02
VBASE018.VDF : 7.10.4.247 2048 Bytes 3/8/2010 12:27:03
VBASE019.VDF : 7.10.4.248 2048 Bytes 3/8/2010 12:27:03
VBASE020.VDF : 7.10.4.249 2048 Bytes 3/8/2010 12:27:03
VBASE021.VDF : 7.10.4.250 2048 Bytes 3/8/2010 12:27:03
VBASE022.VDF : 7.10.4.251 2048 Bytes 3/8/2010 12:27:03
VBASE023.VDF : 7.10.4.252 2048 Bytes 3/8/2010 12:27:03
VBASE024.VDF : 7.10.4.253 2048 Bytes 3/8/2010 12:27:04
VBASE025.VDF : 7.10.4.254 2048 Bytes 3/8/2010 12:27:04
VBASE026.VDF : 7.10.4.255 2048 Bytes 3/8/2010 12:27:04
VBASE027.VDF : 7.10.5.0 2048 Bytes 3/8/2010 12:27:04
VBASE028.VDF : 7.10.5.1 2048 Bytes 3/8/2010 12:27:04
VBASE029.VDF : 7.10.5.2 2048 Bytes 3/8/2010 12:27:05
VBASE030.VDF : 7.10.5.3 2048 Bytes 3/8/2010 12:27:05
VBASE031.VDF : 7.10.5.11 88064 Bytes 3/9/2010 03:20:02
Engineversion : 8.2.1.180
AEVDF.DLL : 8.1.1.3 106868 Bytes 1/23/2010 02:40:07
AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 2/26/2010 12:26:50
AESCN.DLL : 8.1.5.0 127347 Bytes 2/26/2010 12:26:49
AESBX.DLL : 8.1.2.0 254323 Bytes 2/26/2010 12:26:51
AERDL.DLL : 8.1.4.2 479602 Bytes 2/14/2010 02:39:17
AEPACK.DLL : 8.2.1.0 426356 Bytes 3/10/2010 03:20:05
AEOFFICE.DLL : 8.1.0.39 196987 Bytes 2/20/2010 12:26:50
AEHEUR.DLL : 8.1.1.7 2326902 Bytes 2/20/2010 12:26:50
AEHELP.DLL : 8.1.10.1 237942 Bytes 2/26/2010 12:26:49
AEGEN.DLL : 8.1.2.0 373107 Bytes 2/26/2010 12:26:48
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/2/2009 23:27:06
AECORE.DLL : 8.1.12.2 188790 Bytes 3/10/2010 03:20:03
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 12/9/2009 02:38:13
AVREP.DLL : 8.0.0.7 159784 Bytes 2/19/2010 12:26:52
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 12/9/2009 02:38:13

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +SPR,

Start of the scan: Tuesday, March 09, 2010 22:21

Starting search for hidden objects.
'106995' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Updates from HP.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'HPBootOp.exe' - '1' Module(s) have been scanned
Scan process 'DMAScheduler.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'ELService.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '72' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\rmu_cnnant2009.exe
[0] Archive type: 7-Zip
--> Msi/Disk1.cab
[1] Archive type: CAB (Microsoft)
--> MapSourceFRA.C4B7AACE_84EA_4B37_B8C6_78B8A322B8E1
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe
[DETECTION] Is the TR/Spy.Agent.bdzz Trojan
C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\hp\recovery\wizard\fscommand\RecordnowLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\hp\recovery\wizard\fscommand\RunLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP732\A0126019.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP732\A0127019.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133069.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133121.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133138.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133145.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133172.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133174.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133201.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133223.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133235.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133247.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133276.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133294.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133327.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133336.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133360.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133362.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133402.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133407.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133414.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133419.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133432.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133459.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133624.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133629.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133689.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133697.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133703.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133704.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133734.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4c07294b.qua'!
C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe
[DETECTION] Is the TR/Spy.Agent.bdzz Trojan
[NOTE] The file was moved to '4be3291f.qua'!
C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4bfc294d.qua'!
C:\hp\recovery\wizard\fscommand\RecordnowLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4bfa2940.qua'!
C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4c0a2940.qua'!
C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4bda292f.qua'!
C:\hp\recovery\wizard\fscommand\RunLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4c052950.qua'!
C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4c0a2954.qua'!
C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4c112944.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP732\A0126019.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4bc8290b.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP732\A0127019.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4863271c.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133069.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4bc8290c.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133121.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '48138145.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133138.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4817ee65.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133145.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4a5f1ddd.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133172.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4814991d.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133174.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4bc8290d.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133201.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4a526526.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133223.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4829e636.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133235.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '482afe0e.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133247.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '482bf7c6.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133276.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4bc8290e.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133294.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '482dc757.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133327.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4bc8290f.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133336.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '482fd4f8.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133360.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '48212ca0.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133362.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '48222468.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133402.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4bc82910.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133407.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '48243419.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133414.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '48250dc1.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133419.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '48260589.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133432.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '48271d71.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133459.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4bc82911.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133624.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '48396ae2.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133629.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '483a62aa.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133689.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '4bc82913.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133697.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '483c725c.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133703.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '483d4a04.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133704.exe
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '483e43cc.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP733\A0133734.dll
[DETECTION] Is the TR/FakeAV.VQ Trojan
[NOTE] The file was moved to '483f5bb4.qua'!


End of the scan: Wednesday, March 10, 2010 00:06
Used time: 1:44:02 Hour(s)

The scan has been done completely.

16238 Scanned directories
894156 Files were scanned
40 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
40 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
894114 Files not concerned
17454 Archives were scanned
3 Warnings
42 Notes
106995 Objects were scanned with rootkit scan
0 Hidden objects were found

& a scan that ran yesterday with 9 detections:

Avira AntiVir Personal
Report file date: Monday, March 15, 2010 12:00

Scanning for 1854033 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DAVE

Version information:
BUILD.DAT : 9.0.0.419 21701 Bytes 1/22/2010 18:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 12/9/2009 02:38:13
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 23:28:20
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 23:28:21
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 02:39:22
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 02:39:11
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 12:58:03
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 12:58:03
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 12:58:03
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 12:58:04
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 12:58:04
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 12:58:04
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 12:58:04
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 12:58:04
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 12:58:04
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 12:27:02
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 12:26:58
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 12:26:58
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 12:26:59
VBASE017.VDF : 7.10.5.70 2048 Bytes 3/12/2010 12:27:00
VBASE018.VDF : 7.10.5.71 2048 Bytes 3/12/2010 12:27:00
VBASE019.VDF : 7.10.5.72 2048 Bytes 3/12/2010 12:27:00
VBASE020.VDF : 7.10.5.73 2048 Bytes 3/12/2010 12:27:00
VBASE021.VDF : 7.10.5.74 2048 Bytes 3/12/2010 12:27:00
VBASE022.VDF : 7.10.5.75 2048 Bytes 3/12/2010 12:27:00
VBASE023.VDF : 7.10.5.76 2048 Bytes 3/12/2010 12:27:01
VBASE024.VDF : 7.10.5.77 2048 Bytes 3/12/2010 12:27:01
VBASE025.VDF : 7.10.5.78 2048 Bytes 3/12/2010 12:27:01
VBASE026.VDF : 7.10.5.79 2048 Bytes 3/12/2010 12:27:01
VBASE027.VDF : 7.10.5.80 2048 Bytes 3/12/2010 12:27:01
VBASE028.VDF : 7.10.5.81 2048 Bytes 3/12/2010 12:27:01
VBASE029.VDF : 7.10.5.82 2048 Bytes 3/12/2010 12:27:01
VBASE030.VDF : 7.10.5.83 2048 Bytes 3/12/2010 12:27:02
VBASE031.VDF : 7.10.5.85 55808 Bytes 3/15/2010 12:27:02
Engineversion : 8.2.1.180
AEVDF.DLL : 8.1.1.3 106868 Bytes 1/23/2010 02:40:07
AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 2/26/2010 12:26:50
AESCN.DLL : 8.1.5.0 127347 Bytes 2/26/2010 12:26:49
AESBX.DLL : 8.1.2.0 254323 Bytes 2/26/2010 12:26:51
AERDL.DLL : 8.1.4.2 479602 Bytes 2/14/2010 02:39:17
AEPACK.DLL : 8.2.1.0 426356 Bytes 3/10/2010 03:20:05
AEOFFICE.DLL : 8.1.0.39 196987 Bytes 2/20/2010 12:26:50
AEHEUR.DLL : 8.1.1.7 2326902 Bytes 2/20/2010 12:26:50
AEHELP.DLL : 8.1.10.1 237942 Bytes 2/26/2010 12:26:49
AEGEN.DLL : 8.1.2.0 373107 Bytes 2/26/2010 12:26:48
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/2/2009 23:27:06
AECORE.DLL : 8.1.12.2 188790 Bytes 3/10/2010 03:20:03
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 12/9/2009 02:38:13
AVREP.DLL : 8.0.0.7 159784 Bytes 2/19/2010 12:26:52
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 12/9/2009 02:38:13

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: c:\program files\avira\antivir desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +SPR,

Start of the scan: Monday, March 15, 2010 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'ssmypics.scr' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'Updates from HP.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'DMAScheduler.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'ELService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '72' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\rmu_cnnant2009.exe
[0] Archive type: 7-Zip
--> Msi/Disk1.cab
[1] Archive type: CAB (Microsoft)
--> MapSourceFRA.C4B7AACE_84EA_4B37_B8C6_78B8A322B8E1
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133801.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133803.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133804.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133805.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133806.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133807.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133808.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133809.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
C:\WINDOWS\system32\spool\prtprocs\w32x86\5kUOC5.tmp
[DETECTION] Is the TR/Agent.dnuf Trojan
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133801.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4bcfc1ee.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133803.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4ab929b7.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133804.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4ab63e5f.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133805.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4aba217f.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133806.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4ab3ceaf.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133807.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4ab73607.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133808.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4ab831cf.qua'!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP734\A0133809.exe
[DETECTION] Is the TR/Spy.Agent.beaf Trojan
[NOTE] The file was moved to '4aa6f24f.qua'!
C:\WINDOWS\system32\spool\prtprocs\w32x86\5kUOC5.tmp
[DETECTION] Is the TR/Agent.dnuf Trojan
[NOTE] The file was moved to '4bf3c229.qua'!


End of the scan: Monday, March 15, 2010 19:24
Used time: 1:34:48 Hour(s)

The scan has been done completely.

16229 Scanned directories
894210 Files were scanned
9 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
9 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
894199 Files not concerned
17468 Archives were scanned
3 Warnings
11 Notes



IP:
top
Top
 Profile Send private message  
 
 Post subject: Re: Virus Protector = Unusable Pc
PostPosted: Sun Apr 25, 2010 9:53 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
My sincere apologies for overlooking this thread for so long. :oops:

Everything found by Avira was in system restore and thus non threats.

Let's get Malwarebytes updated and grab a scan using the default quick scan option and a new HijackThis log as well.

_________________
Image



IP:
top
Top
 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  

Who is online

Who is online In total there are 0 users online :: 0 registered, 0 hidden and 0 guests (based on users active over the past 5 minutes)
Most users ever online was 282 on Tue Sep 25, 2012 11:30 am

Users browsing this forum: No registered users and 0 guests

New posts    No new posts    Forum locked
cron
Powered by phpBB