Needs help to remove win32/NSanti - Free Antivirus Forum

Needs help to remove win32/NSanti

BullGuard Antivirus Forum > Virus Removal > Removal Tools > Needs help to remove win32/NSanti

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

fatin
New Member

Date Joined Feb 2008
Total Posts : 6

Posted 2-26-2008 8:36 (GMT +1)

hello everyone.. im new here..
my lappy seem to be affected with this virus too..
can anyone here help me plz..
thx in advance!!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 2-26-2008 10:02 (GMT +1)

Hi fatin

Click here - ->> Before posting a log

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT in this topic

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

fatin
New Member

Date Joined Feb 2008
Total Posts : 6

Posted 2-26-2008 4:11 (GMT +1)

ComboFix 08-02-26 - acer 2008-02-26 18:56:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.428 [GMT 8:00]
Running from: C:\Documents and Settings\acer\Desktop\ComboFix(2).exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\u.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\setting.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-26 18:56 . 2004-08-04 20:00 388,608 --a------ C:\WINDOWS\system32\CF1518.exe
2008-02-26 18:43 . 2008-02-26 18:46 <DIR> d-------- C:\QooBox
2008-02-26 18:42 . 2004-08-04 20:00 388,608 --a------ C:\WINDOWS\system32\CF31592.exe
2008-02-26 18:42 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe
2008-02-26 18:42 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe
2008-02-26 18:42 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe
2008-02-26 18:42 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-26 18:42 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-26 18:42 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-02-26 18:42 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-26 18:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-02-26 18:42 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe
2008-02-26 17:49 . 2008-02-26 17:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-26 17:49 . 2008-02-26 17:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 17:49 . 2008-02-26 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-26 17:49 . 2008-02-26 17:49 <DIR> d-------- C:\Documents and Settings\acer\Application Data\SUPERAntiSpyware.com
2008-02-26 17:30 . 2008-02-26 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-26 17:26 . 2008-02-26 17:26 <DIR> d-------- C:\Program Files\CCleaner
2008-02-26 11:59 . 2008-02-26 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-26 11:59 . 2008-02-26 11:59 <DIR> d-------- C:\Documents and Settings\acer\Application Data\Malwarebytes
2008-02-26 11:51 . 2008-02-26 11:52 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-24 04:05 . 2008-02-26 18:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 04:04 . 2008-02-26 11:34 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-24 04:04 . 2008-02-24 04:04 <DIR> d-------- C:\Documents and Settings\acer\Application Data\PC Tools
2008-02-24 04:04 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-24 04:04 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-24 04:04 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-24 04:04 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-23 12:02 . 2008-02-23 12:01 113,040 -r-hs---- C:\WINDOWS\system32\tavo.exe
2008-02-23 12:02 . 2008-02-26 18:51 81,408 -r-hs---- C:\WINDOWS\system32\tavo0.dll
2008-02-20 21:13 . 2008-02-20 09:36 115,221 -r-hs---- C:\gqsk.bat
2008-02-08 20:03 . 2008-02-08 20:03 <DIR> d-------- C:\Documents and Settings\acer\Application Data\WinPatrol
2008-02-08 20:02 . 2008-02-08 20:02 <DIR> d-------- C:\Program Files\BillP Studios
2008-02-08 03:03 . 2008-02-08 03:03 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-02-07 03:02 . 2004-08-04 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-04 03:00 . 2008-02-15 17:44 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-04 01:32 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-04 01:32 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-04 01:32 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-31 00:33 . 2008-01-31 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-01-31 00:32 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-31 00:32 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-31 00:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-31 00:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-31 00:32 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-31 00:31 . 2008-02-08 03:04 <DIR> d-------- C:\Program Files\Windows Live Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 10:51 704,643,072 --sha-w C:\pagefile.sys
2008-02-26 10:38 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-26 09:49 --------- d-----w C:\Program Files\Common Files
2008-02-26 09:26 --------- d-----w C:\Program Files\Yahoo!
2008-02-26 07:19 --------- d-----w C:\Program Files\Google
2008-02-26 06:04 --------- d-----w C:\Documents and Settings\acer\Application Data\AVG7
2008-02-16 03:22 --------- d-----w C:\Program Files\Internet Explorer
2008-02-08 11:14 --------- d-----w C:\Program Files\PhotoMix
2008-02-07 19:11 --------- d-----w C:\Program Files\Outlook Express
2008-02-07 19:11 --------- d-----w C:\Program Files\Common Files\System
2008-02-06 19:02 --------- d-----w C:\Program Files\Windows Media Player
2008-01-31 18:37 --------- d-----w C:\Program Files\Launch Manager
2008-01-30 16:30 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 08:02 --------- d-----w C:\Program Files\WinRAR
2008-01-14 04:54 --------- d-----w C:\Program Files\hp deskjet 656c series
2008-01-14 03:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-09 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-09 16:51 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
2008-01-09 16:51 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
2008-01-09 16:51 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
2008-01-09 16:51 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
2008-01-09 16:51 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
2008-01-09 16:51 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
2008-01-09 16:51 --------- d-----w C:\Program Files\Grisoft
2008-01-09 16:51 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 18:38 90,112 ----a-w C:\WINDOWS\DUMP2f8b.tmp
2007-12-07 14:37 3,059,200 ----a-w C:\WINDOWS\system32\mshtml.dll
2007-12-06 09:38 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

------- Sigcheck -------

6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
----a-w 502,272 2007-07-06 11:26:39 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 00:14 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
"tava"="C:\WINDOWS\system32\tavo.exe" [2008-02-23 12:01 113040]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-17 21:36 8437760]
"nwiz"="nwiz.exe" [2007-04-17 21:36 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-17 21:36 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 14:49 16377344 C:\WINDOWS\RTHDCPL.exe]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-05-18 17:28 707344]
"PLFSet"="C:\WINDOWS\PLFSet.dll" [2007-04-24 11:49 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-10 00:51 579072]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-02 01:52 196608]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-10 00:51 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTrayContextMenu"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
Debugger=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe]
Debugger=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tasklist.exe]
Debugger=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-01-10 00:51 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 2005-07-19 18:45 96159 C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 08:50 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15427:TCP"= 15427:TCP:BitComet 15427 TCP
"15427:UDP"= 15427:UDP:BitComet 15427 UDP

R3 hidshim;Service for HID-KMDF Shim layer;C:\WINDOWS\system32\DRIVERS\hidshim.sys [2007-05-07 14:15]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-02-16 08:50]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-02-07 18:35]
R3 winbondhidcir;Winbond HID CIR Receiver;C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys [2007-05-07 14:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0877b9dd-b379-11dc-b82e-001b2491b1ce}]
\Shell\Auto\command - F:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{087e93d8-a612-11dc-8a52-001b2491b1ce}]
\Shell\AutoRun\command - F:\ntdelect.com
\Shell\explore\Command - F:\ntdelect.com
\Shell\open\Command - F:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15749446-c719-11dc-b553-001b2491b1ce}]
\Shell\AutoRun\command - F:\g2p3s.exe
\Shell\explore\Command - F:\g2p3s.exe
\Shell\open\Command - F:\g2p3s.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{164d1c75-ce69-11dc-b576-001b2491b1ce}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - F:\Flash.10.Setup.exe
\Shell\Open\command - F:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - F:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23854bb2-dbdb-11dc-b5bb-001b2491b1ce}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{254e9a34-81dc-11dc-b0bd-001b2491b1ce}]
\Shell\Auto\command - F:\Macromedia_Setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Macromedia_Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f2e7942-725b-11dc-a987-001b2491b1ce}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f4b06ca-e069-11dc-b5d2-001b2491b1ce}]
\Shell\AutoRun\command - F:\gqsk.bat
\Shell\explore\Command - F:\gqsk.bat
\Shell\open\Command - F:\gqsk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32ad7f56-8c49-11dc-ab5a-001b2491b1ce}]
\Shell\AutoPlay\command - wscript.exe \VirusMawar.js
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \VirusMawar.js
\Shell\Explore\command - wscript.exe \VirusMawar.js -Clicked
\Shell\Open\command - wscript.exe \VirusMawar.js
\Shell\Scan for Viruses\command - wscript.exe \VirusMawar.js
\Shell\Scan with AVG\command - wscript.exe \VirusMawar.js
\Shell\Scan with Norton AntiVirus\command - wscript.exe \VirusMawar.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40a3af7b-d38b-11dc-b594-001b2491b1ce}]
\Shell\AutoPlay\command - wscript.exe \VirusMawar.js
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \VirusMawar.js
\Shell\Explore\command - wscript.exe \VirusMawar.js -Clicked
\Shell\Open\command - wscript.exe \VirusMawar.js
\Shell\Scan for Viruses\command - wscript.exe \VirusMawar.js
\Shell\Scan with AVG\command - wscript.exe \VirusMawar.js
\Shell\Scan with Norton AntiVirus\command - wscript.exe \VirusMawar.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{424d8b64-74c4-11dc-a98f-001b2491b1ce}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f849ca4-7dfc-11dc-b0af-001b2491b1ce}]
\Shell\Auto\command - F:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56584dbf-a7cf-11dc-8a54-001b2491b1ce}]
\Shell\AutoRun\command - F:\ntdelect.com
\Shell\explore\Command - F:\ntdelect.com
\Shell\open\Command - F:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56584dc5-a7cf-11dc-8a54-001b2491b1ce}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - ntdeIect.com
\Shell\open\Command - ntdeIect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64af5dbf-7d7a-11dc-b0ae-001b2491b1ce}]
\Shell\AutoPlay\command - wscript.exe \VirusMawar.js
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \VirusMawar.js
\Shell\Explore\command - wscript.exe \VirusMawar.js -Clicked
\Shell\Open\command - wscript.exe \VirusMawar.js
\Shell\Scan for Viruses\command - wscript.exe \VirusMawar.js
\Shell\Scan with AVG\command - wscript.exe \VirusMawar.js
\Shell\Scan with Norton AntiVirus\command - wscript.exe \VirusMawar.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64af5df7-7d7a-11dc-b0ae-001b2491b1ce}]
\Shell\AutoRun\command - G:\ntdelect.com
\Shell\explore\Command - G:\ntdelect.com
\Shell\open\Command - G:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d72f2ce-e0f8-11dc-b5da-001b2491b1ce}]
\Shell\AutoPlay\command - wscript.exe \VirusMawar.js
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \VirusMawar.js
\Shell\Explore\command - wscript.exe \VirusMawar.js -Clicked
\Shell\Open\command - wscript.exe \VirusMawar.js
\Shell\Scan for Viruses\command - wscript.exe \VirusMawar.js
\Shell\Scan with AVG\command - wscript.exe \VirusMawar.js
\Shell\Scan with Norton AntiVirus\command - wscript.exe \VirusMawar.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d6c97fd-a47d-11dc-8a50-001b2491b1ce}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d6c9801-a47d-11dc-8a50-001b2491b1ce}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - Flash.10.Setup.exe
\Shell\Open\command - Flash.10.Setup.exe
\Shell\Scan for Viruses\command - Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d9fc432-da14-11dc-b5b0-001b2491b1ce}]
\Shell\Auto\command - F:\autoregistry.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autoregistry.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{914d31c5-ddb7-11dc-b5c0-001b2491b1ce}]
\Shell\AutoRun\command - F:\ek.com
\Shell\explore\Command - F:\ek.com
\Shell\open\Command - F:\ek.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{962ea6ee-9b2a-11dc-8a42-001b2491b1ce}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99fa29e3-ca77-11dc-b560-001b2491b1ce}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - F:\ntdeIect.com
\Shell\open\Command - F:\ntdeIect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a73db4d0-64cb-11dc-a950-001b2491b1ce}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - F:\Flash.10.Setup.exe
\Shell\Open\command - F:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - F:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a73db4d1-64cb-11dc-a950-001b2491b1ce}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - F:\Flash.10.Setup.exe
\Shell\Open\command - F:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - F:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a73db4d2-64cb-11dc-a950-001b2491b1ce}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - G:\Flash.10.Setup.exe
\Shell\Open\command - G:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - G:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8da3ec0-6e4b-11dc-a974-001b2491b1ce}]
\Shell\AutoRun\command - F:\idstick.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8da3ec1-6e4b-11dc-a974-001b2491b1ce}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acbb8081-a16c-11dc-8a4b-001b2491b1ce}]
\Shell\AutoRun\command - G:\gqsk.bat
\Shell\explore\Command - G:\gqsk.bat
\Shell\open\Command - G:\gqsk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acbb8342-a16c-11dc-8a4b-001b2491b1ce}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - Flash.10.Setup.exe
\Shell\Open\command - Flash.10.Setup.exe
\Shell\Scan for Viruses\command - F:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acbb837a-a16c-11dc-8a4b-001b2491b1ce}]
\Shell\AutoRun\command - F:\ntdelect.com
\Shell\explore\Command - F:\ntdelect.com
\Shell\open\Command - F:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acbb838d-a16c-11dc-8a4b-001b2491b1ce}]
\Shell\AutoRun\command - G:\gqsk.bat
\Shell\explore\Command - G:\gqsk.bat
\Shell\open\Command - G:\gqsk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acbb838f-a16c-11dc-8a4b-001b2491b1ce}]
\Shell\AutoRun\command - 6.bat
\Shell\explore\Command - 6.bat
\Shell\open\Command - 6.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acce799c-a7f4-11dc-8a55-001b2491b1ce}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1788974-9a88-11dc-8a3f-001b2491b1ce}]
\Shell\AutoPlay\command - wscript.exe \VirusMawar.js
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \VirusMawar.js
\Shell\Explore\command - wscript.exe \VirusMawar.js -Clicked
\Shell\Open\command - wscript.exe \VirusMawar.js
\Shell\Scan for Viruses\command - wscript.exe \VirusMawar.js
\Shell\Scan with AVG\command - wscript.exe \VirusMawar.js
\Shell\Scan with Norton AntiVirus\command - wscript.exe \VirusMawar.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2a000a5-daa3-11dc-b5b3-001b2491b1ce}]
\Shell\AutoRun\command - nncu6kk.com
\Shell\explore\Command - nncu6kk.com
\Shell\open\Command - nncu6kk.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca4f1678-c973-11dc-b55b-001b2491b1ce}]
\Shell\AutoRun\command - G:\nncu6kk.com
\Shell\explore\Command - G:\nncu6kk.com
\Shell\open\Command - G:\nncu6kk.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d69a17e6-c510-11dc-b54c-001b2491b1ce}]
\Shell\AutoRun\command - F:\g2p3s.exe
\Shell\explore\Command - F:\g2p3s.exe
\Shell\open\Command - F:\g2p3s.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d834de26-d3a0-11dc-b597-001b2491b1ce}]
\Shell\AutoPlay\command - wscript.exe \VirusMawar.js
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \VirusMawar.js
\Shell\Explore\command - wscript.exe \VirusMawar.js -Clicked
\Shell\Open\command - wscript.exe \VirusMawar.js
\Shell\Scan for Viruses\command - wscript.exe \VirusMawar.js
\Shell\Scan with AVG\command - wscript.exe \VirusMawar.js
\Shell\Scan with Norton AntiVirus\command - wscript.exe \VirusMawar.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d899ffe4-b5ff-11dc-b835-001b2491b1ce}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - G:\ntdeIect.com
\Shell\open\Command - G:\ntdeIect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d89a0000-b5ff-11dc-b835-001b2491b1ce}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfad1947-65d5-11dc-a954-001b2491b1ce}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - Flash.10.Setup.exe
\Shell\Open\command - Flash.10.Setup.exe
\Shell\Scan for Viruses\command - Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e463e13c-63a2-11dc-a94d-001b2491b1ce}]
\Shell\AutoPlay\command - wscript.exe \VirusMawar.js
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \VirusMawar.js
\Shell\Explore\command - wscript.exe \VirusMawar.js -Clicked
\Shell\Open\command - wscript.exe \VirusMawar.js
\Shell\Scan for Viruses\command - wscript.exe \VirusMawar.js
\Shell\Scan with AVG\command - wscript.exe \VirusMawar.js
\Shell\Scan with Norton AntiVirus\command - wscript.exe \VirusMawar.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6aa4273-8451-11dc-b0c1-001b2491b1ce}]
\Shell\AutoPlay\command - wscript.exe \Haha.js
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \Haha.js
\Shell\Explore\command - wscript.exe \Haha.js -Clicked
\Shell\Open\command - wscript.exe \Haha.js
\Shell\Scan for Viruses\command - wscript.exe \Haha.js
\Shell\Scan with AVG\command - wscript.exe \Haha.js
\Shell\Scan with Norton AntiVirus\command - wscript.exe \Haha.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9093414-6529-11dc-a952-001b2491b1ce}]
\Shell\AutoRun\command - kqsr.exe
\Shell\explore\Command - kqsr.exe
\Shell\open\Command - kqsr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9e4805a-a0ad-11dc-8a49-001b2491b1ce}]
\Shell\AutoRun\command - H:\kqsr.exe
\Shell\explore\Command - H:\kqsr.exe
\Shell\open\Command - H:\kqsr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f00aace3-bcfe-11dc-b846-001b2491b1ce}]
\Shell\AutoPlay\command - wscript.exe \VirusMawar.js
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \VirusMawar.js
\Shell\Explore\command - wscript.exe \VirusMawar.js -Clicked
\Shell\Open\command - wscript.exe \VirusMawar.js
\Shell\Scan for Viruses\command - wscript.exe \VirusMawar.js
\Shell\Scan with AVG\command - wscript.exe \VirusMawar.js
\Shell\Scan with Norton AntiVirus\command - wscript.exe \VirusMawar.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2cb4b56-dd75-11dc-b5bf-001b2491b1ce}]
\Shell\AutoRun\command - wscript.exe .\`.vbs
\Shell\open\command - wscript.exe .\`.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8385f70-9e2a-11dc-8a44-001b2491b1ce}]
\Shell\AutoPlay\command - wscript.exe \VirusMawar.js
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \VirusMawar.js
\Shell\Explore\command - wscript.exe \VirusMawar.js -Clicked
\Shell\Open\command - wscript.exe \VirusMawar.js
\Shell\Scan for Viruses\command - wscript.exe \VirusMawar.js
\Shell\Scan with AVG\command - wscript.exe \VirusMawar.js
\Shell\Scan with Norton AntiVirus\command - wscript.exe \VirusMawar.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f890e29e-a88b-11dc-8a56-001b2491b1ce}]
\Shell\AutoPlay\command - wscript.exe \VirusMawar.js
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \VirusMawar.js
\Shell\Explore\command - wscript.exe \VirusMawar.js -Clicked
\Shell\Open\command - wscript.exe \VirusMawar.js
\Shell\Scan for Viruses\command - wscript.exe \VirusMawar.js
\Shell\Scan with AVG\command - wscript.exe \VirusMawar.js
\Shell\Scan with Norton AntiVirus\command - wscript.exe \VirusMawar.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9d89ad5-b819-11dc-b839-001b2491b1ce}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Sys.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9d89ce6-b819-11dc-b839-001b2491b1ce}]
\Shell\Auto\command - F:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9d89ce7-b819-11dc-b839-001b2491b1ce}]
\Shell\AutoRun\command - G:\ntdelect.com
\Shell\explore\Command - G:\ntdelect.com
\Shell\open\Command - G:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa28b178-8d47-11dc-ab5c-001b2491b1ce}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - ntdelect.com
\Shell\open\Command - ntdelect.com

.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 10:29:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 18:57:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

fatin
New Member

Date Joined Feb 2008
Total Posts : 6

Posted 2-26-2008 5:15 (GMT +1)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01, on 2008-02-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\DOCUME~1\acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\acer\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\WINDOWS\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6f55b8441fdc47c39f2a9c51190cceae
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6f55b8441fdc47c39f2a9c51190cceae
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8757 bytes

fatin
New Member

Date Joined Feb 2008
Total Posts : 6

Posted 2-26-2008 5:20 (GMT +1)

thx to touch for the quick reply..
so, here's the Hijackthis log and SuperAntiSpyware log
what should i do next?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 2-27-2008 6:54 (GMT +1)

Open notepad and copy/paste the text in the quote box below into it:

Quote:

-----------------------------------------------------

KILLALL::

Snapshot::

File::

C:\WINDOWS\system32\CF1518.exe

C:\WINDOWS\system32\CF31592.exe

C:\WINDOWS\system32\sed.exe

C:\WINDOWS\system32\tavo.exe

C:\WINDOWS\system32\tavo0.dll

C:\gqsk.bat

C:\WINDOWS\DUMP2f8b.tmp

F:\g2p3s.exe

F:\gqsk.bat

G:\gqsk.bat

----------------------------------------------

Save this as CFScript.txt

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Referring to the picture above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system.

It may reboot your system when it finishes. This is normal.

Post new hijackthis log along with fresh combofix log and tell how things are running ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

fatin
New Member

Date Joined Feb 2008
Total Posts : 6

Posted 2-27-2008 11:45 (GMT +1)

im having prob to do the step
after i run a scan, my laptop will hang
i already tried for a few times, and it will still hang
do u have any idea why is this happen?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 2-27-2008 1:24 (GMT +1)

No, not really. Let´s see if avenger can do the trick -

Please download:

http://swandog46.geekstogo.com/avenger.zip

by Swandog46 to your Desktop.

You must extract avenger. zip to your desktop, before you run it.

Start up Avenger exe.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, copy,then paste all the text in the quote box below.

Quote:

Files to delete:
C:\WINDOWS\system32\CF1518.exe

C:\WINDOWS\system32\CF31592.exe

C:\WINDOWS\system32\sed.exe

C:\WINDOWS\system32\tavo.exe

C:\WINDOWS\system32\tavo0.dll

C:\gqsk.bat

C:\WINDOWS\DUMP2f8b.tmp

F:\g2p3s.exe

F:\gqsk.bat

G:\gqsk.bat

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt

Please copy/paste the content of C:\avenger.txt into your reply along with a fresh HJT log

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

fatin
New Member

Date Joined Feb 2008
Total Posts : 6

Posted 2-27-2008 6:44 (GMT +1)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17, on 2008-02-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\DOCUME~1\acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\acer\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\WINDOWS\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6f55b8441fdc47c39f2a9c51190cceae
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6f55b8441fdc47c39f2a9c51190cceae
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8876 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 2-29-2008 5:34 (GMT +1)

You were supposed to post - C:\avenger.txt into your reply - as well

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Saturday, November 22, 2008 2:11 PM (GMT +1)
There are a total of 64.050 posts in 15.836 threads.
In the last 3 days there were 26 new threads and 157 reply posts. View Active Threads