Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Help Malware - Zentom System Guard and ping.exe

  • 25-10-2011 4:45pm
    #1
    GarC
    Registered Users Posts: 11


    I'm really hoping someone can help me sort out this problem. A few days ago my pc got infected with the Zentom System Guard trojan, I've tried my best to remedy the situation using rkill, malwarebytes, etc. It seemed to work (the popups stopped) but I noticed that the pc was still running slow. I've now discovered a process called ping.exe keeps opening up and uses up to 100% of the cpu usage on Task Manager. I keep kiling this process but it restarts after a few minutes. Any help would be greatly appreciated. The following is the malwarebytes log

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7972

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 7.0.5730.11

    18/10/2011 14:20:03
    mbam-log-2011-10-18 (14-20-03).txt

    Scan type: Quick scan
    Objects scanned: 241126
    Time elapsed: 5 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 2
    Registry Data Items Infected: 1
    Folders Infected: 1
    Files Infected: 13

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zentom System Guard (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*proxyadmqueue.exe (Trojan.FakeAlert) -> Value: *proxyadmqueue.exe -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\senrmodk70.exe (Trojan.FakeAlert) -> Value: senrmodk70.exe -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\documents and settings\Gar\start menu\Programs\zentom system guard (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\all users\start menu\Programs\proxyadmqueue.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\Gar\application data\6fefc6a297f87baf81097ee70d4f7abf\senrmodk70.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\Gar\local settings\Temp\FY1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\Gar\local settings\Temp\FY2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\Gar\local settings\Temp\FY3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\Gar\local settings\Temp\xmwcarnoes.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\Gar\application data\Adobe\plugs\kb360074375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\Gar\application data\Adobe\plugs\kb360074390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\Gar\start menu\Programs\Startup\zentom system guard.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.
    c:\documents and settings\Gar\Desktop\zentom system guard.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.
    c:\documents and settings\Gar\application data\microsoft\internet explorer\quick launch\zentom system guard.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.
    c:\documents and settings\Gar\start menu\Programs\zentom system guard\zentom system guard.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.
    c:\documents and settings\Gar\start menu\Programs\zentom system guard\uninstall.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.


Comments

  • #2
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    run combofix and post the log it gives you

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix


  • #3
    GarC
    Registered Users Posts: 11 GarC


    Thanks ASJ, log as follows:



    ComboFix 11-10-27.03 - Gar 27/10/2011 13:00:38.1.2 - x86
    Running from: c:\documents and settings\Gar\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\10.tmp
    C:\1060.tmp
    C:\1068.tmp
    C:\1070.tmp
    C:\1077.tmp
    C:\12.tmp
    C:\13.tmp
    C:\141.tmp
    C:\142.tmp
    C:\146.tmp
    C:\14B.tmp
    C:\151.tmp
    C:\18.tmp
    C:\19.tmp
    C:\1B1C.tmp
    C:\1B20.tmp
    C:\1B4.tmp
    C:\1B44.tmp
    C:\1B4A.tmp
    C:\1BA.tmp
    C:\1CCC.tmp
    C:\1CD0.tmp
    C:\1E81.tmp
    C:\1E85.tmp
    C:\1E8C.tmp
    C:\1E90.tmp
    C:\1E94.tmp
    C:\1F.tmp
    C:\2048.tmp
    C:\204E.tmp
    C:\2053.tmp
    C:\205A.tmp
    C:\222.tmp
    C:\23A.tmp
    C:\242.tmp
    C:\247.tmp
    C:\24C.tmp
    C:\251.tmp
    C:\2C8.tmp
    C:\323.tmp
    C:\39A.tmp
    C:\3A0.tmp
    C:\3D2.tmp
    C:\4A9.tmp
    C:\4B.tmp
    C:\4F.tmp
    C:\511.tmp
    C:\685.tmp
    C:\68A.tmp
    C:\692.tmp
    C:\698.tmp
    C:\6BA.tmp
    C:\6BE.tmp
    C:\6D8.tmp
    C:\6DE.tmp
    C:\6E4.tmp
    C:\6E9.tmp
    C:\6EE.tmp
    C:\6F3.tmp
    C:\6F8.tmp
    C:\6FD.tmp
    C:\704.tmp
    C:\732.tmp
    C:\810.tmp
    C:\8F1.tmp
    C:\B11.tmp
    C:\C.tmp
    c:\documents and settings\Gar\Application Data\Adobe\plugs
    c:\documents and settings\Gar\Application Data\Adobe\shed
    c:\documents and settings\Gar\g2mdlhlpx.exe
    c:\documents and settings\Gar\My Documents\DPE.DUS
    c:\documents and settings\Gar\WINDOWS
    c:\program files\Hotspot Shield\hssie\HsSIe.dll
    c:\windows\$NtUninstallKB47537$

    c:\windows\$NtUninstallKB47537$\1227419801\bckfg.tmp
    c:\windows\$NtUninstallKB47537$\1227419801\cfg.ini
    c:\windows\$NtUninstallKB47537$\1227419801\Desktop.ini
    c:\windows\$NtUninstallKB47537$\1227419801\kwrd.dll
    c:\windows\$NtUninstallKB47537$\1227419801\L\iahonoel






    c:\windows\$NtUninstallKB47537$\2790303596
    c:\windows\Fonts\Holisbq_.ttf
    c:\windows\Fonts\Univers LT 49 Light Ultra Condensed.ttf
    c:\windows\system32\CddbCdda.dll
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-27 12:25 . 2011-10-27 12:25 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{2DF45BD2-A4F6-4BD1-A67A-8866869F3E63}\offreg.dll
    2011-10-25 15:51 . 2011-10-25 15:51
    d
    w- c:\program files\SUPERAntiSpyware
    2011-10-25 08:36 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{2DF45BD2-A4F6-4BD1-A67A-8866869F3E63}\mpengine.dll
    2011-10-18 13:52 . 2011-05-04 01:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-10-18 13:52 . 2011-05-04 03:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-10-18 13:52 . 2011-05-04 03:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-18 13:37 . 2011-10-18 13:37
    d
    w- c:\documents and settings\Gar\Application Data\SUPERAntiSpyware.com
    2011-10-18 13:37 . 2011-10-18 13:37
    d
    w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-14 08:28 . 2011-06-07 08:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 10:41 . 2004-08-04 05:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 10:41 . 2004-08-04 05:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-12 23:14 . 2006-07-18 12:34 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-09-09 17:23 . 2011-09-22 12:18 2469760 ----a-w- c:\windows\system32\BootMan.exe
    2011-09-09 09:12 . 2004-08-04 05:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 14:44 . 2005-02-23 15:21 89680 ----a-w- c:\documents and settings\Gar\MSSSerif120.fon
    2011-09-06 13:20 . 2004-08-04 05:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 16:00 . 2009-10-29 08:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-17 21:32 . 2004-08-04 05:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-08-17 21:32 . 2004-08-04 05:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-08-17 21:32 . 2004-08-04 05:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-17 21:32 . 2004-08-04 05:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-08-17 13:49 . 2004-08-04 05:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-08-17 12:22 . 2004-08-04 05:00 389120 ----a-w- c:\windows\system32\html.iec
    2011-07-29 12:54 . 2011-09-22 12:18 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2011-07-29 12:54 . 2011-09-22 12:18 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2011-07-29 12:54 . 2011-09-22 12:18 13192 ----a-w- c:\windows\system32\epmntdrv.sys
    2011-07-29 12:54 . 2011-09-22 12:18 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2011-10-05 12:07 . 2011-05-06 09:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-02-05 13:04 . 2007-08-13 10:27 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2006-05-03 09:06 163328 --sh--r- c:\windows\SYSTEM32\flvDX.dll
    2007-02-21 10:47 31232 --sh--r- c:\windows\SYSTEM32\msfDX.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-07-26 958352]
    "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-07-26 3507088]
    "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-07-26 20880]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 344064]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Taskman"=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Address Book.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Address Book.lnk
    backup=c:\windows\pss\Address Book.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
    backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
    backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
    backup=c:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    backup=c:\windows\pss\PowerReg Scheduler.exeCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scanner File Utility.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Scanner File Utility.lnk
    backup=c:\windows\pss\Scanner File Utility.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Gar^Start Menu^Programs^Startup^SunClock5.lnk]
    path=c:\documents and settings\Gar\Start Menu\Programs\Startup\SunClock5.lnk
    backup=c:\windows\pss\SunClock5.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
    2006-04-05 16:30 1015808 ----a-w- c:\program files\ACT\ACT for Windows\Act8.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-06-12 02:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Text Desktop]
    2007-09-18 07:21 1830912 ----a-w- c:\program files\Desktop Text Desktop\mw.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2004-08-13 00:05 122939 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2004-09-15 01:01 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-10-12 16:54 57344
    w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-02-05 13:04 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-06-07 18:01 136176 ----atw- c:\documents and settings\Gar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2006-10-27 00:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
    2003-09-03 20:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup Pro]
    2005-07-01 09:12 18968576 ----a-w- c:\program files\Iomega\Automatic Backup Pro\LiveSystem.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
    2005-07-13 15:16 1859584 ----a-w- c:\program files\Common Files\Mobipocket Shared\webcomp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
    2007-06-09 01:28 310520 ----a-w- c:\program files\Orb Networks\Orb\bin\OrbTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    2007-06-18 15:10 271360 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PnPUI Registrator]
    2004-11-22 17:04 163840 ----a-r- c:\program files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
    2010-04-17 10:56 394984 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
    2011-01-31 16:36 79872 ----a-w- c:\documents and settings\Gar\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    2002-04-17 09:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
    2003-12-31 17:39 40960 ----a-w- c:\windows\vsnpstd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-07-18 08:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Universal Link]
    2008-04-29 15:18 2387968 ----a-w- c:\program files\Universal Link\Universal Link.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    2004-01-07 00:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\FlashGet\\flashget.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 136176]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-07-20 77624]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-07-26 20032]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 13192]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
    R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-05 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 136176]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
    R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
    R3 psa128s;psa128s;c:\windows\system32\DRIVERS\psa128s.sys [2002-12-09 52335]
    R3 psa128u;Nike psa[128max Player Control Driver;c:\windows\system32\Drivers\psa128u.sys [2002-12-09 14:21 36612]
    R3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 311872]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-07-20 181432]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
    R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
    S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-09-30 40560]
    S0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\DRIVERS\IABFilt.sys [2005-07-01 25344]
    S0 PSA128F;PSA128F; [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-01 691696]
    S1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2006-07-18 284184]
    S1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2006-07-18 91672]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
    S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-04-14 14336]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
    .
    2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 08:40]
    .
    2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 08:40]
    .
    2011-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2848976288-985089951-1767440470-1005Core.job
    - c:\documents and settings\Gar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 18:01]
    .
    2011-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2848976288-985089951-1767440470-1005UA.job
    - c:\documents and settings\Gar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 18:01]
    .
    2011-10-27 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
    .
    .
    Supplementary Scan
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    TCP: Interfaces\{DAFEC2AB-712C-4F63-80DE-C176D138AC84}: NameServer = 192.168.0.1
    DPF: ibb_cust - hxxps://ibusinessbanking1.aib.ie/ibb_cust.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {5E201A83-CFEF-4809-A3FD-48D2DE1A2AC0} - hxxp://192.168.0.15/vsg.cab
    DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} - file://c:\program files\Microsoft Interactive Training\O10C\mitm0026.cab
    FF - ProfilePath - c:\documents and settings\Gar\Application Data\Mozilla\Firefox\Profiles\iai39sbn.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SoundMAXPnP - c:\program files\Analog Devices\Core\smax4pnp.exe
    HKLM-Run-NPSStartup - (no file)
    SafeBoot-Wdf01000.sys
    MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
    MSConfigStartUp-Uninstall Adobe Download Manager - c:\docume~1\Gar\LOCALS~1\Temp\nos_uninstall_Adobe.dll
    MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    AddRemove-HijackThis - C:\HijackThis.exe
    AddRemove-Nokia PC Suite - c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng_web.exe
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-27 13:26
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\konfig]
    "ImagePath"="c:\opt\MBCASE\pm\bin\mcp"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\license]
    "ImagePath"="c:\opt\MBCASE\pm\bin\mcp"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mcp]
    "ImagePath"="c:\opt\MBCASE\pm\bin\mcp"
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_USERS\S-1-5-21-2848976288-985089951-1767440470-1005\Software\PWLib\U*S*B*P*h*o*n*e*D*i*a*l*e*r*_*Q*Q*.*c*m*çe\CurrentVersion\AnswerMode]
    "AnswerMode"="0"
    "ForwardPhoneNumber"=""
    "ForwardSkypeID"=""
    "MaxLineRingCount"="6"
    .
    [HKEY_USERS\S-1-5-21-2848976288-985089951-1767440470-1005\Software\PWLib\U*S*B*P*h*o*n*e*D*i*a*l*e*r*_*Q*Q*.*c*m*çe\CurrentVersion\audio\volume\player]
    "min"="13107"
    "init"="32768"
    "ring"="65535"
    .
    [HKEY_USERS\S-1-5-21-2848976288-985089951-1767440470-1005\Software\PWLib\U*S*B*P*h*o*n*e*D*i*a*l*e*r*_*Q*Q*.*c*m*çe\CurrentVersion\audio\volume\recorder]
    "min"="13107"
    "init"="32768"
    "ring"="65535"
    .
    [HKEY_USERS\S-1-5-21-2848976288-985089951-1767440470-1005\Software\PWLib\U*S*B*P*h*o*n*e*D*i*a*l*e*r*_*Q*Q*.*c*m*çe\CurrentVersion\General]
    "RunOnBoot"="1"
    "AutoUpdate"="0"
    "AutoUpdateInterval"="5"
    "MainFormMinimized"="1"
    "Language"="2052"
    .
    [HKEY_USERS\S-1-5-21-2848976288-985089951-1767440470-1005\Software\PWLib\U*S*B*P*h*o*n*e*D*i*a*l*e*r*_*Q*Q*.*c*m*çe\CurrentVersion\Phone]
    "AutoSetPhoneVolume"="1"
    .
    [HKEY_USERS\S-1-5-21-2848976288-985089951-1767440470-1005\Software\PWLib\U*S*B*P*h*o*n*e*D*i*a*l*e*r*_*Q*Q*.*c*m*çe\CurrentVersion\trace]
    "trlog.txt"=""
    .
    DLLs Loaded Under Running Processes
    .
    - - - - - - - > 'winlogon.exe'(1092)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\l3codeca.acm
    .
    - - - - - - - > 'explorer.exe'(1576)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\hnetcfg.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
    c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Other Running Processes
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\crypserv.exe
    c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files\Sandboxie\SbieSvc.exe
    c:\windows\system32\tcpsvcs.exe
    c:\windows\System32\snmp.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    c:\windows\system32\rundll32.exe
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
    c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-27 13:39:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-27 12:39
    .
    Pre-Run: 25,162,764,288 bytes free
    Post-Run: 25,358,938,112 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 3290DD6748E8D1B52B1E1A2DF4487815


  • #4
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    hows it running now ?

    update mbam run a quick scan post that log here


  • #5
    Cork24
    Closed Accounts Posts: 2,663 ✭✭✭Cork24


    Download a sand box app drag the .exe file into that and your down it will still run but not outside the sandbox.


  • #6
    GarC
    Registered Users Posts: 11 GarC


    All seems ok (fingers crossed), thankfully no sign of ping.exe. Maybe it's finally time to move from AVG. Thanks for all the help. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8029 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 27/10/2011 15:20:03 mbam-log-2011-10-27 (15-20-03).txt Scan type: Quick scan Objects scanned: 242647 Time elapsed: 11 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)


  • Advertisement
  • #7
    GarC
    Registered Users Posts: 11 GarC


    Reposting Malwarebutes Log Malwarebytes' Anti-Malware 1.51.2.1300 Database version: 8029 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 27/10/2011 15:20:03 mbam-log-2011-10-27 (15-20-03).txt Scan type: Quick scan Objects scanned: 242647 Time elapsed: 11 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)


  • #8
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    avast is a good anti-virus and free

    http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button


    also use a good browser like srware iron

    http://www.srware.net/en/software_srware_iron_download.php


  • #9
    GarC
    Registered Users Posts: 11 GarC


    Thanks again


Advertisement