Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

HJT Analyser log - pls review fore Safesearch and D Luca trojan

This is a discussion on HJT Analyser log - pls review fore Safesearch and D Luca trojan within the Resolved HJT Threads forums, part of the Tech Support Forum category. Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05 Get updates at https://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program


 
 
Thread Tools Search this Thread
Old 10-26-2005, 12:01 AM   #1
Guest
 
Join Date: Oct 2005
Posts: 4
OS:



Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at https://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 14:51:53, on 26/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\windows\system32\msqsearc.exe
C:\Program Files\eRoom 7\ERClient7.exe
C:\Lotus\Notes\ntmulti.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Documents and Settings\Andrew_Macintyre.DMSG\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/ap/ap/en/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://g.msn.com.sg/0SEENSG/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/ap/ap/en/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/ap/ap/en/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.2.169.17:8080
O1 - Hosts: 135.108.56.206 orstempdev
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm
O4 - HKLM\..\Run: [msqsearc] c:\windows\system32\msqsearc.exe /install
O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: MyNetFone.lnk = ?
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {03A89EFD-E023-7700-A22D-45F77558EB4C} (ILINCInstall77 Class) - https://pdclive.convergys.com/download/ilinci77.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - https://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6045C5E3-3653-4262-9E3E-0DA3A22A2C1D} (Crystal ActiveX Report Viewer Web Report Source 10.0) - https://cdciw10.na.convergys.com/crys...iveXViewer.cab
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - https://eroom.cvgs.net/eRoomSetup/client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dmsg.local
O17 - HKLM\Software\..\Telephony: DomainName = dmsg.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dmsg.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = aspac.convergys.com,convergys.com,emea.convergys.com,img.convergys.com,cmg.convergys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dmsg.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = aspac.convergys.com,convergys.com,emea.convergys.com,img.convergys.com,cmg.convergys.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = aspac.convergys.com,convergys.com,emea.convergys.com,img.convergys.com,cmg.convergys.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


End of KRC HijackThis Analyzer Log.
======================================
andmac is offline  
Sponsored Links
Advertisement
 
Old 10-26-2005, 12:00 PM   #2
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A


Hello and Welcome

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.

Before proceeding any further, please create a new directory - C:\PROGRAM FILES\HIJACKTHIS\
Re-locate your HijackThis files to the new directory



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp.exe - Install.

'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


Please save the following instructions in Notepad.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


With HiJackThis & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://g.msn.com.sg/0SEENSG/SAOS01
O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm
O4 - HKLM\..\Run: [msqsearc] c:\windows\system32\msqsearc.exe /install



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following files/folders:
  • c:\windows\system32\dxvid.exe
    c:\windows\system32\msqsearc.exe

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Please perform an online scan with Internet Explorer at one of the following sites:Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’

It would produce a log called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  1. HiJackThis
  2. Online scan
  3. Antispyware.log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
sUBs is offline  
Old 10-30-2005, 07:40 PM   #3
Guest
 
Join Date: Oct 2005
Posts: 4
OS:



You advised to delete:
1) c:\windows\system32\dxvid.exe
2) c:\windows\system32\msqsearc.exe

1) was not present in the directory
2) I was unable to delete this file - system responding saying the file was currently being used - I had everything closed that I could close.

I proceeded with the rest of the steps you outlined and the following are the log files etc.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at https://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 11:17:35, on 31/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\windows\system32\msqsearc.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Lotus\Notes\ntmulti.exe
C:\Program Files\SJLabs\SJphone\SJphone.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Documents and Settings\Andrew_Macintyre.DMSG\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/ap/ap/en/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/ap/ap/en/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/ap/ap/en/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.2.169.17:8080
O1 - Hosts: 135.108.56.206 orstempdev
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [msqsearc] c:\windows\system32\msqsearc.exe /install
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: MyNetFone.lnk = ?
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {03A89EFD-E023-7700-A22D-45F77558EB4C} (ILINCInstall77 Class) - https://pdclive.convergys.com/download/ilinci77.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - https://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6045C5E3-3653-4262-9E3E-0DA3A22A2C1D} (Crystal ActiveX Report Viewer Web Report Source 10.0) - https://cdciw10.na.convergys.com/crys...iveXViewer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - https://eroom.cvgs.net/eRoomSetup/client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dmsg.local
O17 - HKLM\Software\..\Telephony: DomainName = dmsg.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dmsg.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = aspac.convergys.com,convergys.com,emea.convergys.com,img.convergys.com,cmg.convergys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dmsg.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = aspac.convergys.com,convergys.com,emea.convergys.com,img.convergys.com,cmg.convergys.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = aspac.convergys.com,convergys.com,emea.convergys.com,img.convergys.com,cmg.convergys.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


End of KRC HijackThis Analyzer Log.
====================================================================


I ran Trend Micro but didn't get an "antispyware.log" but it did show the following:

Profiling Cookie (1 item)
FastVideoPlayer(4 items)
SafeSearch (2 items)

The On-line scan result is:


Incident Status Location

Spyware:spyware/dluca No disinfected Windows Registry
Virus:W32/Bagle.A.worm Disinfected 2004archive\01/04\Undeliverable: Hi\Hi\wlnfjwef.exe
Virus:W32/Mydoom.A.worm Disinfected 2004archive\01/04\Undeliverable: Server Report\Server Report\doc.zip[doc.scr]
Virus:W32/Badtrans.B Disinfected Archive Folders\2001\11/01\Re: RE: Coffee\New_Napster_Site.MP3.pif
Virus:Trj/Downloader.EGE Disinfected C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP285\A0030180.exe

Regards
Andrew
andmac is offline  
Sponsored Links
Advertisement
 
Old 10-30-2005, 07:45 PM   #4
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A


Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot...
  1. In the popup box that appears, type in c:\windows\system32\msqsearc.exe
  2. Click the Open button.
  3. Click YES when prompted to restart your computer.


After you have rebooted, have HijackThis fix this entry:

c:\windows\system32\msqsearc.exe


Post a fresh HJT lofg after that
sUBs is offline  
Old 11-01-2005, 06:24 PM   #5
Guest
 
Join Date: Oct 2005
Posts: 4
OS:


Thanks I think that has got rid of it. New logs attached:


====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at https://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 10:10:52, on 02/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\SJLabs\SJphone\SJphone.exe
C:\Lotus\Notes\ntmulti.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Documents and Settings\Andrew_Macintyre.DMSG\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/ap/ap/en/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/ap/ap/en/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/ap/ap/en/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.2.169.17:8080
O1 - Hosts: 135.108.56.206 orstempdev
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: MyNetFone.lnk = ?
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {03A89EFD-E023-7700-A22D-45F77558EB4C} (ILINCInstall77 Class) - https://pdclive.convergys.com/download/ilinci77.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - https://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6045C5E3-3653-4262-9E3E-0DA3A22A2C1D} (Crystal ActiveX Report Viewer Web Report Source 10.0) - https://cdciw10.na.convergys.com/crys...iveXViewer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - https://eroom.cvgs.net/eRoomSetup/client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dmsg.local
O17 - HKLM\Software\..\Telephony: DomainName = dmsg.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dmsg.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = aspac.convergys.com,convergys.com,emea.convergys.com,img.convergys.com,cmg.convergys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dmsg.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = aspac.convergys.com,convergys.com,emea.convergys.com,img.convergys.com,cmg.convergys.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = aspac.convergys.com,convergys.com,emea.convergys.com,img.convergys.com,cmg.convergys.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


End of KRC HijackThis Analyzer Log.

++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of HijackThis v1.99.1
Scan saved at 10:19:28, on 02/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SJLabs\SJphone\SJphone.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Lotus\Notes\ntmulti.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Andrew_Macintyre.DMSG\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/ap/ap/en/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/ap/ap/en/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/ap/ap/en/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.2.169.17:8080
O1 - Hosts: 135.108.56.206 orstempdev
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyNetFone.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03A89EFD-E023-7700-A22D-45F77558EB4C} (ILINCInstall77 Class) - https://pdclive.convergys.com/download/ilinci77.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - https://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6045C5E3-3653-4262-9E3E-0DA3A22A2C1D} (Crystal ActiveX Report Viewer Web Report Source 10.0) - https://cdciw10.na.convergys.com/crys...iveXViewer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - https://eroom.cvgs.net/eRoomSetup/client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dmsg.local
O17 - HKLM\Software\..\Telephony: DomainName = dmsg.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dmsg.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = aspac.convergys.com,convergys.com,emea.convergys.com,img.convergys.com,cmg.convergys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dmsg.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = aspac.convergys.com,convergys.com,emea.convergys.com,img.convergys.com,cmg.convergys.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = aspac.convergys.com,convergys.com,emea.convergys.com,img.convergys.com,cmg.convergys.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


====================================================================
andmac is offline  
Old 11-02-2005, 04:06 AM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit


Hello andmac,

Your log is clean. If there aren't any more problems, you should be good to go after completing these final instructions:

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Keep my computer up to date"
*Under Settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point

Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from any previous restore points.

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

HOW DID I GET INFECTED IN THE FIRST PLACE[/URL]? by Tony Klein https://castlecops.com/postlite7736-.html

THE ANTI-SPYWARE TUTORIAL https://www.greyknight17.com/spyware.htm#prevent

MAKING INTERNET EXPLORER SAFER https://www.bleepingcomputer.com/foru...er-tut102.html

Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

More information and downloads are available at the following links:

Spyware Blaster to help prevent spyware from installing in the first place.
Spyware Guard to catch and block spyware before it can execute.
IESpy-Ad https://netfiles.uiuc.edu/ehowes/www/resource.htm to block access to malicious websites so you cannot be redirected to them from an infected site or email.

Update all these programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 11-06-2005, 10:06 PM   #7
Guest
 
Join Date: Oct 2005
Posts: 4
OS:


Thanks Guys

I think my system is at last clean.

Many thanks
andmac is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:17 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts