I gotta a Win32:Rootkit-gen [Rtk] and a Trojan - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware > HijackThis Logs (finished)
Click Here to Login
 
 
Thread Tools Display Modes
 
Old 10-28-2009, 03:32 PM   #1 (permalink)
True Techie
 
Join Date: Oct 2006
Posts: 221
Unhappy I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

Please help. I Dled a program that I thought was safe . WRONG! I have free AVAST and it won't stop telling me it's detecting.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:28:11 PM, on 10/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ed\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SNDVOL32.EXE
G:\cd_splash.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MicroSys-CheckAjour] D:\Program Files\Micro-Sys Software\Ajour\ChkAjour.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Ed\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6723 bytes
__________________

WasTech is offline  
Old 10-28-2009, 03:42 PM   #2 (permalink)
True Techie
 
Join Date: Oct 2006
Posts: 221
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/28/2009 04:41:42 PM
mbam-log-2009-10-28 (16-41-42).txt

Scan type: Quick Scan
Objects scanned: 122157
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
__________________

WasTech is offline  
Old 10-28-2009, 03:48 PM   #3 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

Log looks fine, did you run combofix?
__________________
Osiris is offline  
Old 10-28-2009, 04:07 PM   #4 (permalink)
True Techie
 
Join Date: Oct 2006
Posts: 221
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

No, I haven't restarted yet either. I figure it will be worse if I do. Should I try a restore point. I know I'm infected it's acting stupid. All my DT icons are missing and other things are happening to.
WasTech is offline  
Old 10-28-2009, 04:18 PM   #5 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

Just go ahead and run it and post the log
__________________
Osiris is offline  
Old 10-28-2009, 07:36 PM   #6 (permalink)
True Techie
 
Join Date: Oct 2006
Posts: 221
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

ComboFix 09-10-27.08 - Ed 10/28/2009 20:14.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1473 [GMT -4:00]
Running from: d:\trojans suck\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091028-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ed\Application Data\inst.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Data
c:\windows\system32\dumphive.exe
c:\windows\system32\E95THK16.EXE
c:\windows\system32\encapi32.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-28 23:48 . 2009-10-28 23:49 -------- d-----w- c:\documents and settings\Ed\Application Data\MOBILedit
2009-10-28 23:48 . 2009-10-28 23:48 -------- d-----w- c:\program files\MOBILedit!
2009-10-28 23:10 . 2009-10-28 23:11 -------- d-----w- C:\Motorola
2009-10-28 19:40 . 2008-03-21 17:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-10-28 19:39 . 2009-09-15 18:38 23936 ----a-w- c:\windows\system32\drivers\motmodem.sys
2009-10-28 19:39 . 2008-03-27 21:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-10-28 19:39 . 2009-10-28 19:39 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-28 19:39 . 2009-10-28 19:39 -------- d-----w- c:\program files\Motorola
2009-10-28 19:39 . 2009-10-28 19:39 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-10-28 19:18 . 2009-10-28 19:26 24192 ----a-w- c:\documents and settings\Ed\usbsermptxp.sys
2009-10-28 19:18 . 2009-10-28 19:26 22768 ----a-w- c:\documents and settings\Ed\usbsermpt.sys
2009-10-28 19:18 . 2009-10-28 19:18 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys
2009-10-23 01:50 . 2009-10-23 01:50 -------- d-----w- c:\program files\GFI
2009-10-23 00:33 . 2009-10-23 00:33 -------- d-----w- C:\My Backup files
2009-10-21 23:31 . 2009-10-21 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-10-21 19:15 . 2009-10-22 20:29 -------- d-----w- C:\Converted Audio Files
2009-10-21 00:39 . 2009-10-21 00:39 -------- d-----w- C:\My Music
2009-10-12 18:02 . 2009-10-16 06:22 -------- d--h--w- c:\windows\$hf_mig$
2009-09-30 05:58 . 2009-09-30 06:14 -------- d-----w- c:\documents and settings\Ed\Application Data\InfraRecorder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-29 00:04 . 2008-08-29 06:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-28 23:16 . 2008-06-21 05:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 20:45 . 2008-07-09 05:45 -------- d-----w- c:\program files\Trojan Remover
2009-10-28 20:33 . 2008-06-24 18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 19:40 . 2009-10-28 19:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_0 1007.Wdf
2009-10-28 19:40 . 2009-10-28 19:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2009-10-28 19:23 . 2009-10-28 19:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_0 1005.Wdf
2009-10-28 19:23 . 2009-10-28 19:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2009-09-30 19:59 . 2008-10-22 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-30 17:09 . 2008-10-22 01:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-29 21:56 . 2008-06-21 03:17 22976 ----a-w- c:\documents and settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 05:37 . 2003-03-31 14:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-06-21 03:10 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-18 02:27 . 2009-09-18 02:25 -------- d-----w- c:\program files\Textbook Edition
2009-09-18 02:24 . 2009-09-18 02:24 -------- d-----w- c:\program files\Chilton's Repair Discs
2009-09-13 23:29 . 2009-09-13 23:29 -------- d-----w- c:\documents and settings\Ed\Application Data\Apple Computer
2009-09-12 17:34 . 2009-09-12 17:34 -------- d-----w- c:\documents and settings\Ed\Application Data\FFSJ
2009-09-12 17:28 . 2009-09-12 17:28 4198 ----a-w- c:\windows\unins000.dat
2009-09-12 17:28 . 2009-09-12 17:28 794906 ----a-w- c:\windows\unins000.exe
2009-09-11 23:02 . 2008-06-24 17:55 -------- d-----w- c:\program files\Java
2009-09-11 22:35 . 2008-06-30 19:57 -------- d-----w- c:\program files\Common Files\Real
2009-09-11 22:35 . 2009-09-11 22:35 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-11 14:18 . 2003-03-31 14:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2008-08-29 20:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-06-24 18:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2003-03-31 14:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2003-03-31 14:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 16:10 . 2009-05-26 22:51 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-05-26 22:51 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-05-26 22:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-05-26 22:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-05-26 22:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-05-26 22:51 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-05-26 22:51 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-05-26 22:51 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-05-26 22:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2003-03-31 14:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2003-03-31 14:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 01:04 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MicroSys-CheckAjour"="d:\program files\Micro-Sys Software\Ajour\ChkAjour.exe" [2004-10-30 482816]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SansaDispatch"="c:\documents and settings\Ed\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-05-05 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-11 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/26/2009 06:51 PM 114768]
R1 stltrack;stltrack;c:\windows\system32\drivers\STLT RACK.SYS [2/17/2009 07:04 PM 13536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [5/26/2009 06:51 PM 20560]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIHInst.exe [10/22/2009 09:50 PM 440616]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIHSC~1.EXE [10/22/2009 09:50 PM 1410856]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectServi ce.exe [10/28/2009 03:39 PM 91392]
S3 epcfw2k;SCM Parallel Port CF Driver;c:\windows\system32\drivers\epcfw2k.sys [6/20/2008 06:25 PM 144896]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Ed\Application Data\Mozilla\Firefox\Profiles\8vfob6bd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\co mponents\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-28 20:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\swearware\backup\winso ck2]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3080)
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\combofix\CF15015.exe
c:\windows\system32\CTSvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\control.exe
c:\combofix\PEV.cfxxe
.
************************************************** ************************
.
Completion time: 2009-10-29 20:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-29 00:35
ComboFix2.txt 2008-08-30 18:02
ComboFix3.txt 2008-06-24 17:37

Pre-Run: 109,626,408,960 bytes free
Post-Run: 110,126,911,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 221395C33710F57AF11D427698770E1E
WasTech is offline  
Old 10-28-2009, 07:42 PM   #7 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

Looks like combofix deleted a lot of junk. Have you rebooted yet and are you still having the same issues?
__________________
Osiris is offline  
Old 10-28-2009, 08:24 PM   #8 (permalink)
True Techie
 
Join Date: Oct 2006
Posts: 221
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

Combo rebooted but I haven't. ShouldI? heres anoth HJ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:37, on 10/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ed\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MicroSys-CheckAjour] D:\Program Files\Micro-Sys Software\Ajour\ChkAjour.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Ed\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6287 bytes
WasTech is offline  
Old 10-28-2009, 08:34 PM   #9 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

Yes reboot
__________________
Osiris is offline  
Old 10-28-2009, 09:12 PM   #10 (permalink)
True Techie
 
Join Date: Oct 2006
Posts: 221
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

Ok, rebooted. New HJ. It seems to be running better but I'd like to know that it's clean because I don't want to connect my cell phone and take a chance on infecting that. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:02, on 10/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ed\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MicroSys-CheckAjour] D:\Program Files\Micro-Sys Software\Ajour\ChkAjour.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Ed\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6364 bytes
__________________

WasTech is offline  
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
some type of worm or something? randyjcrouse Viruses, Spyware and Malware 18 09-25-2009 03:08 PM
Trojan taps Google Groups as command network Osiris Viruses, Spyware and Malware 0 09-14-2009 07:19 AM
Security researchers lift the lid on Torpig banking Trojan Osiris Viruses, Spyware and Malware 0 10-31-2008 02:19 PM
Database Trojan infests pro-Tibet websites Osiris Viruses, Spyware and Malware 0 04-14-2008 07:44 AM
Webmail-creating Trojan targets Gmail Osiris Viruses, Spyware and Malware 0 08-15-2007 11:28 AM


Our Communities

Our communities encompass many different hobbies and interests, but each one is built on friendly, intelligent membership.

» More about our Communities

Automotive Communities

Our Automotive communities encompass many different makes and models. From U.S. domestics to European Saloons.

» More about our Automotive Communities

Marine Communities

Our Marine websites focus on Cruising and Sailing Vessels, including forums and the largest cruising Wiki project on the web today.

» More about our Marine Communities


Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 04:54 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.