Author Topic: Virus-Worm/VB.SO -Hijackthis Log (Read 6497 times)

The Napster · « **Reply #20 on:** August 08, 2006, 09:46:16 AM »

Hi there.

I did follow the instructions like you said regarding GMER and I didn't select "show all" during the scan.

The txt is so long it wouldn't let me paste the entire log here and I had problems continuing to paste the rest of it here, I can't figure out why?

Can I send you the file of the log to you in an email? You can pm me your email that would be great!

Here is the log from Backlight:

08/08/06 03:13:01 [Info]: BlackLight Engine 1.0.42 initialized
08/08/06 03:13:01 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/08/06 03:13:01 [Note]: 7019 4
08/08/06 03:13:01 [Note]: 7005 0
08/08/06 03:13:03 [Note]: 7006 0
08/08/06 03:13:03 [Note]: 7011 924
08/08/06 03:13:04 [Note]: 7026 0
08/08/06 03:13:04 [Note]: 7026 0
08/08/06 03:13:13 [Note]: FSRAW library version 1.7.1019
08/08/06 03:18:23 [Note]: 7007 0

The Napster · « **Reply #21 on:** August 08, 2006, 10:17:32 AM »

I tried to post the entire GMER log again, the log is far too long and the only way I can do it is if I send it to you in an email unless you can suggest something else, thanks.

guestolo · « **Reply #22 on:** August 08, 2006, 10:47:48 AM »

Either zip up the file and when you add reply
Beside file attachments>>Use the browse button and navigate to the file
Right click on it and Select it
Then click the Add this Attachment button

Or don't try and copy>>Paste the whole log at once
Use multiple replies to post the log

The Napster · « **Reply #23 on:** August 08, 2006, 11:16:50 AM »

[quote name=\'guestolo\' post=\'170654\' date=\'Aug 8 2006, 09:47 AM\']Either zip up the file and when you add reply
Beside file attachments>>Use the browse button and navigate to the file
Right click on it and Select it
Then click the Add this Attachment button

Or don't try and copy>>Paste the whole log at once
Use multiple replies to post the log[/quote]

I tried posting it multiple times and it won't allow me to so here is the attachment, thanks again.

guestolo · « **Reply #24 on:** August 08, 2006, 11:33:17 AM »

Both those logs look ok
I'm concerned maybe it's a problem with ZoneAlarm Pro email security and AVG's email scanner

Can you check and see if ZA has email security operable, if so, shut it down and see what happens

Is the email scanner for AVG still going?
What does it appear to be scanning?

The Napster · « **Reply #25 on:** August 08, 2006, 11:59:29 AM »

[quote name=\'guestolo\' post=\'170671\' date=\'Aug 8 2006, 10:33 AM\']Both those logs look ok
I'm concerned maybe it's a problem with ZoneAlarm Pro email security and AVG's email scanner

Can you check and see if ZA has email security operable, if so, shut it down and see what happens

Is the email scanner for AVG still going?
What does it appear to be scanning?[/quote]

I've disabled email security inbound and outbound in Zone Alarm.

I've come to the conclusion that AVG email scanner ONLY seems to run continuously when I start McAfee Spamkiller because its connected to my pop email server and therefore once Spamkiller starts up it takes a while to go through emails and AVG runs and scans at the same time.

Other than that, do you see any viruses or problems in the log?

Thanks

guestolo · « **Reply #26 on:** August 08, 2006, 12:22:12 PM »

I'm just left concerned about these entries in your log
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)

May indicate that the programs were uninstalled and leftovers or not working quite right

Did you have McAfee anti-virus installed at one time or another
If so what version?
I see McAfee Security center still in your add/remove programs
What version of Spamkiller do you have installed?

The Napster · « **Reply #27 on:** August 08, 2006, 12:33:27 PM »

[quote name=\'guestolo\' post=\'170699\' date=\'Aug 8 2006, 11:22 AM\']I'm just left concerned about these entries in your log
Did you have McAfee anti-virus installed at one time or another
If so what version?
I see McAfee Security center still in your add/remove programs

O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)[/quote]

I did have McAfee AV installed by someone a while ago and I believe it was 2005 version? I could be wrong.

That McAfee Security center is part of the McAfee spamkiller I have now.

guestolo · « **Reply #28 on:** August 08, 2006, 12:46:59 PM »

By the looks of those 2 entries, I don't think everything with it is running correctly

Would you like to try the following to see if it helps
Go to this link
http://tools.mcafeehelp.com/doc.php?siteid...&support=ts
and look under
Manual Uninstall of VirusScan
Run the manual uninstaller with directions given

Next, I would proceed with removal of Spamkiller and Security Center in Add/Remove and
Reboot again

Post a fresh hijackthis log
Don't reinstall Spamkiller yet, lets make sure your log looks good

I would try the above, as mentioned, parts of the log indicates issues that need resolved

The Napster · « **Reply #29 on:** August 08, 2006, 02:48:37 PM »

[quote name=\'guestolo\' post=\'170713\' date=\'Aug 8 2006, 11:46 AM\']By the looks of those 2 entries, I don't think everything with it is running correctly

Would you like to try the following to see if it helps
Go to this link
http://tools.mcafeehelp.com/doc.php?siteid...&support=ts
and look under
Manual Uninstall of VirusScan
Run the manual uninstaller with directions given

Next, I would proceed with removal of Spamkiller and Security Center in Add/Remove and
Reboot again

Post a fresh hijackthis log
Don't reinstall Spamkiller yet, lets make sure your log looks good

I would try the above, as mentioned, parts of the log indicates issues that need resolved[/quote]

In my Add or Remove programs I only have McAfee Security Center and McAfee Spamkiller... I do not have McAfee VirusScan on its own if that is what you're refering to, I assure you of this unless it's hidden somewhere.

I have removed Spamkiller and the Security Center

I also removed spambutcher it seems like it's nothing more than spyware...

Here's the latest Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:46:56 PM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Al\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

guestolo · « **Reply #30 on:** August 08, 2006, 02:50:45 PM »

Did you run the manual uninstaller from McAfee's

Was Security Center the last thing you uninstalled?

The Napster · « **Reply #31 on:** August 08, 2006, 05:34:38 PM »

[quote name=\'guestolo\' post=\'170846\' date=\'Aug 8 2006, 01:50 PM\']Did you run the manual uninstaller from McAfee's

Was Security Center the last thing you uninstalled?[/quote]

I removed the program from add/remove programs

The spambutcher was the last thing I removed

guestolo · « **Reply #32 on:** August 08, 2006, 06:03:23 PM »

OK, that means you didn't follow the instructions I posted
It was important you follow them

Please do the following
Go to START>>All Programs>>accessories>>system tools>>system restore
Create a new restore point
Name it and then click Create
Exit out of there after

Download and save this file to your desktop
VSCleanupTool.exe

Double click on the tool
# The removal tool will schedule and display a time when the removal process will begin.
Note: The displayed time should be within one mintute of the current system time shown in the bottom right side of the screen.
# Removal will begin at the displayed time.
# During this process, several icons will be created on your desktop. All of these new icons, except one, will be removed when the uninstall is complete and the computer has been restarted. The file mccleanup.log will remain on the desktop. Once you have verified the removal was successful, you can delete this file.
# When finished, the following message will be displayed: The machine must reboot to complete the uninstallation. Reboot now?
# Press "Y" on your keyboard to restart your computer and complete the removal process.

Back in Windows
Go to START>>Run>>type in
regedit
Hit OK
Manually navigate to the following
1)Click (+) next to HKEY_CURRENT_USER.
2)Click (+) next to Software.
3)Under Software look for any entries like McAfee, McAfee.com and Network Associates if found delete them.
4)Click (+) next to HKEY_LOCAL_MACHINE.
5)Click (+) next to Software.
6)Under Software look for any entries like McAfee, McAfee.com and Network Associates if found delete them.
Exit the Registry editor

Navigate to the following folder and delete if found
C:\Documents and Settings\All Users\Application Data\McAfee.com <-this folder if found
also remove these ones if found
C:\Program Files\McAfee <-folder
C:\Program Files\McAfee.com <-folder

Reboot the computer one more time
come back here and post a fresh hijackthis log
It's important that you follow ALL the instructions I posted above

The Napster · « **Reply #33 on:** August 08, 2006, 09:35:00 PM »

[quote name=\'guestolo\' post=\'170996\' date=\'Aug 8 2006, 05:03 PM\']OK, that means you didn't follow the instructions I posted
It was important you follow them

Please do the following
Go to START>>All Programs>>accessories>>system tools>>system restore
Create a new restore point
Name it and then click Create
Exit out of there after

Download and save this file to your desktop
VSCleanupTool.exe

Double click on the tool
# The removal tool will schedule and display a time when the removal process will begin.
Note: The displayed time should be within one mintute of the current system time shown in the bottom right side of the screen.
# Removal will begin at the displayed time.
# During this process, several icons will be created on your desktop. All of these new icons, except one, will be removed when the uninstall is complete and the computer has been restarted. The file mccleanup.log will remain on the desktop. Once you have verified the removal was successful, you can delete this file.
# When finished, the following message will be displayed: The machine must reboot to complete the uninstallation. Reboot now?
# Press "Y" on your keyboard to restart your computer and complete the removal process.

Back in Windows
Go to START>>Run>>type in
regedit
Hit OK
Manually navigate to the following
1)Click (+) next to HKEY_CURRENT_USER.
2)Click (+) next to Software.
3)Under Software look for any entries like McAfee, McAfee.com and Network Associates if found delete them.
4)Click (+) next to HKEY_LOCAL_MACHINE.
5)Click (+) next to Software.
6)Under Software look for any entries like McAfee, McAfee.com and Network Associates if found delete them.
Exit the Registry editor

Navigate to the following folder and delete if found
C:\Documents and Settings\All Users\Application Data\McAfee.com <-this folder if found
also remove these ones if found
C:\Program Files\McAfee <-folder
C:\Program Files\McAfee.com <-folder

Reboot the computer one more time
come back here and post a fresh hijackthis log
It's important that you follow ALL the instructions I posted above[/quote]

I'm not sure what happened before but I did follow all your instructions and I always check it over twice to make sure.

Here is the new Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:33:27 PM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Al\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

guestolo · « **Reply #34 on:** August 08, 2006, 09:38:05 PM »

Can you do me a favor, I just want to ensure that those 2 entries are removed before we carry on
Download: Registry Search Tool from this link, it's a very small download
http://billsway.com/vbspage/
You will have to scroll down to see it

Unzip and double-click "RegSrch.vbs"
Note: if your Antivirus or another program prompts about running a ".vbs" file, allow the script to run

In the open field copy and paste the below in bold then hit OK

mcupdmgr.exe

Wait for the results and post them back here
Do the same for this entry please
MCVSRte

The Napster · « **Reply #35 on:** August 08, 2006, 10:27:32 PM »

[quote name=\'guestolo\' post=\'171132\' date=\'Aug 8 2006, 08:38 PM\']Can you do me a favor, I just want to ensure that those 2 entries are removed before we carry on
Download: Registry Search Tool from this link, it's a very small download
http://billsway.com/vbspage/
You will have to scroll down to see it

Unzip and double-click "RegSrch.vbs"
Note: if your Antivirus or another program prompts about running a ".vbs" file, allow the script to run

In the open field copy and paste the below in bold then hit OK

mcupdmgr.exe

Wait for the results and post them back here
Do the same for this entry please
MCVSRte[/quote]

Here is the 1st result for mcupdmgr.exe

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "mcupdmgr.exe" 8/8/2006 11:21:50 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MCUPDMGR.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FA23F184-7C0B-44f1-87DD-6784697C8EFD}]
@="McUpdMgr.Exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FA23F184-7C0B-44f1-87DD-6784697C8EFD}]
"LocalService"="McUpdMgr.Exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3A036FA-DA7D-45e2-AE16-6CADAAE5D75E}]
@="McUpdMgr.Exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCUPDMGR.EXE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCUPDMGR.EXE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCUPDMGR.EXE\0000]
"Service"="mcupdmgr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcupdmgr.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcupdmgr.exe\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcupdmgr.exe\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcupdmgr.exe\Enum]
"0"="Root\\LEGACY_MCUPDMGR.EXE\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCUPDMGR.EXE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCUPDMGR.EXE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCUPDMGR.EXE\0000]
"Service"="mcupdmgr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mcupdmgr.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mcupdmgr.exe\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCUPDMGR.EXE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCUPDMGR.EXE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCUPDMGR.EXE\0000]
"Service"="mcupdmgr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcupdmgr.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcupdmgr.exe\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcupdmgr.exe\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcupdmgr.exe\Enum]
"0"="Root\\LEGACY_MCUPDMGR.EXE\\0000"

And now for MCVSRte

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "MCVSRte" 8/8/2006 11:25:39 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCVSRTE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCVSRTE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCVSRTE\0000]
"Service"="MCVSRte"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCVSRte]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCVSRte\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCVSRte\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCVSRte\Enum]
"0"="Root\\LEGACY_MCVSRTE\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCVSRTE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCVSRTE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCVSRTE\0000]
"Service"="MCVSRte"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MCVSRte]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MCVSRte\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCVSRTE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCVSRTE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCVSRTE\0000]
"Service"="MCVSRte"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCVSRte]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCVSRte\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCVSRte\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCVSRte\Enum]
"0"="Root\\LEGACY_MCVSRTE\\0000"

guestolo · « **Reply #36 on:** August 08, 2006, 11:12:24 PM »

Can you do the following
From the bottom of this reply box, download>>Save and then unzip to desktop
remove.zip so you now have remove.reg extracted to your desktop

Do a "System scan only" with Hijackthis and put a check next to these entries:

O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot into safe mode
In safe mode
Double click on remove.reg and allow to add/merge to the registry at the prompt

Reboot back to Normal mode
Post a fresh hijackthis log

If everything goes alright we just have some final steps then we can deal with you last problem

The Napster · « **Reply #37 on:** August 09, 2006, 12:49:39 AM »

[quote name=\'guestolo\' post=\'171200\' date=\'Aug 8 2006, 10:12 PM\']Can you do the following
From the bottom of this reply box, download>>Save and then unzip to desktop
remove.zip so you now have remove.reg extracted to your desktop

Do a "System scan only" with Hijackthis and put a check next to these entries:

O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot into safe mode
In safe mode
Double click on remove.reg and allow to add/merge to the registry at the prompt

Reboot back to Normal mode
Post a fresh hijackthis log

If everything goes alright we just have some final steps then we can deal with you last problem[/quote]

Everything is completed and here is the latest hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:48:35 AM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

guestolo · « **Reply #38 on:** August 09, 2006, 12:53:48 AM »

That looks good

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />
Now let's see what happens when you reinstall Spamkiller
I assume you want to reinstall it

Go back ahead and reinstall Spamkiller if you want it
After installation reboot the computer then come back here and post one last hijackthis log please

Napster, I'm off to bed for the evening then work tomorrow
I'll be back on to see your new hijackthis log tomorrow then we'll deal with that other problem

How's everything running on your end, besides the popup on login or logoff

The Napster · « **Reply #39 on:** August 09, 2006, 07:41:30 PM »

[quote name=\'guestolo\' post=\'171294\' date=\'Aug 8 2006, 11:53 PM\']That looks good

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />
Now let's see what happens when you reinstall Spamkiller
I assume you want to reinstall it

Go back ahead and reinstall Spamkiller if you want it
After installation reboot the computer then come back here and post one last hijackthis log please

Napster, I'm off to bed for the evening then work tomorrow
I'll be back on to see your new hijackthis log tomorrow then we'll deal with that other problem

How's everything running on your end, besides the popup on login or logoff[/quote]

Great!

I'm going to leave spamkiller off my computer because it seems the more programs I install like this the more problems I have. So, I assume you won't need another hijackthis log since I'm not installing it?

Everything is running a lot better and it couldn't happen without your help, thank you so much!

Yes, that annoying pop up during startup is starting to bug me now!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />

News:

Author Topic: Virus-Worm/VB.SO -Hijackthis Log (Read 6497 times)