 Fresh Hijack This Log |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Dec 5 2009, 07:04 PM
Post
#1
|
|
|
Member  Group: Members Posts: 17 Joined: 29-December 05 Member No.: 47,239  |
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:02:28 PM, on 12/5/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Documents and Settings\Compaq_Owner\Desktop\pppppppppp\XoftSpySE6\XoftSpySE.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hjt-data.trendmicro.com/hjt/analyze...?report=3560990 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0 O4 - HKLM\..\Run: [XoftSpySE] "C:\Documents and Settings\Compaq_Owner\Desktop\pppppppppp\XoftSpySE6\XoftSpySE.exe" -NM -hidesplash O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Documents and Settings\Compaq_Owner\Desktop\pppppppppp\reg\RegGenieOnRebootExpired.exe" O4 - HKCU\..\Run: [RegGenie v2.0] "C:\Documents and Settings\Compaq_Owner\Desktop\pppppppppp\reg\RegGenieOnReboot.exe" O4 - HKUS\S-1-5-21-4246246997-3590910095-3040352822-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\S-1-5-21-4246246997-3590910095-3040352822-1009\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?') O4 - HKUS\S-1-5-21-4246246997-3590910095-3040352822-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-4246246997-3590910095-3040352822-1009\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Documents and Settings\Compaq_Owner\Desktop\pppppppppp\reg\RegGenieOnRebootExpired.exe" (User '?') O4 - HKUS\S-1-5-21-4246246997-3590910095-3040352822-1009\..\Run: [RegGenie v2.0] "C:\Documents and Settings\Compaq_Owner\Desktop\pppppppppp\reg\RegGenieOnReboot.exe" (User '?') O4 - S-1-5-20 Startup: scandisk.dll (User '?') O4 - S-1-5-20 Startup: scandisk.lnk = ? (User '?') O4 - S-1-5-21-4246246997-3590910095-3040352822-1009 Startup: scandisk.dll (User '?') O4 - S-1-5-21-4246246997-3590910095-3040352822-1009 Startup: scandisk.lnk = ? (User '?') O4 - S-1-5-18 Startup: scandisk.dll (User '?') O4 - S-1-5-18 Startup: scandisk.lnk = ? (User '?') O4 - .DEFAULT Startup: scandisk.dll (User 'Default user') O4 - .DEFAULT Startup: scandisk.lnk = ? (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: scandisk.dll O4 - Startup: scandisk.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{1C353292-0AD1-4F1E-A358-531FDE6AFC59}: NameServer = 192.168.1.1,192.168.1.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{1C353292-0AD1-4F1E-A358-531FDE6AFC59}: NameServer = 192.168.1.1,192.168.1.2 O17 - HKLM\System\CS3\Services\Tcpip\..\{1C353292-0AD1-4F1E-A358-531FDE6AFC59}: NameServer = 192.168.1.1,192.168.1.2 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing) O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: ccEvtMgr - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: ccISPwdSvc - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: ccProxy - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: ccSetMgr - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: comHost - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: COMSysApp - Unknown owner - C:\WINDOWS\system32\dllhost.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: IDriverT - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing) O23 - Service: ImapiService - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: LightScribeService - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing) O23 - Service: navapsvc - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NSCService - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: RasMan - Unknown owner - C:\WINDOWS\TEMP\VRT81.tmp (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- End of file - 13141 bytes |
 |
 
|
|
Dec 19 2009, 04:23 PM
Post
#2
|
|
 Bleepin' Malware Disintegrator Instructor Group: Malware Response Instructor Posts: 12,322 Joined: 21-March 08 Member No.: 197,892 |
Hi,
My name is Extremeboy (or EB for short), and I will be helping you with your log. We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please. If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log. For your next reply I would like to see: -The DDS logs ---DDS.txt and Attach logs -RootRepeal logs -Description of any remaining problems you may still have. Thanks again and we apologize for the delay. With Regards, Extremeboy -------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. Visit my Blog and Follow along! The help you receive here is always free but if you wish to show your appreciation, you may wish to  . |
|
|
|
|
Dec 21 2009, 11:20 AM
Post
#3
|
|
|
Member Group: Members Posts: 17 Joined: 29-December 05 Member No.: 47,239 |
Thank you for the reply...
===================================== ===================================== DDS ===================================== ===================================== DDS (Ver_09-12-01.01) - NTFSx86 Run by Compaq_Owner at 8:06:11.51 on Mon 12/21/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.141 [GMT -8:00] AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter svchost.exe C:\WINDOWS\TEMP\VRT2.tmp C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\svchost.exe C:\WINDOWS\svchust.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\wmdtc.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\FastNetSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\lsm32.sys C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [notepad] rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0 mRun: [jiqmkjgm] c:\windows\system32\config\systemprofile\local settings\application data\djvvfk\xkufsysguard.exe mRun: [wmpaonpf] c:\windows\system32\config\systemprofile\local settings\application data\didfqd\xvrnsysguard.exe dRun: [notepad] rundll32.exe c:\docume~1\networ~1\ntload.dll,_IWMPEvents@0 dRun: [jiqmkjgm] c:\windows\system32\config\systemprofile\local settings\application data\djvvfk\xkufsysguard.exe dRun: [wmpaonpf] c:\windows\system32\config\systemprofile\local settings\application data\didfqd\xvrnsysguard.exe mPolicies-system: EnableLUA = 0 (0x0) IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: {24E794CE-267F-4083-B81B-19BDE10D0D5B} = 192.168.1.1,192.168.1.2 ============= SERVICES / DRIVERS =============== R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-16 192112] R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-16 202352] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-16 169584] R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [2004-8-4 60928] R2 Ias;Windows Device Access;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] R2 Iprip;Network Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-10-6 133744] R2 Net_Login;Net_Login;c:\windows\svchust.exe [2009-12-13 766465] R2 NetLogin;Net Login;c:\windows\svchost.exe [2009-12-8 1169408] R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060104.006\NAVENG.Sys [2006-2-22 77864] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060104.006\NavEx15.Sys [2006-2-22 750952] R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984] S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368] S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-22 1119888] S3 winsts;winsts;c:\windows\system32\winsts.sys [2004-8-4 2304] =============== Created Last 30 ================ 2009-12-28 06:55:49 7525 ----a-w- c:\windows\4d69steal1z549.ocx 2009-12-25 01:19:11 12737 ----a-w- c:\windows\5536sp9rse8z.dll 2009-12-24 07:58:36 6489 ----a-w- c:\windows\56792vi9uz736.dll 2009-12-23 11:25:54 9961 ----a-w- c:\windows\17z95viru559b.bin 2009-12-22 19:42:26 14992 ----a-w- c:\windows\599dbaczdoor2353.dll 2009-12-21 00:50:01 88576 ----a-w- c:\windows\system32\5.tmp 2009-12-21 00:50:00 88 ----a-w- c:\windows\system32\4.tmp 2009-12-20 01:40:44 88576 ----a-w- c:\windows\system32\24.tmp 2009-12-20 01:40:40 88 ----a-w- c:\windows\system32\23.tmp 2009-12-19 15:25:53 12555 ----a-w- c:\windows\z9253hack9ool655.cpl 2009-12-19 08:18:06 88576 ----a-w- c:\windows\system32\3.tmp 2009-12-19 08:18:05 88 ----a-w- c:\windows\system32\2.tmp 2009-12-19 07:00:19 0 d-sh--r- C:\cmdcons 2009-12-18 23:18:20 13305 ----a-w- c:\windows\759ds9zal869.cpl 2009-12-17 02:53:59 6169 ----a-w- c:\windows\4z27vi59543.ocx 2009-12-16 20:48:25 16177 ----a-w- c:\windows\7201spy5arz689.ocx 2009-12-14 07:00:43 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-12-14 07:00:32 1855 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER919AA-ABA SR1820NX NA620_YC_0Pres_QCNH610_E62NAheREA2_48_INAGAMI_SASUSTek Computer INC._V1.01_B3.01_T060209_WXH2_L409_M447_J160_7AMD_8Athlon 64_92.2_#080117_N_Z11C10620_G10DE0241_O_DHWP2647.MRK 2009-12-14 06:58:53 0 d-----w- c:\docume~1\compaq~1\applic~1\Symantec 2009-12-14 06:58:53 0 d-----w- c:\docume~1\compaq~1\applic~1\Intuit 2009-12-14 06:50:57 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-12-14 06:50:40 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-12-14 05:29:31 102401 ----a-w- c:\windows\sv2.exe 2009-12-14 05:02:10 0 d-sh--r- c:\windows\system32\dllcache 2009-12-14 00:03:28 766465 ----a-w- c:\windows\svchust.exe 2009-12-14 00:00:11 0 d-sh--w- C:\found.000 2009-12-13 04:26:39 0 d-----w- c:\program files\InternetSecurity2010 2009-12-13 03:29:27 46 ----a-w- C:\p2hhr.bat 2009-12-13 03:22:44 168 ----a-w- C:\fyjrshntjm108.bat 2009-12-13 02:55:29 0 d-----w- c:\program files\SopCast 2009-12-13 02:55:15 0 d-----w- c:\program files\Ask.com 2009-12-12 03:54:28 100958 ----a-w- C:\dror.exe 2009-12-12 03:54:26 76515 ----a-w- C:\pdvwd.exe 2009-12-12 03:54:26 180224 ----a-w- C:\nymeu.exe 2009-12-12 03:54:25 44032 ----a-w- C:\tdndhuv.exe 2009-12-12 03:54:13 337920 ----a-w- C:\CYQS.exe 2009-12-11 03:41:55 301056 ----a-w- C:\ccu.exe 2009-12-11 02:30:41 287744 ----a-w- C:\ycvz.exe 2009-12-10 11:37:20 287744 ----a-w- C:\pfL.exe 2009-12-09 19:51:18 18207 ----a-w- c:\windows\1ddabackdoo519z.bin 2009-12-09 03:59:38 112520 ----a-w- C:\ryiasu.exe 2009-12-09 03:59:37 74752 ----a-w- C:\eauxx.exe 2009-12-09 01:03:28 0 d-----w- C:\800cc9a67a25cb3093 2009-12-08 15:25:43 56 ----a-w- c:\windows\Micorsoft.bat 2009-12-08 12:09:10 1239 ----a-w- C:\shellfix.zip 2009-12-08 11:35:28 1169408 ----a-w- c:\windows\svchost.exe 2009-12-08 11:35:08 441857 ----a-w- c:\windows\isvchost.exe 2009-12-08 10:32:59 280576 ----a-w- c:\windows\PEV.exe 2009-12-08 10:32:59 182272 ----a-w- c:\windows\SWREG.exe 2009-12-08 10:32:59 118784 ----a-w- c:\windows\sed.exe 2009-12-08 10:32:59 100864 ----a-w- c:\windows\MBR.exe 2009-12-08 10:32:55 0 d-----w- C:\ComboFix 2009-12-08 02:33:34 382 ----a-w- c:\windows\explorer.RPT 2009-12-07 03:55:49 0 d-----w- c:\program files\MSSOAP 2009-12-07 03:55:07 1563008 ----a-w- c:\windows\WRSetup.dll 2009-12-07 03:55:06 0 d-----w- c:\program files\Webroot 2009-12-07 03:55:06 0 d-----w- c:\docume~1\compaq~1\applic~1\Webroot 2009-12-07 03:55:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot 2009-12-07 03:52:38 164 ----a-w- c:\windows\install.dat 2009-12-07 03:42:31 0 d-----w- c:\program files\a-squared Anti-Malware 2009-12-07 03:21:55 0 d-----w- c:\program files\a-squared Free 2009-12-04 19:42:48 0 d-----w- c:\program files\Input Director 2009-12-04 15:25:31 0 d-----w- C:\$AVG 2009-12-04 15:23:43 0 d-----w- c:\program files\AVG 2009-12-04 15:23:40 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2009-12-04 14:58:24 622 ----a-w- c:\windows\RegGenie.ini 2009-12-04 14:32:10 161816 ----a-w- c:\windows\RegGenieOnUninstall.exe 2009-12-04 14:30:45 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic 2009-12-04 14:30:44 0 d-----w- c:\program files\common files\ParetoLogic 2009-12-04 14:30:43 0 d-----w- c:\program files\common files\XoftSpySE 2009-12-04 14:30:41 0 d-----w- c:\docume~1\alluse~1\applic~1\XoftSpySE 2009-12-03 07:05:29 7813 ----a-w- c:\windows\61c6thiz917355.cpl 2009-12-03 03:32:12 11819 ----a-w- c:\windows\6796backd5or68z.cpl 2009-11-28 05:11:36 14369 ----a-w- c:\windows\2c74d5wnloader19z1.ocx 2009-11-25 23:06:55 3216 ----a-w- c:\windows\951zdownloade5703.bin 2009-11-24 14:53:38 3939 ----a-w- c:\windows\5f9dvzr1859.cpl 2009-11-23 16:50:43 11198 ----a-w- c:\windows\16555virus995z.dll ==================== Find3M ==================== 2009-11-12 12:33:17 15370 ----a-w- c:\windows\z5692w5rm79c.exe 2009-11-07 18:05:14 34816 ----a-r- c:\windows\Setup_ck.exe 2009-11-07 18:04:43 18944 ----a-w- c:\windows\Ckrfresh.exe 2009-11-07 18:04:43 173056 ----a-w- c:\windows\Ckconfig.exe 2009-11-07 03:32:02 32768 ----a-w- C:\yeoumtkh.exe 2009-11-07 03:32:01 66048 ----a-w- C:\sadcadwm.exe 2009-11-07 03:32:00 90624 ----a-w- C:\sacbnjm.exe 2009-11-07 03:31:57 66048 ----a-w- C:\fabbw.exe 2009-11-07 03:31:55 296448 ----a-w- C:\gvU9.exe 2009-11-07 03:31:49 97792 ----a-w- C:\juvau.exe 2009-11-07 03:31:49 39936 ----a-w- C:\jjxaejk.exe 2009-11-05 21:56:06 75264 ----a-w- C:\ktpubj.exe 2009-11-05 21:52:01 75264 ----a-w- C:\ltafa.exe 2009-11-04 21:22:08 6059 ----a-w- c:\windows\1645vir9z3.bin 2009-10-29 03:45:54 262144 ----a-w- C:\rfkykhaf.exe 2009-10-27 08:57:56 135367 ----a-w- c:\windows\zAdBHO.dll 2009-10-23 08:57:46 9538 ----a-w- c:\windows\35a1s9yw5ze1359.exe 2009-10-22 04:47:51 18074 ----a-w- c:\windows\7740addw9re1z55.dll 2009-10-15 08:34:11 13068 ----a-w- c:\windows\3afbbackdooz2599.dll 2009-10-10 23:43:34 11259 ----a-w- c:\windows\3205azd5are1969.bin 2009-10-08 15:31:46 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-10-08 15:31:44 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-10-08 15:31:44 1636304 ----a-w- c:\windows\PCTBDCore.dll 2009-10-08 15:31:14 767952 ----a-w- c:\windows\BDTSupport.dll 2009-10-06 06:57:15 15725 ----a-w- c:\windows\24180not-a-viruz59e.exe 2009-10-04 03:59:08 15316 ----a-w- c:\windows\6915spyz1f.bin 2009-10-02 18:19:04 1152470 ----a-w- c:\windows\UDB.zip 2009-10-01 04:30:48 9547 ----a-w- c:\windows\9409worz5b9.bin 2009-09-23 03:21:36 90112 ----a-w- c:\windows\DUMP4362.tmp 2009-09-23 02:53:18 90112 ----a-w- c:\windows\DUMP4527.tmp 2009-09-23 02:49:11 90112 ----a-w- c:\windows\DUMP494d.tmp 2009-09-23 02:47:49 90112 ----a-w- c:\windows\DUMP4517.tmp 2009-09-23 02:41:03 90112 ----a-w- c:\windows\DUMP49e9.tmp 2009-09-23 02:39:41 90112 ----a-w- c:\windows\DUMP4e00.tmp 2009-09-23 01:51:47 90112 ----a-w- c:\windows\DUMP5062.tmp 2009-09-23 01:29:09 90112 ----a-w- c:\windows\DUMP442d.tmp 2009-09-23 01:03:04 90112 ----a-w- c:\windows\DUMP4778.tmp 2009-09-23 00:55:46 90112 ----a-w- c:\windows\DUMP4f69.tmp 2009-09-23 00:53:31 90112 ----a-w- c:\windows\DUMP4f68.tmp 2009-09-23 00:49:39 90112 ----a-w- c:\windows\DUMP4853.tmp 2009-09-23 00:48:17 90112 ----a-w- c:\windows\DUMP49f9.tmp 2009-09-23 00:44:35 90112 ----a-w- c:\windows\DUMP44c9.tmp 2009-09-23 00:31:55 90112 ----a-w- c:\windows\DUMP4342.tmp 2004-08-04 11:00:00 29696 --sha-w- c:\windows\system32\notepad.dll 2004-08-04 11:00:00 29696 --sha-w- c:\windows\system32\config\systemprofile\ntload.dll 2004-08-04 11:00:00 29696 --sha-w- c:\windows\system32\config\systemprofile\start menu\programs\startup\scandisk.dll ============= FINISH: 8:07:32.25 =============== ===================================== ===================================== Attach ===================================== ===================================== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 12/13/2009 10:58:28 PM System Uptime: 12/20/2009 3:32:12 AM (29 hours ago) Motherboard: ASUSTek Computer INC. | | NAGAMI Processor: AMD Athlon™ 64 Processor 3400+ | Socket 939 | 2204/199mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 142 GiB total, 2.71 GiB free. D: is FIXED (FAT32) - 7 GiB total, 0.339 GiB free. E: is Removable F: is Removable G: is Removable H: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 12/13/2009 11:50:05 PM - System Checkpoint RP2: 12/19/2009 5:58:53 PM - System Checkpoint RP3: 12/20/2009 6:52:24 PM - System Checkpoint ==== Installed Programs ====================== 5 Card Slingo from Compaq (remove only) Adobe Reader 7.0 Agere Systems PCI-SV92PP Soft Modem AstroPop Deluxe from Compaq (remove only) Barnyard Invasion from Compaq (remove only) Bejeweled 2 Deluxe from Compaq (remove only) Blackhawk Striker 2 from Compaq (remove only) Blasterball 2 from Compaq (remove only) Blasterball 2 Remix from Compaq (remove only) Boggle Supreme from Compaq (remove only) Bookworm Deluxe from Compaq (remove only) Bounce Symphony from Compaq (remove only) BufferChm CC_ccProxyExt ccCommon ccPxyCore Chuzzle Deluxe from Compaq (remove only) Compaq Connections (remove only) Compaq Organize CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_OnlineProjectsConfig CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config cp_PosterPrintConfig cp_UpdateProjectsConfig Crystal Maze from Compaq (remove only) CueTour Customer Experience Enhancement Destinations DeviceManagementQFolder Easy Internet Sign-up Family Feud FATE from Compaq (remove only) FullDPAppQFolder Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB888111 Hotfix for Windows XP (KB893357) Hotfix for Windows XP (KB906569) HP Boot Optimizer HP DVD Play 1.0 HP Game Console and games HP Imaging Device Functions 6.0 HP Photosmart Premier Software 6.0 HP Rhapsody HP Software Update HP Support Overview HP Web Helper HpSdpAppCoreApp Insaniquarium Deluxe from Compaq (remove only) InstantShareDevices J2SE Runtime Environment 5.0 Update 5 Lemonade Tycoon 2 from Compaq (remove only) Lexibox Deluxe from Compaq (remove only) LightScribe 1.4.62.1 LiveUpdate 2.7 (Symantec Corporation) Mah Jong Quest from Compaq (remove only) Microsoft .NET Framework 1.1 Microsoft Money 2006 Microsoft Office 2003 Edition 60 Days Trial Welcome Tour Microsoft Office Standard Edition 2003 Microsoft Works MSRedist Netscape Browser (remove only) Norton AntiSpam Norton AntiVirus 2006 Norton Internet Security Norton Internet Security 2006 (Symantec Corporation) Norton Protection Center Norton WMI Update NVIDIA Drivers OptionalContentQFolder PC-Doctor 5 for Windows PhotoGallery Polar Bowler from Compaq (remove only) Polar Golfer from Compaq (remove only) Puzzle Express from Compaq (remove only) Python 2.2 pywin32 extensions (build 203) Python 2.2.3 Quicken 2006 RandMap RealPlayer Realtek High Definition Audio Driver Remove WeatherBug Installer Ricochet Lost Worlds from Compaq (remove only) SCRABBLE from Compaq (remove only) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB912919) Shooting Stars Pool from Compaq (remove only) Shrek 2 Ogre Bowler from Compaq (remove only) SkinsHP1 Slingo Deluxe from Compaq (remove only) Snowboard SuperJam from Compaq (remove only) Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK SPBBC Super Granny from Compaq (remove only) SymNet Tradewinds from Compaq (remove only) Unload WebFldrs XP WildTangent Web Driver Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892050 Windows XP Hotfix - KB893066 WinRAR archiver Zuma Deluxe from Compaq (remove only) ==== Event Viewer Messages From Past Week ======== 12/20/2009 5:22:54 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. . 12/20/2009 5:22:54 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Compaq_Owner\Application Data\Azureus\plugins\azitunes\jacob-1.14.3-x86.dll. Reference error message: The operation completed successfully. . 12/20/2009 5:22:54 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 12/18/2009 11:37:41 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 12/18/2009 11:37:15 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:37:15 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:37:15 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:37:15 PM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:37:15 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:37:15 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:37:15 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:37:15 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 12/18/2009 11:36:17 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:36:13 PM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:36:04 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:36:02 PM, error: Service Control Manager [7034] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:36:01 PM, error: Service Control Manager [7034] - The Symantec Network Proxy service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The Norton AntiVirus Auto-Protect Service service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:26:30 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/18/2009 11:26:30 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/18/2009 11:26:30 PM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. 12/18/2009 11:21:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect. 12/18/2009 11:21:57 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/18/2009 11:20:06 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s). 12/18/2009 11:19:58 PM, error: Service Control Manager [7034] - The Symantec Network Drivers Service service terminated unexpectedly. It has done this 1 time(s). ==== End Of File =========================== ===================================== ===================================== HijackThis ===================================== ===================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:08:30 AM, on 12/21/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\svchost.exe C:\WINDOWS\svchust.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\wmdtc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\FastNetSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\lsm32.sys C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0 O4 - HKLM\..\Run: [jiqmkjgm] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\djvvfk\xkufsysguard.exe O4 - HKLM\..\Run: [wmpaonpf] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\didfqd\xvrnsysguard.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [notepad] rundll32.exe C:\DOCUME~1\NETWOR~1\ntload.dll,_IWMPEvents@0 (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [jiqmkjgm] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\djvvfk\xkufsysguard.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [wmpaonpf] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\didfqd\xvrnsysguard.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [notepad] rundll32.exe C:\DOCUME~1\NETWOR~1\ntload.dll,_IWMPEvents@0 (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{24E794CE-267F-4083-B81B-19BDE10D0D5B}: NameServer = 192.168.1.1,192.168.1.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{24E794CE-267F-4083-B81B-19BDE10D0D5B}: NameServer = 192.168.1.1,192.168.1.2 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Net Login (NetLogin) - Unknown owner - C:\WINDOWS\svchost.exe O23 - Service: Net_Login - Unknown owner - C:\WINDOWS\svchust.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9329 bytes ===================================== ===================================== Symptoms ===================================== ===================================== I've done a lot of different things within the 15 days of the original post. I have run a bunch of various anti-spyware/anti-malware/anti-virus services/programs. A lot of stuff was picked up and fixed. However, a lot of stuff is lingering and continues to come back. My major symptom seems to be jsut random errors popping up. On startup, I get the logouni.exe error (something along those lines). After continuously Xing and canceling out the error.. eventually the basic login window shows up. I click OK and windows starts up. Explorer.exe does not show up. I then ctl+alt+delete and I get an error for taskmngr.exe. I can only get to the task manager by doing ctl+alt+delete again while the error is still up. I then run explorer.exe from the task manager. Once in a while the same thing happens where I get an error for explorer.exe and I have to run the task again while the error is up to get the explorer to work. Along with those errors, I get a lot or random errors popping up at random times. It doesn't seem to happen as much anymore after running a bunch of tests, but they are still there. My firefox homepage seems to be stuck on "http://www.webweb123.com/". That seems to be about it for now. I will edit this post with other symptoms as they pop up or if I remeber a couple I left out..as well as exact error messages. EDIT: Once in a while when I start up the machine, it boots up and gets to a certain point on startup and shuts down. I have probably restored windows around 10 times with the past month and a half. Thanks for the help. 
This post has been edited by abckid24: Dec 21 2009, 11:29 AM |
|
|
|
|
Dec 21 2009, 11:24 AM
Post
#4
|
|
|
Member Group: Members Posts: 17 Joined: 29-December 05 Member No.: 47,239 |
Sorry.. forgot to add the RootRepeal log. It will be done in a couple minutes. I also wanted to note that the computer has actually been running a lot smoother the past couple of days. I unchecked a bunch of process and such in msconfig for startup.
|
|
|
|
|
Dec 21 2009, 12:19 PM
Post
#5
|
|
|
Bleepin' Malware Disintegrator Instructor Group: Malware Response Instructor Posts: 12,322 Joined: 21-March 08 Member No.: 197,892 |
There's still quite a lot of things on your system that needs to be dealt with however, please post the RootRepeal log before we proceed and please refrain from making any changes to your system until I declare you're clean.
Some guidelines... Please take note of some guidelines for this fix:
-------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. Visit my Blog and Follow along! The help you receive here is always free but if you wish to show your appreciation, you may wish to . |
|
|
|
button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.|
Dec 21 2009, 02:51 PM
Post
#6
|
|
|
Member Group: Members Posts: 17 Joined: 29-December 05 Member No.: 47,239 |
RootRepeal:
ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/12/21 08:23 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF3507000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7B42000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB2FDD000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: c:\windows\hpcpcuninstaller-6.3.2.116-5577497.exe Status: Allocation size mismatch (API: 139264, Raw: 122880) Path: c:\windows\rtlcpl.exe Status: Allocation size mismatch (API: 9736192, Raw: 9711616) Path: c:\windows\rtlupd.exe Status: Allocation size mismatch (API: 376832, Raw: 356352) Path: c:\windows\taskman.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\isuninst.exe Status: Allocation size mismatch (API: 327680, Raw: 307200) Path: c:\windows\notepad.exe Status: Allocation size mismatch (API: 90112, Raw: 69632) Path: c:\windows\twunk_32.exe Status: Allocation size mismatch (API: 49152, Raw: 28672) Path: c:\windows\miccal.exe Status: Allocation size mismatch (API: 2183168, Raw: 2158592) Path: c:\windows\agrsmdel.exe Status: Allocation size mismatch (API: 90112, Raw: 69632) Path: c:\windows\alcwzrd.exe Status: Allocation size mismatch (API: 2834432, Raw: 2809856) Path: C:\Documents and Settings\Compaq_Owner\ntload.dll Status: Invisible to the Windows API! Path: C:\Documents and Settings\LocalService\ntload.dll Status: Invisible to the Windows API! Path: C:\Documents and Settings\NetworkService\ntload.dll Status: Invisible to the Windows API! Path: c:\program files\music_now\inetchk.exe Status: Allocation size mismatch (API: 69632, Raw: 49152) Path: c:\program files\music_now\mn_drop.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\program files\netmeeting\cb32.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\program files\netmeeting\conf.exe Status: Allocation size mismatch (API: 1052672, Raw: 1032192) Path: c:\program files\netmeeting\wb32.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\program files\outlook express\oemig50.exe Status: Allocation size mismatch (API: 81920, Raw: 61440) Path: c:\program files\outlook express\wabmig.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\program files\pc-doctor 5 for windows\isprocessactive.exe Status: Allocation size mismatch (API: 114688, Raw: 86016) Path: c:\program files\pc-doctor 5 for windows\pcbeep.exe Status: Allocation size mismatch (API: 45056, Raw: 24576) Path: c:\program files\pc-doctor 5 for windows\pcdrengine.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\program files\pc-doctor 5 for windows\pcdrexdx.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\program files\pc-doctor 5 for windows\pcdrndisuioinstaller.exe Status: Allocation size mismatch (API: 102400, Raw: 73728) Path: c:\program files\pc-doctor 5 for windows\pcdsmartmonitor.exe Status: Allocation size mismatch (API: 389120, Raw: 368640) Path: c:\program files\pc-doctor 5 for windows\resourcebundlefilter.exe Status: Allocation size mismatch (API: 40960, Raw: 24576) Path: c:\program files\pc-doctor 5 for windows\singlefileofresourcebundlecreator.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\program files\quicken\bagent.exe Status: Allocation size mismatch (API: 77824, Raw: 57344) Path: c:\program files\quicken\olbackup.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\program files\quicken\qw.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\program files\quicken\billmind.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\program files\quicken\bindcontent.exe Status: Allocation size mismatch (API: 45056, Raw: 24576) Path: c:\program files\quicken\printenv.exe Status: Allocation size mismatch (API: 49152, Raw: 28672) Path: c:\program files\quicken\qhi.exe Status: Allocation size mismatch (API: 815104, Raw: 794624) Path: c:\program files\quicken\restartexe.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\program files\quicken\start.exe Status: Allocation size mismatch (API: 839680, Raw: 823296) Path: c:\program files\quicken\techhelp.exe Status: Allocation size mismatch (API: 86016, Raw: 65536) Path: c:\program files\hp rhapsody\rhaphlpr.exe Status: Allocation size mismatch (API: 188416, Raw: 167936) Path: c:\program files\microsoft works\wkdstore.exe Status: Allocation size mismatch (API: 110592, Raw: 90112) Path: c:\program files\microsoft works\wkgdcach.exe Status: Allocation size mismatch (API: 90112, Raw: 69632) Path: c:\program files\microsoft works\msworks.exe Status: Allocation size mismatch (API: 552960, Raw: 532480) Path: c:\program files\microsoft works\wkplmstp.exe Status: Allocation size mismatch (API: 53248, Raw: 36864) Path: c:\program files\microsoft works\wksab.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\program files\microsoft works\wksdb.exe Status: Allocation size mismatch (API: 2260992, Raw: 2240512) Path: c:\program files\microsoft works\wksdict.exe Status: Allocation size mismatch (API: 315392, Raw: 294912) Path: c:\program files\microsoft works\wkssb.exe Status: Allocation size mismatch (API: 749568, Raw: 729088) Path: c:\program files\microsoft works\wksss.exe Status: Allocation size mismatch (API: 1912832, Raw: 1892352) Path: c:\program files\microsoft works\wkswp.exe Status: Allocation size mismatch (API: 135168, Raw: 114688) Path: c:\program files\microsoft works\wkwcestp.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\program files\windows media player\migrate.exe Status: Allocation size mismatch (API: 1011712, Raw: 991232) Path: c:\program files\windows media player\setup_wm.exe Status: Allocation size mismatch (API: 839680, Raw: 819200) Path: c:\program files\windows media player\wmlaunch.exe Status: Allocation size mismatch (API: 143360, Raw: 122880) Path: c:\program files\windows media player\wmpenc.exe Status: Allocation size mismatch (API: 49152, Raw: 28672) Path: c:\program files\windows media player\wmsetsdk.exe Status: Allocation size mismatch (API: 839680, Raw: 819200) Path: c:\program files\windows nt\dialer.exe Status: Allocation size mismatch (API: 561152, Raw: 540672) Path: c:\seosoft\php\debugclient-0.9.0.exe Status: Allocation size mismatch (API: 180224, Raw: 163840) Path: c:\seosoft\php\php-cgi.exe Status: Allocation size mismatch (API: 65536, Raw: 49152) Path: c:\seosoft\php\php-win.exe Status: Allocation size mismatch (API: 53248, Raw: 36864) Path: c:\seosoft\php\php.exe Status: Allocation size mismatch (API: 53248, Raw: 36864) Path: c:\windows\hpcpcuninstall-5577497\hpbwsetup.exe Status: Allocation size mismatch (API: 94208, Raw: 73728) Path: c:\windows\i386\expand.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\i386\faxpatch.exe Status: Allocation size mismatch (API: 40960, Raw: 24576) Path: c:\windows\i386\netsetup.exe Status: Allocation size mismatch (API: 352256, Raw: 331776) Path: c:\windows\i386\ntsd.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\windows\i386\regedit.exe Status: Allocation size mismatch (API: 167936, Raw: 147456) Path: c:\windows\i386\spnpinst.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\i386\sysparse.exe Status: Allocation size mismatch (API: 266240, Raw: 245760) Path: c:\windows\i386\telnet.exe Status: Allocation size mismatch (API: 98304, Raw: 77824) Path: C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Status: Locked to the Windows API! Path: c:\windows\system\hpsysdrv.exe Status: Allocation size mismatch (API: 73728, Raw: 53248) Path: c:\windows\system32\actmovie.exe Status: Allocation size mismatch (API: 24576, Raw: 4096) Path: c:\windows\system32\mplay32.exe Status: Allocation size mismatch (API: 143360, Raw: 126976) Path: c:\windows\system32\mpnotify.exe Status: Allocation size mismatch (API: 45056, Raw: 24576) Path: c:\windows\system32\mrinfo.exe Status: Allocation size mismatch (API: 32768, Raw: 16384) Path: c:\windows\system32\netsetup.exe Status: Allocation size mismatch (API: 352256, Raw: 331776) Path: c:\windows\system32\netsh.exe Status: Allocation size mismatch (API: 106496, Raw: 86016) Path: c:\windows\system32\netstat.exe Status: Allocation size mismatch (API: 57344, Raw: 36864) Path: c:\windows\system32\rdpclip.exe Status: Allocation size mismatch (API: 86016, Raw: 65536) Path: c:\windows\system32\rdsaddin.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\rdshost.exe Status: Allocation size mismatch (API: 90112, Raw: 69632) Path: c:\windows\system32\recover.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\regedt32.exe Status: Allocation size mismatch (API: 24576, Raw: 4096) Path: c:\windows\system32\regini.exe Status: Allocation size mismatch (API: 57344, Raw: 36864) Path: c:\windows\system32\regwiz.exe Status: Allocation size mismatch (API: 24576, Raw: 8192) Path: c:\windows\system32\cmdl32.exe Status: Allocation size mismatch (API: 69632, Raw: 49152) Path: c:\windows\system32\ahui.exe Status: Allocation size mismatch (API: 118784, Raw: 98304) Path: c:\windows\system32\arp.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\at.exe Status: Allocation size mismatch (API: 45056, Raw: 28672) Path: c:\windows\system32\atmadm.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\auditusr.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\blastcln.exe Status: Allocation size mismatch (API: 94208, Raw: 73728) Path: c:\windows\system32\bootok.exe Status: Allocation size mismatch (API: 24576, Raw: 8192) Path: c:\windows\system32\bootvrfy.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\cacls.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\chkdsk.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\chkntfs.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\cidaemon.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\ckcnv.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\cliconfg.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\clipbrd.exe Status: Allocation size mismatch (API: 122880, Raw: 106496) Path: c:\windows\system32\cmmon32.exe Status: Allocation size mismatch (API: 61440, Raw: 40960) Path: c:\windows\system32\cmstp.exe Status: Allocation size mismatch (API: 86016, Raw: 65536) Path: c:\windows\system32\comp.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\compact.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\conime.exe Status: Allocation size mismatch (API: 49152, Raw: 28672) Path: c:\windows\system32\convert.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\dcomcnfg.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\ddeshare.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\windows\system32\dfrgfat.exe Status: Allocation size mismatch (API: 102400, Raw: 86016) Path: c:\windows\system32\diantz.exe Status: Allocation size mismatch (API: 106496, Raw: 86016) Path: c:\windows\system32\diskpart.exe Status: Allocation size mismatch (API: 184320, Raw: 163840) Path: c:\windows\system32\diskperf.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\dmremote.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\doskey.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\dplaysvr.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\windows\system32\dpnsvr.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\dpvsetup.exe Status: Allocation size mismatch (API: 106496, Raw: 86016) Path: c:\windows\system32\dvdplay.exe Status: Allocation size mismatch (API: 77824, Raw: 57344) Path: c:\windows\system32\dvdupgrd.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\esentutl.exe Status: Allocation size mismatch (API: 61440, Raw: 40960) Path: c:\windows\system32\eudcedit.exe Status: Allocation size mismatch (API: 212992, Raw: 196608) Path: c:\windows\system32\eventvwr.exe Status: Allocation size mismatch (API: 28672, Raw: 12288) Path: c:\windows\system32\expand.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\extrac32.exe Status: Allocation size mismatch (API: 65536, Raw: 49152) Path: c:\windows\system32\fc.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\finger.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\fltmc.exe Status: Allocation size mismatch (API: 45056, Raw: 24576) Path: c:\windows\system32\fontview.exe Status: Allocation size mismatch (API: 40960, Raw: 24576) Path: c:\windows\system32\fsquirt.exe Status: Allocation size mismatch (API: 212992, Raw: 196608) Path: c:\windows\system32\fsutil.exe Status: Allocation size mismatch (API: 77824, Raw: 57344) Path: c:\windows\system32\fxsclnt.exe Status: Allocation size mismatch (API: 163840, Raw: 143360) Path: c:\windows\system32\hdashcut.exe Status: Allocation size mismatch (API: 81920, Raw: 65536) Path: c:\windows\system32\help.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\hostname.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\iexpress.exe Status: Allocation size mismatch (API: 135168, Raw: 114688) Path: c:\windows\system32\ipsec6.exe Status: Allocation size mismatch (API: 65536, Raw: 45056) Path: c:\windows\system32\ipv6.exe Status: Allocation size mismatch (API: 73728, Raw: 53248) Path: c:\windows\system32\ipxroute.exe Status: Allocation size mismatch (API: 45056, Raw: 24576) Path: c:\windows\system32\java.exe Status: Allocation size mismatch (API: 69632, Raw: 53248) Path: c:\windows\system32\javaw.exe Status: Allocation size mismatch (API: 69632, Raw: 53248) Path: c:\windows\system32\javaws.exe Status: Allocation size mismatch (API: 147456, Raw: 131072) Path: c:\windows\system32\keystone.exe Status: Allocation size mismatch (API: 446464, Raw: 425984) Path: c:\windows\system32\label.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\lights.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\windows\system32\lnkstub.exe Status: Allocation size mismatch (API: 45056, Raw: 28672) Path: c:\windows\system32\lodctr.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\logagent.exe Status: Allocation size mismatch (API: 118784, Raw: 98304) Path: c:\windows\system32\logman.exe Status: Allocation size mismatch (API: 81920, Raw: 61440) Path: c:\windows\system32\logoff.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\lpq.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\lpr.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\makecab.exe Status: Allocation size mismatch (API: 106496, Raw: 86016) Path: c:\windows\system32\migpwd.exe Status: Allocation size mismatch (API: 73728, Raw: 53248) Path: c:\windows\system32\mountvol.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\msg.exe Status: Allocation size mismatch (API: 40960, Raw: 24576) Path: c:\windows\system32\mshta.exe Status: Allocation size mismatch (API: 49152, Raw: 32768) Path: c:\windows\system32\msswchx.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\mstinit.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\nbtstat.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\nddeapir.exe Status: Allocation size mismatch (API: 24576, Raw: 4096) Path: C:\WINDOWS\system32\notepad.dll Status: Invisible to the Windows API! Path: c:\windows\system32\nslookup.exe Status: Allocation size mismatch (API: 98304, Raw: 77824) Path: c:\windows\system32\odbcconf.exe Status: Allocation size mismatch (API: 90112, Raw: 69632) Path: c:\windows\system32\ntsd.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\windows\system32\nvappbar.exe Status: Allocation size mismatch (API: 462848, Raw: 442368) Path: c:\windows\system32\nvcolor.exe Status: Allocation size mismatch (API: 167936, Raw: 147456) Path: c:\windows\system32\nvdspsch.exe Status: Allocation size mismatch (API: 1359872, Raw: 1339392) Path: c:\windows\system32\nvudisp.exe Status: Allocation size mismatch (API: 200704, Raw: 180224) Path: c:\windows\system32\nvunrm.exe Status: Allocation size mismatch (API: 200704, Raw: 180224) Path: c:\windows\system32\osuninst.exe Status: Allocation size mismatch (API: 61440, Raw: 40960) Path: c:\windows\system32\packager.exe Status: Allocation size mismatch (API: 81920, Raw: 61440) Path: c:\windows\system32\pathping.exe Status: Allocation size mismatch (API: 45056, Raw: 24576) Path: c:\windows\system32\perfmon.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\ping.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\ping6.exe Status: Allocation size mismatch (API: 53248, Raw: 36864) Path: c:\windows\system32\powercfg.exe Status: Allocation size mismatch (API: 69632, Raw: 49152) Path: c:\windows\system32\print.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\progman.exe Status: Allocation size mismatch (API: 131072, Raw: 110592) Path: c:\windows\system32\proquota.exe Status: Allocation size mismatch (API: 73728, Raw: 53248) Path: c:\windows\system32\proxycfg.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\qappsrv.exe Status: Allocation size mismatch (API: 36864, Raw: 20480) Path: c:\windows\system32\qprocess.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\qwinsta.exe Status: Allocation size mismatch (API: 45056, Raw: 24576) Path: c:\windows\system32\rasautou.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\rasdial.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\rasphone.exe Status: Allocation size mismatch (API: 77824, Raw: 57344) Path: c:\windows\system32\rcp.exe Status: Allocation size mismatch (API: 45056, Raw: 24576) Path: c:\windows\system32\replace.exe Status: Allocation size mismatch (API: 32768, Raw: 16384) Path: c:\windows\system32\reset.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\rexec.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\route.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\routemon.exe Status: Allocation size mismatch (API: 49152, Raw: 28672) Path: c:\windows\system32\rsh.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\rsm.exe Status: Allocation size mismatch (API: 69632, Raw: 49152) Path: c:\windows\system32\rsmsink.exe Status: Allocation size mismatch (API: 45056, Raw: 24576) Path: c:\windows\system32\rsmui.exe Status: Allocation size mismatch (API: 69632, Raw: 49152) Path: c:\windows\system32\rtcshare.exe Status: Allocation size mismatch (API: 98304, Raw: 77824) Path: c:\windows\system32\runas.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\rwinsta.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\savedump.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\scrnsave.scr Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\sdbinst.exe Status: Allocation size mismatch (API: 98304, Raw: 77824) Path: c:\windows\system32\sethc.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\windows\system32\setup.exe Status: Allocation size mismatch (API: 45056, Raw: 24576) Path: c:\windows\system32\sfc.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\shadow.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\shrpubw.exe Status: Allocation size mismatch (API: 98304, Raw: 77824) Path: c:\windows\system32\shutdown.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\sigverif.exe Status: Allocation size mismatch (API: 90112, Raw: 73728) Path: c:\windows\system32\skeys.exe Status: Allocation size mismatch (API: 49152, Raw: 28672) Path: c:\windows\system32\spnpinst.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\ss3dfo.scr Status: Allocation size mismatch (API: 724992, Raw: 704512) Path: c:\windows\system32\ssbezier.scr Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\ssflwbox.scr Status: Allocation size mismatch (API: 413696, Raw: 393216) Path: c:\windows\system32\stimon.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\subst.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\syncapp.exe Status: Allocation size mismatch (API: 73728, Raw: 53248) Path: c:\windows\system32\syskey.exe Status: Allocation size mismatch (API: 57344, Raw: 36864) Path: c:\windows\system32\sysocmgr.exe Status: Allocation size mismatch (API: 126976, Raw: 106496) Path: c:\windows\system32\systray.exe Status: Allocation size mismatch (API: 24576, Raw: 4096) Path: c:\windows\system32\taskman.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\tcmsetup.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\tcpsvcs.exe Status: Allocation size mismatch (API: 40960, Raw: 20480) Path: c:\windows\system32\telnet.exe Status: Allocation size mismatch (API: 98304, Raw: 77824) Path: c:\windows\system32\tftp.exe Status: Allocation size mismatch (API: 36864, Raw: 20480) Path: c:\windows\system32\tracert.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\tracert6.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\windows\system32\tscon.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\tscupgrd.exe Status: Allocation size mismatch (API: 65536, Raw: 45056) Path: c:\windows\system32\tsdiscon.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\tskill.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\tsshutdn.exe Status: Allocation size mismatch (API: 36864, Raw: 20480) Path: c:\windows\system32\unlodctr.exe Status: Allocation size mismatch (API: 24576, Raw: 4096) Path: c:\windows\system32\upnpcont.exe Status: Allocation size mismatch (API: 36864, Raw: 20480) Path: c:\windows\system32\usrmlnka.exe Status: Allocation size mismatch (API: 98304, Raw: 81920) Path: c:\windows\system32\usrprbda.exe Status: Allocation size mismatch (API: 81920, Raw: 65536) Path: c:\windows\system32\usrshuta.exe Status: Allocation size mismatch (API: 90112, Raw: 73728) Path: c:\windows\system32\uwdf.exe Status: Allocation size mismatch (API: 69632, Raw: 49152) Path: c:\windows\system32\smbinst.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\wscntfy.exe Status: Allocation size mismatch (API: 36864, Raw: 16384) Path: c:\windows\system32\verifier.exe Status: Allocation size mismatch (API: 118784, Raw: 98304) Path: c:\windows\system32\vssadmin.exe Status: Allocation size mismatch (API: 57344, Raw: 36864) Path: c:\windows\system32\w32tm.exe Status: Allocation size mismatch (API: 69632, Raw: 53248) Path: c:\windows\system32\wextract.exe Status: Allocation size mismatch (API: 86016, Raw: 65536) Path: c:\windows\system32\winhlp32.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\winmsd.exe Status: Allocation size mismatch (API: 32768, Raw: 12288) Path: c:\windows\system32\winver.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\wpabaln.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\windows\system32\wpnpinst.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\windows\system32\write.exe Status: Allocation size mismatch (API: 28672, Raw: 8192) Path: c:\windows\system32\wuauclt1.exe Status: Allocation size mismatch (API: 188416, Raw: 167936) Path: C:\WINDOWS\temp\ntload.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\Config\Config Status: Locked to the Windows API! Path: C:\WINDOWS\Connection Wizard\Connection Wizard Status: Locked to the Windows API! Path: c:\windows\creator\rmc_ar32.exe Status: Allocation size mismatch (API: 65536, Raw: 45056) Path: c:\windows\downloaded program files\dwusplay.exe Status: Allocation size mismatch (API: 217088, Raw: 196608) Path: C:\WINDOWS\PIF\PIF Status: Locked to the Windows API! Path: C:\WINDOWS\mui\mui Status: Locked to the Windows API! Path: c:\windows\sminst\start.exe Status: Allocation size mismatch (API: 282624, Raw: 262144) Path: C:\WINDOWS\ftpcache\ftpcache Status: Locked to the Windows API! Path: C:\WINDOWS\setup.pss\setup.pss Status: Locked to the Windows API! Path: c:\windows.old\windows\hpcpcuninstaller-6.3.2.116-5577497.exe Status: Allocation size mismatch (API: 139264, Raw: 122880) Path: c:\hp\bin\adddevicepath.exe Status: Allocation size mismatch (API: 196608, Raw: 176128) Path: c:\hp\bin\ask.exe Status: Allocation size mismatch (API: 241664, Raw: 221184) Path: c:\hp\bin\automod32.exe Status: Allocation size mismatch (API: 245760, Raw: 225280) Path: c:\hp\bin\eject.exe Status: Allocation size mismatch (API: 65536, Raw: 45056) Path: c:\hp\bin\findwindow.exe Status: Allocation size mismatch (API: 53248, Raw: 28672) Path: c:\hp\bin\finis.exe Status: Allocation size mismatch (API: 204800, Raw: 188416) Path: c:\hp\bin\inimerge.exe Status: Allocation size mismatch (API: 155648, Raw: 135168) Path: c:\hp\bin\is64os.exe Status: Allocation size mismatch (API: 126976, Raw: 106496) Path: c:\hp\bin\isrunning.exe Status: Allocation size mismatch (API: 77824, Raw: 57344) Path: c:\hp\bin\killit.exe Status: Allocation size mismatch (API: 77824, Raw: 57344) Path: c:\hp\bin\killwind.exe Status: Allocation size mismatch (API: 53248, Raw: 32768) Path: c:\hp\bin\locale.exe Status: Allocation size mismatch (API: 49152, Raw: 28672) Path: c:\hp\bin\ostype.exe Status: Allocation size mismatch (API: 176128, Raw: 155648) Path: c:\hp\bin\processlogger.exe Status: Allocation size mismatch (API: 471040, Raw: 450560) Path: c:\hp\bin\progress.exe Status: Allocation size mismatch (API: 458752, Raw: 434176) Path: c:\hp\bin\refcount.exe Status: Allocation size mismatch (API: 151552, Raw: 131072) Path: c:\hp\bin\rpcopy.exe Status: Allocation size mismatch (API: 151552, Raw: 131072) Path: c:\hp\bin\sendkey.exe Status: Allocation size mismatch (API: 49152, Raw: 28672) Path: c:\hp\bin\setini.exe Status: Allocation size mismatch (API: 65536, Raw: 36864) Path: c:\hp\bin\autorun.exe Status: Allocation size mismatch (API: 258048, Raw: 237568) Path: c:\hp\bin\dm.exe Status: Allocation size mismatch (API: 69632, Raw: 49152) Path: c:\hp\bin\hpbi.exe Status: Allocation size mismatch (API: 110592, Raw: 90112) Path: c:\hp\bin\htmlmsg.exe Status: Allocation size mismatch (API: 73728, Raw: 53248) Path: c:\hp\bin\msgaction.exe Status: Allocation size mismatch (API: 49152, Raw: 28672) Path: c:\hp\bin\sleep.exe Status: Allocation size mismatch (API: 49152, Raw: 28672) Path: c:\hp\bin\transientmessage.exe Status: Allocation size mismatch (API: 372736, Raw: 352256) Path: c:\hp\vinetlink\autorun.exe Status: Allocation size mismatch (API: 258048, Raw: 237568) Path: c:\hp\vinetlink\vinetlink.exe Status: Allocation size m==EOF== |
|
|
|
|
Dec 21 2009, 03:07 PM
Post
#7
|
|
|
Bleepin' Malware Disintegrator Instructor Group: Malware Response Instructor Posts: 12,322 Joined: 21-March 08 Member No.: 197,892 |
Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so. Please include the C:\ComboFix.txt in your next reply for further review. -------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. Visit my Blog and Follow along! The help you receive here is always free but if you wish to show your appreciation, you may wish to . |
|
|
|
|
Dec 22 2009, 02:30 AM
Post
#8
|
|
|
Member Group: Members Posts: 17 Joined: 29-December 05 Member No.: 47,239 |
I got an error when trying to run Combofix. I downloaded Combofix from both locations at the URL you specified and got the same error for both.
It reads: !! ALERT !! It is NOT SAFE to continue! The contents of the ComboFix package have been compromised. Please download a fresh copy from: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Note: You may be infected with a file patching virus 'Virut' |
|
|
|
|
Dec 22 2009, 10:50 AM
Post
#9
|
|
|
Bleepin' Malware Disintegrator Instructor Group: Malware Response Instructor Posts: 12,322 Joined: 21-March 08 Member No.: 197,892 |
Thanks for reporting that. It seems you have a file-infector on board from the CF warning but also from what I saw in the RootRepeal logs with several files mis-match.
-- I want you to scan a few files... Submit File to Online Scanner There is a file that I would like you to check out for me using VirusTotal/VirSCAN
-------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. Visit my Blog and Follow along! The help you receive here is always free but if you wish to show your appreciation, you may wish to . |
|
|
|
|
Dec 22 2009, 08:41 PM
Post
#10
|
|
|
Member Group: Members Posts: 17 Joined: 29-December 05 Member No.: 47,239 |
Using VirusTotal:
============================================= File explorer.exe received on 2009.12.23 01:17:32 (UTC) Antivirus Version Last Update Result a-squared 4.5.0.43 2009.12.22 Virus.Win32.Virut.q!IK AhnLab-V3 5.0.0.2 2009.12.22 - AntiVir 7.9.1.122 2009.12.22 W32/Virut.Gen Antiy-AVL 2.0.3.7 2009.12.22 - Authentium 5.2.0.5 2009.12.22 W32/Virut.AI!Generic Avast 4.8.1351.0 2009.12.22 Win32:Vitro AVG 8.5.0.430 2009.12.22 Win32/Virut BitDefender 7.2 2009.12.23 Win32.Virtob.Gen.12 CAT-QuickHeal 10.00 2009.12.22 W32.Virut.G ClamAV 0.94.1 2009.12.22 - Comodo 3336 2009.12.23 - DrWeb 5.0.1.12222 2009.12.23 Win32.Virut.56 eSafe 7.0.17.0 2009.12.22 - eTrust-Vet 35.1.7192 2009.12.22 Win32/Virut.17408 F-Prot 4.5.1.85 2009.12.22 W32/Virut.AI!Generic F-Secure 9.0.15370.0 2009.12.22 Win32.Virtob.Gen.12 Fortinet 4.0.14.0 2009.12.22 - GData 19 2009.12.22 Win32.Virtob.Gen.12 Ikarus T3.1.1.79.0 2009.12.22 Virus.Win32.Virut.q K7AntiVirus 7.10.926 2009.12.22 - Kaspersky 7.0.0.125 2009.12.23 Virus.Win32.Virut.ce McAfee 5840 2009.12.22 W32/Virut.n.gen McAfee+Artemis 5840 2009.12.22 W32/Virut.n.gen McAfee-GW-Edition 6.8.5 2009.12.23 Win32.Virut.Gen Microsoft 1.5302 2009.12.22 Virus:Win32/Virut.gen!O NOD32 4710 2009.12.22 Win32/Virut.NBP Norman 6.04.03 2009.12.22 - nProtect 2009.1.8.0 2009.12.22 - Panda 10.0.2.2 2009.12.15 W32/Sality.AO PCTools 7.0.3.5 2009.12.23 Malware.Virut Prevx 3.0 2009.12.23 - Rising 22.27.01.04 2009.12.22 Win32.Virut.cl Sophos 4.49.0 2009.12.23 W32/Scribble-B Sunbelt 3.2.1858.2 2009.12.23 Virus.Win32.Virut.ce (v) Symantec 1.4.4.12 2009.12.23 W32.Virut.CF TheHacker 6.5.0.3.106 2009.12.23 W32/Virut.gen4 TrendMicro 9.120.0.1004 2009.12.22 PE_VIRUX.GEN-3 VBA32 3.12.12.0 2009.12.22 Virus.Win32.Virut.X7 ViRobot 2009.12.22.2102 2009.12.22 Win32.Virut.AM VirusBuster 5.0.21.0 2009.12.22 - Additional information File size: 1052160 bytes MD5...: 66e0d220b8a7767eb3fb8616bd7e5167 SHA1..: 7a98286d1a238e6d0da81493384e0c8f3f20ca56 SHA256: e76a8564b929229f2104b198b046e7d16946195126e42372e06032af161d7719 ssdeep: 12288:SzEut4RuAwGgc7fNuIEGpOoHWr2Rkf8I+skzan1/g/J/v5nne8c:SzEuAw<br>j2fNuIQakf8I+sk81/g/J/Jn9<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x456f6<br>timedatestamp.....: 0x262dc027 (Thu Apr 19 13:41:59 1990)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x44800 0x44800 6.39 aae1e098b4f91b757139a2af4720f668<br>.data 0x46000 0x1d90 0x1800 1.29 d0b87d8ce5a34731be197efb73b5d7bf<br>.rsrc 0x48000 0xb2278 0xb2400 6.63 abf6dc1befe1a4a4c7f6ef51d1a6f907<br>.reloc 0xfb000 0x8800 0x8600 7.68 685f3afb9df32e2e835bfcef213cfac1<br><br>( 13 imports ) <br>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<br>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<br>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount<br>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<br>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<br>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<br>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -<br>> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<br>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<br>> OLEAUT32.dll: -, -<br>> BROWSEUI.dll: -, -, -, -<br>> SHDOCVW.dll: -, -, -<br>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: © Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: Windows Explorer<br>original name: EXPLORER.EXE<br>internal name: explorer<br>file version.: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> ============================================= File userinit.exe received on 2009.12.23 01:20:38 (UTC) Antivirus Version Last Update Result a-squared 4.5.0.43 2009.12.22 Trojan.Agent2!IK AhnLab-V3 5.0.0.2 2009.12.22 Win32/Virut.F AntiVir 7.9.1.122 2009.12.22 W32/Virut.Gen Antiy-AVL 2.0.3.7 2009.12.22 - Authentium 5.2.0.5 2009.12.22 W32/Virut.AI!Generic Avast 4.8.1351.0 2009.12.22 Win32:Vitro AVG 8.5.0.430 2009.12.22 Win32/Virut BitDefender 7.2 2009.12.23 Win32.Virtob.Gen.12 CAT-QuickHeal 10.00 2009.12.22 W32.Virut.G ClamAV 0.94.1 2009.12.22 - Comodo 3336 2009.12.23 Virus.Win32.Virut.Ce DrWeb 5.0.1.12222 2009.12.23 Win32.Virut.56 eSafe 7.0.17.0 2009.12.22 - eTrust-Vet 35.1.7192 2009.12.22 Win32/Virut.17408 F-Prot 4.5.1.85 2009.12.22 W32/Virut.AI!Generic F-Secure 9.0.15370.0 2009.12.22 Win32.Virtob.Gen.12 Fortinet 4.0.14.0 2009.12.22 - GData 19 2009.12.22 Win32.Virtob.Gen.12 Ikarus T3.1.1.79.0 2009.12.22 Trojan.Agent2 Jiangmin 13.0.900 2009.12.22 - Kaspersky 7.0.0.125 2009.12.23 Virus.Win32.Virut.ce McAfee 5840 2009.12.22 W32/Virut.n.gen McAfee+Artemis 5840 2009.12.22 W32/Virut.n.gen McAfee-GW-Edition 6.8.5 2009.12.23 Heuristic.LooksLike.Win32.Suspicious.H Microsoft 1.5302 2009.12.22 Virus:Win32/Virut.gen!O NOD32 4710 2009.12.22 Win32/Virut.NBP Norman 6.04.03 2009.12.22 W32/Virut.DY nProtect 2009.1.8.0 2009.12.22 - Panda 10.0.2.2 2009.12.15 W32/Sality.AO PCTools 7.0.3.5 2009.12.23 Malware.Virut Prevx 3.0 2009.12.23 - Rising 22.27.01.04 2009.12.22 Win32.Virut.cs Sophos 4.49.0 2009.12.23 W32/Scribble-B Sunbelt 3.2.1858.2 2009.12.23 Virus.Win32.Virut.ce (v) Symantec 1.4.4.12 2009.12.23 W32.Virut.CF TheHacker 6.5.0.3.106 2009.12.23 W32/Virut.gen4 TrendMicro 9.120.0.1004 2009.12.22 PE_VIRUX.J VBA32 3.12.12.0 2009.12.22 Virus.Win32.Virut.X7 ViRobot 2009.12.22.2102 2009.12.22 Win32.Virut.AM VirusBuster 5.0.21.0 2009.12.22 Win32.Virut.AB.Gen Additional information File size: 44544 bytes MD5 : cb7dd4ca47686aa405fc5bab320a5aac SHA1 : e03aa793f66338a9ad8d8958e5444dd04c41f965 SHA256: f2325f51e111ba3d53150b5187c9bc838d10161ba19ea5c337837c8a0c6add08 PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xC6F3<br> timedatestamp.....: 0x262DC027 (Thu Apr 19 15:41:59 1990)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 3 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x4DB8 0x4E00 6.01 16aee663ed180007a0bf5bf24b845096<br>.data 0x6000 0x14C 0x200 1.86 cbb599f9267bf53209039d14a3574eb1<br>.rsrc 0x7000 0x5C00 0x5A00 7.63 a13e49604c2b068bf4d0ebae3a314610<br> <br> ( 7 imports )<br> <br>> advapi32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA<br>> crypt32.dll: CryptProtectData<br>> kernel32.dll: GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrlenW, lstrcpyW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, ExpandEnvironmentStringsW, SetEvent, OpenEventW, Sleep, GetLastError, SearchPathW, CreateProcessW<br>> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, __setusermatherr, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _initterm, _adjust_fdiv<br>> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, NtQueryInformationToken, RtlConvertSidToUnicodeString<br>> user32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW<br>> winspool.drv: SpoolerInit<br> <br> ( 0 exports )<br> TrID : File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) ssdeep: 768:RJDUaxgu5YEVBxkjuv7wbaLa4PU4b7st4MFc6zfzMKou32TaOcQ8b:RJHxIEVBvT2aLa4PUO7smALzJm9cr PEiD : - RDS : NSRL Reference Data Set<br>- ============================================= File winlogon.exe received on 2009.12.21 10:10:17 (UTC) Antivirus Version Last Update Result a-squared 4.5.0.43 2009.12.21 - AhnLab-V3 5.0.0.2 2009.12.21 - AntiVir 7.9.1.114 2009.12.21 - Antiy-AVL 2.0.3.7 2009.12.18 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.20 - AVG 8.5.0.427 2009.12.20 - BitDefender 7.2 2009.12.21 - CAT-QuickHeal 10.00 2009.12.21 - ClamAV 0.94.1 2009.12.21 - Comodo 3317 2009.12.21 - DrWeb 5.0.0.12182 2009.12.21 - eSafe 7.0.17.0 2009.12.20 - eTrust-Vet 35.1.7187 2009.12.21 - F-Prot 4.5.1.85 2009.12.20 - F-Secure 9.0.15370.0 2009.12.21 - Fortinet 4.0.14.0 2009.12.20 - GData 19 2009.12.21 - Ikarus T3.1.1.79.0 2009.12.21 - Jiangmin 13.0.900 2009.12.21 - K7AntiVirus 7.10.923 2009.12.17 - Kaspersky 7.0.0.125 2009.12.21 - McAfee 5838 2009.12.20 - McAfee+Artemis 5838 2009.12.20 - McAfee-GW-Edition 6.8.5 2009.12.21 - Microsoft 1.5302 2009.12.21 - NOD32 4704 2009.12.20 - Norman 6.04.03 2009.12.21 - nProtect 2009.1.8.0 2009.12.21 - Panda 10.0.2.2 2009.12.15 - PCTools 7.0.3.5 2009.12.21 - Prevx 3.0 2009.12.21 - Rising 22.27.00.04 2009.12.21 - Sophos 4.49.0 2009.12.21 - Sunbelt 3.2.1858.2 2009.12.20 - Symantec 1.4.4.12 2009.12.21 - TheHacker 6.5.0.3.101 2009.12.21 - TrendMicro 9.120.0.1004 2009.12.21 - VBA32 3.12.12.0 2009.12.19 - ViRobot 2009.12.21.2098 2009.12.21 - VirusBuster 5.0.21.0 2009.12.20 - Additional information File size: 502272 bytes MD5 : 01c3346c241652f43aed8e2149881bfe SHA1 : a5396141cab8b22d9d88b28a814089537dce366a SHA256: affd0973cd3128083417d407f62bc4a635fc25b65dbf52e91d3ab4ae2f9c1b4a PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x3D353<br> timedatestamp.....: 0x41107EDC (Wed Aug 4 08:14:52 2004)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 3 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x6F288 0x6F400 6.82 5a133ab60f38b5d739d86c8290fa5a3c<br>.data 0x71000 0x4D90 0x2000 6.20 baa64d00a5f8a540a38a60d2aff66f30<br>.rsrc 0x76000 0x9030 0x9200 3.62 b93cbbc049130e1bad3ea13d7512c074<br> <br> ( 0 imports )<br> <br> <br> ( 0 exports )<br> TrID : File type identification<br>Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%) ThreatExpert: <a href="http://www.threatexpert.com/report.aspx?md5=01c3346c241652f43aed8e2149881bfe" target="_blank">http://www.threatexpert.com/report.aspx?md5=01c3346c241652f43aed8e2149881bfe</a> ssdeep: 6144:2YuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnmhPnpdcrFIzdFz/N5WjyfTNQG:2VLBhic7Qy1vSneJFDNhp8 PEiD : - RDS : NSRL Reference Data Set<br><br>( Gateway )<br><br>Gateway Operating System Windows XP Pro Edition SP2: WINLOGON.EXE, winlogon.exe<br>( Microsoft )<br><br>MSDN Disc 2428.4: winlogon.exeMSDN Disc 2428.5: winlogon.exeMSDN Disc 2428.8: winlogon.exeOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: winlogon.exeVirtual PC for Mac Windows XP Home Edition: winlogon.exeVirtual PC for Mac Windows XP Professional Edition: winlogon.exe ============================================= File services.exe received on 2009.12.23 01:37:39 (UTC) Antivirus Version Last Update Result a-squared 4.5.0.43 2009.12.22 - AhnLab-V3 5.0.0.2 2009.12.22 - AntiVir 7.9.1.122 2009.12.22 - Antiy-AVL 2.0.3.7 2009.12.22 - Authentium 5.2.0.5 2009.12.22 - Avast 4.8.1351.0 2009.12.22 - AVG 8.5.0.430 2009.12.22 - BitDefender 7.2 2009.12.23 - CAT-QuickHeal 10.00 2009.12.22 - ClamAV 0.94.1 2009.12.22 - Comodo 3336 2009.12.23 - DrWeb 5.0.1.12181 2009.12.23 - eSafe 7.0.17.0 2009.12.22 - eTrust-Vet 35.1.7192 2009.12.22 - F-Prot 4.5.1.85 2009.12.22 - F-Secure 9.0.15370.0 2009.12.22 - Fortinet 4.0.14.0 2009.12.22 - GData 19 2009.12.22 - Ikarus T3.1.1.79.0 2009.12.22 - Jiangmin 13.0.900 2009.12.22 - K7AntiVirus 7.10.926 2009.12.22 - Kaspersky 7.0.0.125 2009.12.23 - McAfee 5840 2009.12.22 - McAfee+Artemis 5840 2009.12.22 - McAfee-GW-Edition 6.8.5 2009.12.23 - Microsoft 1.5302 2009.12.22 - NOD32 4710 2009.12.22 - Norman 6.04.03 2009.12.22 - nProtect 2009.1.8.0 2009.12.22 - Panda 10.0.2.2 2009.12.15 - PCTools 7.0.3.5 2009.12.23 - Prevx 3.0 2009.12.23 - Rising 22.27.01.04 2009.12.22 - Sophos 4.49.0 2009.12.23 - Sunbelt 3.2.1858.2 2009.12.23 - Symantec 1.4.4.12 2009.12.23 - TheHacker 6.5.0.3.106 2009.12.23 - TrendMicro 9.120.0.1004 2009.12.22 - VBA32 3.12.12.0 2009.12.22 - ViRobot 2009.12.22.2102 2009.12.22 - VirusBuster 5.0.21.0 2009.12.22 - Additional information File size: 108032 bytes MD5...: c6ce6eec82f187615d1002bb3bb50ed4 SHA1..: b958912d139cb8dbfeeacdd38ba048c4f452174e SHA256: cea9c880328205ae3376eb8b005412cb0f8fce52a71c6f0651ef5f9c193f6e3f ssdeep: 1536:tTEFQwemxUxDQOYxKO9IYpRbyMkP+roEacrcdISq/Oj/iyxqOxwq:tq/xUx<br>DQOYxKCIEoSoEUISq/OEOxwq<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xb5cc<br>timedatestamp.....: 0x41107eb3 (Wed Aug 04 06:14:11 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x18f55 0x19000 6.26 b20d7426baadb5d61b21b7f45648ecfa<br>.data 0x1a000 0xa14 0xa00 2.05 fd6fc84823efda2858a97fe8e6dd8f76<br>.rsrc 0x1b000 0x7b0 0x800 3.15 d9f56ab9f5d44407cd57280022b2dd18<br><br>( 10 imports ) <br>> msvcrt.dll: wcsrchr, time, _except_handler3, memmove, wcschr, _c_exit, _exit, _XcptFilter, _cexit, _wcsicmp, exit, __initenv, __getmainargs, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcslen, wcsncmp, _wtol, wcscpy, _itow, _wcsnicmp, wcscat, _initterm, wcsncpy, wcscspn, _ultow<br>> ADVAPI32.dll: RegOpenKeyW, ConvertSidToStringSidW, LogonUserExW, LsaStorePrivateData, LsaLookupNames, LsaQueryInformationPolicy, OpenThreadToken, RegNotifyChangeKeyValue, InitializeSecurityDescriptor, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, SystemFunction029, SystemFunction005, CheckTokenMembership, FreeSid, AllocateAndInitializeSid, SetSecurityDescriptorOwner, GetSecurityDescriptorDacl, GetLengthSid, CopySid, InitializeAcl, AddAce, SetSecurityDescriptorDacl, LsaOpenPolicy, LsaLookupSids, LsaFreeMemory, LsaClose, ImpersonateLoggedOnUser, CreateProcessAsUserW, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, InitiateSystemShutdownW, RevertToSelf<br>> KERNEL32.dll: TerminateProcess, SetProcessShutdownParameters, lstrcmpiW, FormatMessageW, ExitThread, ReleaseMutex, DelayLoadFailureHook, RaiseException, GetExitCodeThread, SetErrorMode, SetUnhandledExceptionFilter, LoadLibraryA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcess, UnhandledExceptionFilter, GetModuleHandleA, CreateMutexW, LocalAlloc, LocalFree, Sleep, LeaveCriticalSection, EnterCriticalSection, SetLastError, CloseHandle, CreateThread, GetLastError, CreateProcessW, ExpandEnvironmentStringsW, InitializeCriticalSection, HeapAlloc, HeapFree, SetConsoleCtrlHandler, WaitForSingleObject, HeapCreate, FreeLibrary, GetProcAddress, GetModuleHandleExW, InterlockedCompareExchange, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, ConnectNamedPipe, TransactNamedPipe, WriteFile, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleW, GetComputerNameW, CreateEventW, SetEvent, ResetEvent, DeviceIoControl, CreateFileW, ResumeThread, GetCurrentProcessId, LoadLibraryW, GetDriveTypeW, OpenEventW, GetCurrentThread<br>> USER32.dll: wsprintfW, BroadcastSystemMessageW, MessageBoxW, LoadStringW, RegisterServicesProcess<br>> RPCRT4.dll: RpcServerRegisterAuthInfoW, RpcBindingFree, RpcEpResolveBinding, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrClientCall2, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, NdrAsyncServerCall, NdrAsyncClientCall, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, NdrServerCall2, I_RpcBindingIsClientLocal, RpcRevertToSelf, I_RpcMapWin32Status, RpcImpersonateClient, RpcStringBindingParseW, RpcStringFreeW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf, RpcServerListen, RpcServerUnregisterIf<br>> ntdll.dll: RtlCreateAcl, NtCreateKey, NtQueryValueKey, NtSetValueKey, NtDeleteValueKey, NtEnumerateKey, NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, NtDeleteKey, RtlSetControlSecurityDescriptor, RtlValidSecurityDescriptor, RtlLengthSecurityDescriptor, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtAccessCheckAndAuditAlarm, NtSetInformationThread, NtAdjustPrivilegesToken, NtDuplicateToken, NtOpenProcessToken, NtQueryInformationToken, RtlQuerySecurityObject, RtlAddAccessAllowedAce, RtlValidRelativeSecurityDescriptor, RtlMapGenericMask, RtlCopyUnicodeString, NtSetInformationFile, NtQueryInformationFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, NtWaitForSingleObject, NtQueryDirectoryFile, NtDeleteFile, NtSetInformationProcess, RtlUnhandledExceptionFilter, NtSetEvent, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlAllocateHeap, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, RtlUnicodeStringToAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlNewSecurityObject, RtlAddAce, RtlSetOwnerSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSubAuthorityCountSid, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlCompareUnicodeString, NtLoadDriver, NtUnloadDriver, RtlExpandEnvironmentStrings_U, RtlAdjustPrivilege, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAreAllAccessesGranted, NtDeleteObjectAuditAlarm, NtCloseObjectAuditAlarm, RtlQueueWorkItem, RtlCopyLuid, RtlDeregisterWait, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, RtlDeleteSecurityObject, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlUnlockBootStatusData, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, RtlSetSecurityObject, RtlMakeSelfRelativeSD, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtSetSecurityObject<br>> USERENV.dll: UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock<br>> SCESRV.dll: ScesrvInitializeServer, ScesrvTerminateServer<br>> umpnpmgr.dll: RegisterScmCallback, PNP_SetActiveService, PNP_GetDeviceRegProp, PNP_GetDeviceListSize, PNP_GetDeviceList, PNP_HwProfFlags, RegisterServiceNotification, DeleteServicePlugPlayRegKeys<br>> NCObjAPI.DLL: WmiSetAndCommitObject, WmiEventSourceConnect, WmiCreateObjectWithFormat<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) pdfid.: - sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: © Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: Services and Controller app<br>original name: services.exe<br>internal name: services.exe<br>file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> |
|
|
|
|
Dec 22 2009, 09:04 PM
Post
#11
|
|
|
Bleepin' Malware Disintegrator Instructor Group: Malware Response Instructor Posts: 12,322 Joined: 21-March 08 Member No.: 197,892 |
Virut File Infector Warning Your system is infected with a polymorphic file infector called Virut and also has IRC bot functionality. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. In addition, when it infects, sometimes it will destroy the file it tries to latch onto. For these reasons, you really can't truly fix Virut. You will need to reinstall and format the operating system on this machine. As of now, security experts suggest that a clean Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state. Backup all your documents and important items (personal data, work documents, pictures etc..) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable. Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too. More information on Virut can be found over here and here With Regards, Extremeboy -------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. Visit my Blog and Follow along! The help you receive here is always free but if you wish to show your appreciation, you may wish to . |
|
|
|
|
Dec 23 2009, 07:08 PM
Post
#12
|
|
|
Member Group: Members Posts: 17 Joined: 29-December 05 Member No.: 47,239 |
OK..this might take a couple of days.. I have a lot of files to back up + of course the holidays. Can we resume this in a couple of days?
|
|
|
|
|
Dec 23 2009, 07:13 PM
Post
#13
|
|
|
Bleepin' Malware Disintegrator Instructor Group: Malware Response Instructor Posts: 12,322 Joined: 21-March 08 Member No.: 197,892 |
Hello.
After doing a complete, format you will be completely clean so there would be no point in to continue would there? -------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. Visit my Blog and Follow along! The help you receive here is always free but if you wish to show your appreciation, you may wish to . |
|
|
|
|
Dec 29 2009, 09:51 AM
Post
#14
|
|
|
Bleepin' Malware Disintegrator Instructor Group: Malware Response Instructor Posts: 12,322 Joined: 21-March 08 Member No.: 197,892 |
Are you still there?
-------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. Visit my Blog and Follow along! The help you receive here is always free but if you wish to show your appreciation, you may wish to . |
|
|
|
|
Jan 2 2010, 02:38 PM
Post
#15
|
|
|
Bleepin' Malware Disintegrator Instructor Group: Malware Response Instructor Posts: 12,322 Joined: 21-March 08 Member No.: 197,892 |
Hello.
Since the problem appears to be resolved, this topic is now Closed. If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request. This applies only to the original topic starter Everyone else please start a new topic. With Regards, Extremeboy -------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. Visit my Blog and Follow along! The help you receive here is always free but if you wish to show your appreciation, you may wish to . |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 6th September 2010 - 04:11 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.