BleepingComputer.com: Help needed after XP Antispyware infection

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 5 Pages +
  • « First
  • 3
  • 4
  • 5
  • You cannot start a new topic
  • This topic is locked

Help needed after XP Antispyware infection Infection cleared but getting other problems

#61 User is offline   Expert Novice 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 90
  • Joined: 31-August 10

Posted 04 June 2011 - 04:37 PM

I tried Kaspersky in safe mode and got the same result, a running process but no window.

Out of interest I tried running it on my other machine and it ran fine. Interestingly on this machine having ran the file in normal boot, during the installation I was given a warning saying it was recommended to run the scan in safe mode. I don't get this with the poorly machine.
As there are no obvious signs of malware you can see now I wonder if perhaps the explorer issue might be a symptom of something else which went wrong at the same time, or just after the infection. Perhaps I should start a thread in the XP section of the forum?

Many thanks

David

#62 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,456
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 06 June 2011 - 01:58 PM

Ok lets start over


update combofix

I would like you to download an updated virsion of combofix.

    Delete the version of combofix you have now on your desktop and download a new one from here


    **Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#63 User is offline   Expert Novice 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 90
  • Joined: 31-August 10

Posted 07 June 2011 - 04:16 AM

Hi Gringo,

Ok, I ran Combofix again. All seemed to go well until it had finshed and produced the log. Although notepad opened and showed the log file the explorer issue appeared. I had previously not been shutting the machine down fully but using standby which seemed to help keep the explorer issue at bay but running Combofix brought it back again. I was unable to select any items on the desktop and when I hovered my cursor over the task bar it changed to the hourglass symbol. I was however able to save the log on the desktop and then went ctl/alt/del-restart. The machine rebooted to its working state and all seemed well. I had the idea to run Combofix again to see if anything different might appear in the log. The same thing happened at the end of the scan and I had to restart. This time the machine booted up with the explorer issue still present. I tried to restert a few times but always got the same result so I went to Sys Restore. Interestingly, Although there should have been two restore points created by Combofix available the were no restore points that had been created today. I restored to the most recent system checkpoint. Upon restarting I was given the message saying it had not been possible to create the restore and no changes has been made. Despite this the machine proceeded to boot normally without the explorer issue.

Below you will see the two logs. I have highlighted the differences I could see in log 2 from scanning through them quickly but I don't know if they are significant. Note the single line near the bottom of the log.

Log 1...

ComboFix 11-06-06.03 - Home 07/06/2011 8:17.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.568 [GMT 1:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Kerio Personal Firewall *Enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-04 17:31 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\48560912.sys
2011-06-04 17:31 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\4856091.sys
2011-06-04 17:31 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\48560911.sys
2011-06-02 21:16 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\28945022.sys
2011-06-02 21:16 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\2894502.sys
2011-06-02 21:16 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\28945021.sys
2011-06-02 17:05 . 2011-06-02 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-28 12:20 . 2011-05-28 12:27 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\AskToolbar
2011-05-21 14:54 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\71831132.sys
2011-05-21 14:54 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\7183113.sys
2011-05-21 14:54 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\71831131.sys
2011-05-21 14:00 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\06515542.sys
2011-05-21 14:00 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\06515541.sys
2011-05-21 14:00 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\0651554.sys
2011-05-21 13:50 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\47854432.sys
2011-05-21 13:50 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\4785443.sys
2011-05-21 13:50 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\47854431.sys
2011-05-21 11:44 . 2011-05-21 11:44 -------- d-----w- c:\documents and settings\Home\Application Data\Foxit Software
2011-05-21 11:43 . 2011-05-21 11:43 -------- d-----w- c:\program files\Ask.com
2011-05-21 11:43 . 2011-05-21 11:43 -------- d-----w- c:\program files\Foxit Software
2011-05-21 11:19 . 2011-05-21 11:20 -------- d-----w- c:\program files\ERUNT
2011-05-21 10:59 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-05-21 10:59 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-05-21 10:59 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-05-21 10:57 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2011-05-21 10:54 . 2011-05-21 10:56 -------- d--h--w- c:\windows\msdownld.tmp
2011-05-21 10:35 . 2011-05-21 10:35 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
2011-05-17 20:37 . 2011-05-17 20:37 -------- d-----w- c:\program files\Common Files\Java
2011-05-17 00:11 . 2011-05-17 00:11 -------- d-----w- c:\program files\ESET
2011-05-16 23:45 . 2011-05-18 08:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 07:29 . 2011-05-15 07:29 -------- d-----w- c:\program files\Avira
2011-05-15 07:29 . 2011-05-15 07:29 -------- d-----w- c:\documents and settings\Home\Application Data\Avira
2011-05-15 07:29 . 2011-05-15 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 04:07 . 2010-05-06 07:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 01:40 . 2010-08-28 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-01 16:07 . 2009-12-05 19:24 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-18 17:53 . 2011-05-17 17:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Home\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Home\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Home\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"process exploorer"="c:\documents and settings\Home\Desktop\procexp.exe" [2005-02-09 456208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-04-11 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-12-08 16384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\documents and settings\Home\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-06-04 17:57 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
"AlSrvN"=c:\documents and settings\Home\Desktop\Alcohol_120_2.0.1.1820_DMZ\Alcohol_120_2.0.1.1820_DMZ\Cracks\ChVL\Plugins\Helper\AlSrvN.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"snp2std"=c:\windows\vsnp2std.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"tsnp2std"=c:\windows\tsnp2std.exe
"bcmwltry"=bcmwltry.exe
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Home\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 06515542;06515542 Boot Guard Driver;c:\windows\system32\drivers\06515542.sys [21/05/2011 15:00 37392]
R0 28945022;28945022 Boot Guard Driver;c:\windows\system32\drivers\28945022.sys [02/06/2011 22:16 37392]
R0 47854432;47854432 Boot Guard Driver;c:\windows\system32\drivers\47854432.sys [21/05/2011 14:50 37392]
R0 48560912;48560912 Boot Guard Driver;c:\windows\system32\drivers\48560912.sys [04/06/2011 18:31 37392]
R0 71831132;71831132 Boot Guard Driver;c:\windows\system32\drivers\71831132.sys [21/05/2011 15:54 37392]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/09/2010 20:53 697328]
R1 06515541;06515541;c:\windows\system32\drivers\06515541.sys [21/05/2011 15:00 128016]
R1 28945021;28945021;c:\windows\system32\drivers\28945021.sys [02/06/2011 22:16 128016]
R1 47854431;47854431;c:\windows\system32\drivers\47854431.sys [21/05/2011 14:50 128016]
R1 48560911;48560911;c:\windows\system32\drivers\48560911.sys [04/06/2011 18:31 128016]
R1 71831131;71831131;c:\windows\system32\drivers\71831131.sys [21/05/2011 15:54 128016]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18/07/2006 13:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18/07/2006 13:02 91672]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22/12/2008 12:06 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 12:05 67656]
R1 setup_9.0.0.722_02.06.2011_22-41drv;setup_9.0.0.722_02.06.2011_22-41drv;c:\windows\system32\drivers\2894502.sys [02/06/2011 22:16 315408]
R1 setup_9.0.0.722_21.05.2011_16-09drv;setup_9.0.0.722_21.05.2011_16-09drv;c:\windows\system32\drivers\0651554.sys [21/05/2011 15:00 315408]
R1 setup_9.0.0.722_21.05.2011_18-10drv;setup_9.0.0.722_21.05.2011_18-10drv;c:\windows\system32\drivers\4856091.sys [04/06/2011 18:31 315408]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\Home\Desktop\Virtual\VCdRom.sys [19/12/2001 12:45 8576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [05/12/2009 20:24 136360]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 16:05 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 08:24 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/04/2011 10:15 136176]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [02/04/2010 21:36 96256]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24/04/2011 10:15 136176]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [14/05/2010 18:55 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [14/05/2010 18:55 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [14/05/2010 18:45 32377]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 15:05 14904]
S3 qcusbnmea;WP-S1 NMEA Port;c:\windows\system32\drivers\qcusbnmea.sys [01/10/2010 10:02 65024]
S3 qcusbpcsync;WP-S1 PCSYNC Port;c:\windows\system32\drivers\qcusbpcsync.sys [01/10/2010 10:04 65024]
S3 qcusbser6k;WP-S1 Diagnostic Port;c:\windows\system32\drivers\qcusbser6k.sys [01/10/2010 10:01 65024]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 12:06 12872]
S4 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [05/06/2009 00:50 103680]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 15:12]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 09:15]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 09:15]
.
2011-06-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.co.uk/broadband
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\1pee75e4.Test profile\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-07 08:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
@DACL=(02 0000)
"Status"=dword:00000000
"RsopStatus"=dword:00000000
"LastPolicyTime"=dword:00d15a20
"PrevSlowLink"=dword:00000000
"PrevRsopLogging"=dword:00000001
"ForceRefreshFG"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
"PreviousPolicyAreas"=dword:00000000
"Status"=dword:00000000
"RsopStatus"=dword:00000000
"LastPolicyTime"=dword:00d15a20
"PrevSlowLink"=dword:00000000
"PrevRsopLogging"=dword:00000001
"ForceRefreshFG"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
"Status"=dword:00000000
"RsopStatus"=dword:80070032
"LastPolicyTime"=dword:00d15a20
"PrevSlowLink"=dword:00000000
"PrevRsopLogging"=dword:00000001
"ForceRefreshFG"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\S-1-5-21-3984583359-3248513183-1231678535-1134\GPExtensions]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3864)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Outlook\OFFICE11\msohev.dll
c:\program files\Alcohol Soft\Alcohol 120\AxShlex.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
Completion time: 2011-06-07 08:40:08
ComboFix-quarantined-files.txt 2011-06-07 07:39
.
Pre-Run: 13,660,516,352 bytes free
Post-Run: 13,762,301,952 bytes free
.
- - End Of File - - 7117A5BBE5B2C7E691D511B815450943


Log 2...

ComboFix 11-06-06.03 - Home 07/06/2011 8:52.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.725 [GMT 1:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Kerio Personal Firewall *Disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-04 17:31 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\48560912.sys
2011-06-04 17:31 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\4856091.sys
2011-06-04 17:31 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\48560911.sys
2011-06-02 21:16 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\28945022.sys
2011-06-02 21:16 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\2894502.sys
2011-06-02 21:16 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\28945021.sys
2011-06-02 17:05 . 2011-06-02 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-28 12:20 . 2011-05-28 12:27 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\AskToolbar
2011-05-21 14:54 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\71831132.sys
2011-05-21 14:54 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\7183113.sys
2011-05-21 14:54 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\71831131.sys
2011-05-21 14:00 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\06515542.sys
2011-05-21 14:00 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\06515541.sys
2011-05-21 14:00 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\0651554.sys
2011-05-21 13:50 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\47854432.sys
2011-05-21 13:50 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\4785443.sys
2011-05-21 13:50 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\47854431.sys
2011-05-21 11:44 . 2011-05-21 11:44 -------- d-----w- c:\documents and settings\Home\Application Data\Foxit Software
2011-05-21 11:43 . 2011-05-21 11:43 -------- d-----w- c:\program files\Ask.com
2011-05-21 11:43 . 2011-05-21 11:43 -------- d-----w- c:\program files\Foxit Software
2011-05-21 11:19 . 2011-05-21 11:20 -------- d-----w- c:\program files\ERUNT
2011-05-21 10:59 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-05-21 10:59 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-05-21 10:59 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-05-21 10:57 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2011-05-21 10:54 . 2011-05-21 10:56 -------- d--h--w- c:\windows\msdownld.tmp
2011-05-21 10:35 . 2011-05-21 10:35 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
2011-05-17 20:37 . 2011-05-17 20:37 -------- d-----w- c:\program files\Common Files\Java
2011-05-17 00:11 . 2011-05-17 00:11 -------- d-----w- c:\program files\ESET
2011-05-16 23:45 . 2011-05-18 08:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 07:29 . 2011-05-15 07:29 -------- d-----w- c:\program files\Avira
2011-05-15 07:29 . 2011-05-15 07:29 -------- d-----w- c:\documents and settings\Home\Application Data\Avira
2011-05-15 07:29 . 2011-05-15 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 04:07 . 2010-05-06 07:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 01:40 . 2010-08-28 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-01 16:07 . 2009-12-05 19:24 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-18 17:53 . 2011-05-17 17:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-07_07.33.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-07 07:47 . 2011-06-07 07:47 16384 c:\windows\temp\Perflib_Perfdata_6f4.dat
+ 2011-06-07 07:48 . 2011-06-07 07:48 327680 c:\windows\ERDNT\AutoBackup\07-06-2011\Users\00000002\UsrClass.dat
+ 2011-06-07 07:48 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\07-06-2011\ERDNT.EXE
+ 2011-06-07 07:48 . 2011-06-07 07:48 18706432 c:\windows\ERDNT\AutoBackup\07-06-2011\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Home\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Home\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Home\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"process exploorer"="c:\documents and settings\Home\Desktop\procexp.exe" [2005-02-09 456208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-04-11 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-12-08 16384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\documents and settings\Home\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-06-04 17:57 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
"AlSrvN"=c:\documents and settings\Home\Desktop\Alcohol_120_2.0.1.1820_DMZ\Alcohol_120_2.0.1.1820_DMZ\Cracks\ChVL\Plugins\Helper\AlSrvN.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"snp2std"=c:\windows\vsnp2std.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"tsnp2std"=c:\windows\tsnp2std.exe
"bcmwltry"=bcmwltry.exe
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Home\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 06515542;06515542 Boot Guard Driver;c:\windows\system32\drivers\06515542.sys [21/05/2011 15:00 37392]
R0 28945022;28945022 Boot Guard Driver;c:\windows\system32\drivers\28945022.sys [02/06/2011 22:16 37392]
R0 47854432;47854432 Boot Guard Driver;c:\windows\system32\drivers\47854432.sys [21/05/2011 14:50 37392]
R0 48560912;48560912 Boot Guard Driver;c:\windows\system32\drivers\48560912.sys [04/06/2011 18:31 37392]
R0 71831132;71831132 Boot Guard Driver;c:\windows\system32\drivers\71831132.sys [21/05/2011 15:54 37392]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/09/2010 20:53 697328]
R1 06515541;06515541;c:\windows\system32\drivers\06515541.sys [21/05/2011 15:00 128016]
R1 28945021;28945021;c:\windows\system32\drivers\28945021.sys [02/06/2011 22:16 128016]
R1 47854431;47854431;c:\windows\system32\drivers\47854431.sys [21/05/2011 14:50 128016]
R1 48560911;48560911;c:\windows\system32\drivers\48560911.sys [04/06/2011 18:31 128016]
R1 71831131;71831131;c:\windows\system32\drivers\71831131.sys [21/05/2011 15:54 128016]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18/07/2006 13:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18/07/2006 13:02 91672]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22/12/2008 12:06 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 12:05 67656]
R1 setup_9.0.0.722_02.06.2011_22-41drv;setup_9.0.0.722_02.06.2011_22-41drv;c:\windows\system32\drivers\2894502.sys [02/06/2011 22:16 315408]
R1 setup_9.0.0.722_21.05.2011_16-09drv;setup_9.0.0.722_21.05.2011_16-09drv;c:\windows\system32\drivers\0651554.sys [21/05/2011 15:00 315408]
R1 setup_9.0.0.722_21.05.2011_18-10drv;setup_9.0.0.722_21.05.2011_18-10drv;c:\windows\system32\drivers\4856091.sys [04/06/2011 18:31 315408]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\Home\Desktop\Virtual\VCdRom.sys [19/12/2001 12:45 8576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [05/12/2009 20:24 136360]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 16:05 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 08:24 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/04/2011 10:15 136176]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [02/04/2010 21:36 96256]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24/04/2011 10:15 136176]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [14/05/2010 18:55 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [14/05/2010 18:55 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [14/05/2010 18:45 32377]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 15:05 14904]
S3 qcusbnmea;WP-S1 NMEA Port;c:\windows\system32\drivers\qcusbnmea.sys [01/10/2010 10:02 65024]
S3 qcusbpcsync;WP-S1 PCSYNC Port;c:\windows\system32\drivers\qcusbpcsync.sys [01/10/2010 10:04 65024]
S3 qcusbser6k;WP-S1 Diagnostic Port;c:\windows\system32\drivers\qcusbser6k.sys [01/10/2010 10:01 65024]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 12:06 12872]
S4 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [05/06/2009 00:50 103680]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-07 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 15:12]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 09:15]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 09:15]
.
2011-06-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.co.uk/broadband
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\1pee75e4.Test profile\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-07 09:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
@DACL=(02 0000)
"Status"=dword:00000000
"RsopStatus"=dword:00000000
"LastPolicyTime"=dword:00d15a20
"PrevSlowLink"=dword:00000000
"PrevRsopLogging"=dword:00000001
"ForceRefreshFG"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
"PreviousPolicyAreas"=dword:00000000
"Status"=dword:00000000
"RsopStatus"=dword:00000000
"LastPolicyTime"=dword:00d15a20
"PrevSlowLink"=dword:00000000
"PrevRsopLogging"=dword:00000001
"ForceRefreshFG"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
"Status"=dword:00000000
"RsopStatus"=dword:80070032
"LastPolicyTime"=dword:00d15a20
"PrevSlowLink"=dword:00000000
"PrevRsopLogging"=dword:00000001
"ForceRefreshFG"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\S-1-5-21-3984583359-3248513183-1231678535-1134\GPExtensions]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1492)
c:\windows\system32\WININET.dll
c:\docume~1\Home\LOCALS~1\Temp\catchme.dll
c:\program files\Alcohol Soft\Alcohol 120\AxShlex.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\system32\ieframe.dll
.
Completion time: 2011-06-07 09:11:35
ComboFix-quarantined-files.txt 2011-06-07 08:11
ComboFix2.txt 2011-06-07 07:40
.
Pre-Run: 13,704,167,424 bytes free
Post-Run: 13,679,947,776 bytes free
.
- - End Of File - - BB3E1326E46EE64C2FF3A54666117F53

Many thanks for your continued efforts. I appreciate your help withthis.

David

#64 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,456
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 07 June 2011 - 07:24 PM

Hello

The things you highlited are fine and normal.

I have been going over the reports and I have no more ideas as to what can be done.

It don't happen often but I think this one has us beat.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#65 User is offline   Expert Novice 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 90
  • Joined: 31-August 10

Posted 08 June 2011 - 02:29 AM

Ok. Many thanks for trying anyway. As I was saying perhaps this is all being caused by something other than malware and it just happened to start at the same time. I will try posting in the XP section and see if anyone there has any ideas.

Thanks again

David

#66 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,456
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 08 June 2011 - 07:07 AM

Let me know if they do find something I would like to know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#67 User is offline   Expert Novice 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 90
  • Joined: 31-August 10

Posted 08 June 2011 - 12:25 PM

I will. New thread here if you want to keep an eye on it.

Many thanks

David

#68 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,456
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 09 June 2011 - 01:25 PM

thank you I am watching it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#69 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,456
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 12 June 2011 - 02:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


  • 5 Pages +
  • « First
  • 3
  • 4
  • 5
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users