Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Trojans, Etc


  • This topic is locked This topic is locked
8 replies to this topic

#1 mbren

mbren

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 01 September 2007 - 04:36 PM

Please help, been working on these issues two weeks, followed your prep guide - please look over the log.

EDITING THIS - HAVE WINANTIVIRUS TOO!!

HEELLLLPPPP

Attached Files

  • Attached File  HJT.log   12.14KB   6 downloads

Edited by mbren, 01 September 2007 - 11:37 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:44 AM

Posted 02 September 2007 - 01:14 AM

Please do not attach your logs but copy and paste them in your thread instead.

It is important you follow my steps in the right order without missing any step..

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Then reboot.

After reboot, * Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 mbren

mbren
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 02 September 2007 - 01:09 PM

Hi, thanks for your response.
Nothing came up with the reset tea timer to remove.
Thank you so much for helping we're beyond frustrated!
Here are the new logs:

ComboFix 07-08-30.3 - "patrick" 2007-09-02 10:35:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\idxaomnh.exe
C:\WINDOWS\system32\jqjtaohq.exe
C:\WINDOWS\system32\mubtoupk.exe
C:\WINDOWS\system32\pmnnnol.dll
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak2
C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\xayjgdhg.exe


((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))


2007-09-02 10:30 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-01 21:41 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-01 13:04 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Yahoo!
2007-09-01 12:56 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-09-01 12:56 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-09-01 12:56 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-09-01 12:56 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-09-01 12:56 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-09-01 12:56 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-09-01 12:56 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-09-01 12:55 <DIR> d-------- C:\Program Files\Sygate
2007-09-01 00:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-31 19:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-31 19:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-29 21:16 <DIR> d-------- C:\DOCUME~1\patrick\Bluetooth Software
2007-08-29 20:10 <DIR> d-------- C:\Program Files\Ace Utilities
2007-08-29 18:49 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-29 18:49 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-29 18:49 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-29 18:49 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-29 18:49 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-29 18:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-29 18:49 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-29 15:52 <DIR> d-------- C:\VundoFix Backups
2007-08-28 18:18 <DIR> d-------- C:\DOCUME~1\patrick\.housecall6.6
2007-08-28 15:52 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-08-27 20:33 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-08-27 16:57 1,628,867 --ahs---- C:\WINDOWS\system32\rttss.bak2
2007-08-26 22:34 6,473 --ahs---- C:\WINDOWS\system32\rttss.bak1
2007-08-26 22:08 <DIR> d-------- C:\Program Files\MotiveVNC
2007-08-26 17:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-25 17:31 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-25 15:33 15,360 --a------ C:\WINDOWS\system32\drvpovr.dll
2007-08-22 17:43 18 --a------ C:\OPTION.DAT
2007-08-22 17:42 <DIR> d-------- C:\Program Files\Trymedia
2007-08-22 17:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-21 08:58 <DIR> d-------- C:\DOCUME~1\patrick\APPLIC~1\Talkback
2007-08-16 13:59 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-10 21:39 <DIR> d-------- C:\DOCUME~1\patrick\APPLIC~1\Viewpoint
2007-08-10 15:59 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-08-09 17:39 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-06 20:53 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-08-06 11:37 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-06 11:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-06 11:34 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-08-06 11:34 <DIR> d-------- C:\a44d1c48064b8e21924381e249
2007-08-06 11:25 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-08-06 11:25 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-08-06 11:25 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-08-06 10:58 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-08-06 07:49 <DIR> d-------- C:\My Music
2007-08-05 21:56 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-08-05 18:07 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-08-03 13:33 <DIR> d-------- C:\WINDOWS\system32\DRM
2007-08-03 11:58 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-08-03 11:58 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-08-03 08:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-08-03 00:04 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-08-03 00:02 <DIR> d-------- C:\Program Files\MSBuild
2007-08-03 00:01 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-08-02 23:57 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-08-02 23:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-02 23:33 <DIR> dr-h----- C:\MSOCache
2007-08-02 22:56 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-08-02 22:52 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-02 14:39 <DIR> d-------- C:\Program Files\Citrix
2007-08-02 14:39 <DIR> d-------- C:\DOCUME~1\patrick\APPLIC~1\ICAClient


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-31 19:45 --------- d-------- C:\Program Files\Lavasoft
2007-08-31 17:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-31 11:19 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-29 21:53 --------- d-------- C:\Program Files\GammonEmpire
2007-08-29 20:18 --------- d-------- C:\Program Files\RGB
2007-08-29 20:18 --------- d-------- C:\Program Files\Land Desktop R2
2007-08-29 20:18 --------- d-------- C:\DOCUME~1\patrick\APPLIC~1\GetRightToGo
2007-08-29 20:18 --------- d-------- C:\DOCUME~1\patrick\APPLIC~1\BitTorrent
2007-08-29 20:15 --------- d-------- C:\DOCUME~1\patrick\APPLIC~1\uTorrent
2007-08-29 16:15 212849 --a------ C:\Program Files\hijackthis.zip
2007-08-27 17:44 2864 --a------ C:\WINDOWS\system32\winsock.dll
2007-08-27 17:44 2864 --a------ C:\WINDOWS\system32\dllcache\winsock.dll
2007-08-25 17:59 --------- d-------- C:\Program Files\Common Files\Sandlot Shared
2007-08-21 08:57 --------- d-------- C:\Program Files\DivX
2007-08-10 21:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-10 08:16 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-06 20:53 --------- d-------- C:\Program Files\Dell
2007-08-06 11:51 --------- d-------- C:\Program Files\UltimateBet
2007-08-05 17:47 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-05 15:54 --------- d-------- C:\Program Files\Creative
2007-08-05 15:48 --------- d-------- C:\Program Files\Microsoft Works
2007-08-03 13:18 --------- d-------- C:\DOCUME~1\patrick\APPLIC~1\Apple Computer
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 23:33 --------- d-------- C:\Program Files\Yahoo! Games
2007-07-25 19:53 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-25 19:53 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-25 17:46 --------- d-------- C:\Program Files\Kudos
2007-07-23 09:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-07-22 17:02 --------- d-------- C:\Program Files\QuickTime
2007-07-21 18:17 --------- d-------- C:\Program Files\Apple Software Update
2007-07-21 18:16 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-21 18:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-12 13:00 --------- d-------- C:\DOCUME~1\patrick\APPLIC~1\Help
2007-07-12 12:58 --------- d-------- C:\Program Files\Common Files\Trimble
2007-07-12 12:20 --------- d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 20:46 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-16 21:14 7607904 --a------ C:\Program Files\yahoo_pizzafrenzy1-1_tm5-3.exe
2007-05-16 21:11 13014840 --a------ C:\Program Files\yahoo_flowerquest_tm5-3.exe
2007-05-16 20:29 10810328 --a------ C:\Program Files\yahoo_sbdinerdash_tm5-3.exe
2007-04-14 13:34 267 --a------ C:\Program Files\serial.txt
2007-04-14 13:07 7718504 --a------ C:\Program Files\winzip110.exe
2007-02-09 20:06 167068 --a------ C:\Program Files\farmtemp.exe
2006-11-18 11:52 7096 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ypinfo.bin
2006-11-08 17:49 7561192 --a------ C:\Program Files\ubsetup.exe
2006-10-29 20:39 5917128 --a------ C:\Program Files\PartyPokerSetup.exe
2006-10-29 19:26 36656704 --a------ C:\Program Files\iTunesSetup.exe
2007-04-08 17:05:59 88 --sh--r C:\WINDOWS\system32\2DA11AD1FF.sys
2007-04-08 17:06:01 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F74B95D-23BD-431D-95BA-80B825DD4B10}]
C:\WINDOWS\system32\gebcc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AA69BFE-FF0B-4062-8929-EC6EF014E8A5}]
C:\WINDOWS\system32\pmnli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC3FA250-79A1-426F-8950-69A8841F3052}]
C:\WINDOWS\system32\ssttr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC47F265-ECC2-4377-9526-06D8FE705634}]
C:\WINDOWS\system32\ssttq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 00:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 00:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 00:45]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 09:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 07:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 07:28]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 14:30 C:\WINDOWS\stsystra.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 15:03]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 07:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli]
C:\WINDOWS\system32\pmnli.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineij32]
wineij32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AAWTray"=C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]


Contents of the 'Scheduled Tasks' folder
2007-08-15 20:46:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 10:57:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-02 10:59:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-02 10:59

--- E O F ---


And hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 11:01:56 AM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\PROGRA~1\Sygate\SPF\smc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\patrick\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061012
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8F74B95D-23BD-431D-95BA-80B825DD4B10} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: (no name) - {9AA69BFE-FF0B-4062-8929-EC6EF014E8A5} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: (no name) - {AC3FA250-79A1-426F-8950-69A8841F3052} - C:\WINDOWS\system32\ssttr.dll (file missing)
O2 - BHO: (no name) - {DC47F265-ECC2-4377-9526-06D8FE705634} - C:\WINDOWS\system32\ssttq.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAg...ctiveX/smsx.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n028p/EN/install/gtdownlr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186705352796
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...107/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Pr

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:44 AM

Posted 02 September 2007 - 01:17 PM

Hi,

A note first... I see you have PartyPoker and UltimateBet installed.
If you didn't install it with intension to play with, I suggest you uninstall it, because in most cases, these programs are supported by malware, getting installed without asking for it and also lead you to sites where malware is lurking.
If you do play it, then leave it alone.

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\system32\rttss.bak1

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F74B95D-23BD-431D-95BA-80B825DD4B10}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AA69BFE-FF0B-4062-8929-EC6EF014E8A5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC3FA250-79A1-426F-8950-69A8841F3052}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC47F265-ECC2-4377-9526-06D8FE705634}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineij32]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Also, Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\system32\drvpovr.dll

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.

Do the same for this file as well:

C:\Program Files\farmtemp.exe

So post the results from that file in your next reply too. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 mbren

mbren
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 02 September 2007 - 02:28 PM

Hi - you are fast!! Don't let us hinder your holiday plans. :thumbsup:

My boyfriend freaked out when I suggested deleting Party Poker and Ultimate Bet. He says he has one of the largest play money accts on the site. He is addicted, but he wants his computer to work, so if we must delete, we will.

One other thing - both times that I've started ComboFix now, Avast comes on immediately to tell me that a Trojan has been found, and I delete, FYI.

Here are the new logs and file scans:

ComboFix 07-08-30.3 - "patrick" 2007-09-02 11:39:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.549 [GMT -7:00]
* Created a new restore point

FILE::
C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\system32\rttss.bak1


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\ccbeg.bak1.bad
C:\VundoFix Backups\ccbeg.bak2.bad
C:\VundoFix Backups\ccbeg.ini.bad
C:\VundoFix Backups\gebcc.dll.bad
C:\VundoFix Backups\ilnmp.bak1.bad
C:\VundoFix Backups\ilnmp.bak2.bad
C:\VundoFix Backups\ilnmp.ini.bad
C:\VundoFix Backups\qttss.bak1.bad
C:\VundoFix Backups\qttss.bak2.bad
C:\VundoFix Backups\qttss.ini.bad
C:\VundoFix Backups\ssttq.dll.bad
C:\VundoFix Backups\ssttr.dll.bad
C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\system32\rttss.bak2


((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))


2007-09-02 10:30 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-01 21:41 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-01 13:04 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Yahoo!
2007-09-01 12:56 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-09-01 12:56 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-09-01 12:56 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-09-01 12:56 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-09-01 12:56 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-09-01 12:56 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-09-01 12:56 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-09-01 12:55 <DIR> d-------- C:\Program Files\Sygate
2007-09-01 00:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-31 19:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-31 19:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-29 21:16 <DIR> d-------- C:\DOCUME~1\patrick\Bluetooth Software
2007-08-29 20:10 <DIR> d-------- C:\Program Files\Ace Utilities
2007-08-29 18:49 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-29 18:49 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-29 18:49 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-29 18:49 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-29 18:49 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-29 18:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-29 18:49 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-28 18:18 <DIR> d-------- C:\DOCUME~1\patrick\.housecall6.6
2007-08-28 15:52 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-08-27 20:33 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-08-26 22:08 <DIR> d-------- C:\Program Files\MotiveVNC
2007-08-26 17:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-25 17:31 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-25 15:33 15,360 --a------ C:\WINDOWS\system32\drvpovr.dll
2007-08-22 17:43 18 --a------ C:\OPTION.DAT
2007-08-22 17:42 <DIR> d-------- C:\Program Files\Trymedia
2007-08-22 17:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-21 08:58 <DIR> d-------- C:\DOCUME~1\patrick\APPLIC~1\Talkback
2007-08-16 13:59 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-10 21:39 <DIR> d-------- C:\DOCUME~1\patrick\APPLIC~1\Viewpoint
2007-08-10 15:59 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-08-09 17:39 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-06 20:53 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-08-06 11:37 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-06 11:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-06 11:34 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-08-06 11:34 <DIR> d-------- C:\a44d1c48064b8e21924381e249
2007-08-06 11:25 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-08-06 11:25 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-08-06 11:25 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-08-06 10:58 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-08-06 07:49 <DIR> d-------- C:\My Music
2007-08-05 21:56 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-08-05 18:07 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-08-03 13:33 <DIR> d-------- C:\WINDOWS\system32\DRM
2007-08-03 11:58 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-08-03 11:58 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-08-03 08:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-08-03 00:04 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-08-03 00:02 <DIR> d-------- C:\Program Files\MSBuild
2007-08-03 00:01 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-08-02 23:57 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-08-02 23:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-02 23:33 <DIR> dr-h----- C:\MSOCache
2007-08-02 22:56 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-08-02 22:52 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-02 14:39 <DIR> d-------- C:\Program Files\Citrix
2007-08-02 14:39 <DIR> d-------- C:\DOCUME~1\patrick\APPLIC~1\ICAClient


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-31 19:45 --------- d-------- C:\Program Files\Lavasoft
2007-08-31 17:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-31 11:19 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-29 21:53 --------- d-------- C:\Program Files\GammonEmpire
2007-08-29 20:18 --------- d-------- C:\Program Files\RGB
2007-08-29 20:18 --------- d-------- C:\Program Files\Land Desktop R2
2007-08-29 20:18 --------- d-------- C:\DOCUME~1\patrick\APPLIC~1\GetRightToGo
2007-08-29 20:18 --------- d-------- C:\DOCUME~1\patrick\APPLIC~1\BitTorrent
2007-08-29 20:15 --------- d-------- C:\DOCUME~1\patrick\APPLIC~1\uTorrent
2007-08-29 16:15 212849 --a------ C:\Program Files\hijackthis.zip
2007-08-27 17:44 2864 --a------ C:\WINDOWS\system32\winsock.dll
2007-08-27 17:44 2864 --a------ C:\WINDOWS\system32\dllcache\winsock.dll
2007-08-25 17:59 --------- d-------- C:\Program Files\Common Files\Sandlot Shared
2007-08-21 08:57 --------- d-------- C:\Program Files\DivX
2007-08-10 21:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-10 08:16 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-06 20:53 --------- d-------- C:\Program Files\Dell
2007-08-06 11:51 --------- d-------- C:\Program Files\UltimateBet
2007-08-05 17:47 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-05 15:54 --------- d-------- C:\Program Files\Creative
2007-08-05 15:48 --------- d-------- C:\Program Files\Microsoft Works
2007-08-03 13:18 --------- d-------- C:\DOCUME~1\patrick\APPLIC~1\Apple Computer
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 23:33 --------- d-------- C:\Program Files\Yahoo! Games
2007-07-25 19:53 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-25 19:53 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-25 17:46 --------- d-------- C:\Program Files\Kudos
2007-07-23 09:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-07-22 17:02 --------- d-------- C:\Program Files\QuickTime
2007-07-21 18:17 --------- d-------- C:\Program Files\Apple Software Update
2007-07-21 18:16 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-21 18:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-12 13:00 --------- d-------- C:\DOCUME~1\patrick\APPLIC~1\Help
2007-07-12 12:58 --------- d-------- C:\Program Files\Common Files\Trimble
2007-07-12 12:20 --------- d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 20:46 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-16 21:14 7607904 --a------ C:\Program Files\yahoo_pizzafrenzy1-1_tm5-3.exe
2007-05-16 21:11 13014840 --a------ C:\Program Files\yahoo_flowerquest_tm5-3.exe
2007-05-16 20:29 10810328 --a------ C:\Program Files\yahoo_sbdinerdash_tm5-3.exe
2007-04-14 13:34 267 --a------ C:\Program Files\serial.txt
2007-04-14 13:07 7718504 --a------ C:\Program Files\winzip110.exe
2007-02-09 20:06 167068 --a------ C:\Program Files\farmtemp.exe
2006-11-18 11:52 7096 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ypinfo.bin
2006-11-08 17:49 7561192 --a------ C:\Program Files\ubsetup.exe
2006-10-29 20:39 5917128 --a------ C:\Program Files\PartyPokerSetup.exe
2006-10-29 19:26 36656704 --a------ C:\Program Files\iTunesSetup.exe
2007-04-08 17:05:59 88 --sh--r C:\WINDOWS\system32\2DA11AD1FF.sys
2007-04-08 17:06:01 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((( snapshot_2007-09-02_105851.81 )))))))))))))))))))))))))))))))))))))))))

----atw 16,384 2007-09-02 18:42:51 C:\WINDOWS\Temp\Perflib_Perfdata_164.dat
----atw 16,384 2007-09-02 18:43:00 C:\WINDOWS\Temp\Perflib_Perfdata_758.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 00:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 00:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 00:45]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 09:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 07:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 07:28]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 14:30 C:\WINDOWS\stsystra.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 15:03]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 07:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AAWTray"=C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]


Contents of the 'Scheduled Tasks' folder
2007-08-15 20:46:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 11:45:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-02 11:47:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-02 11:46
C:\ComboFix2.txt ... 2007-09-02 10:59

--- E O F ---


and Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 12:26:28 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\patrick\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061012
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAg...ctiveX/smsx.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n028p/EN/install/gtdownlr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186705352796
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...107/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


And file scans:


File drvpovr.dll received on 09.02.2007 20:53:47 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 2/31 (6.46%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.9.1.0 2007.09.01 -
AntiVir 7.4.1.66 2007.09.01 -
Authentium 4.93.8 2007.09.02 -
Avast 4.7.1029.0 2007.09.02 -
AVG 7.5.0.484 2007.09.02 -
BitDefender 7.2 2007.09.02 -
CAT-QuickHeal 9.00 2007.09.01 -
ClamAV 0.91.2 2007.09.02 -
DrWeb 4.33 2007.09.02 -
eSafe 7.0.15.0 2007.09.02 -
eTrust-Vet 31.1.5100 2007.08.31 -
Ewido 4.0 2007.09.02 -
FileAdvisor 1 2007.09.02 -
Fortinet 3.11.0.0 2007.09.02 -
F-Prot 4.3.2.48 2007.09.02 -
F-Secure 6.70.13030.0 2007.09.02 -
Ikarus T3.1.1.12 2007.09.02 -
Kaspersky 4.0.2.24 2007.09.02 -
McAfee 5110 2007.08.31 -
Microsoft 1.2803 2007.09.02 -
NOD32v2 2497 2007.09.01 -
Norman 5.80.02 2007.09.02 -
Panda 9.0.0.4 2007.09.02 Spyware/Virtumonde
Prevx1 V2 2007.09.02 -
Rising 19.38.62.00 2007.09.02 -
Sophos 4.21.0 2007.09.02 -
Symantec 10 2007.09.02 WinAntiSpyware
TheHacker 6.1.9.175 2007.09.02 -
VBA32 3.12.2.3 2007.09.01 -
VirusBuster 4.3.26:9 2007.09.02 -
Webwasher-Gateway 6.0.1 2007.09.01 -
Additional information
File size: 15360 bytes
MD5: 9579f6233fd5847534bc9f18e780efad
SHA1: 35c212e5c2d50d0972db6feb1255b55c97620aad


File farmtemp.exe received on 09.02.2007 21:05:31 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 1/32 (3.13%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.9.1.0 2007.09.01 -
AntiVir 7.4.1.66 2007.09.01 -
Authentium 4.93.8 2007.09.02 -
Avast 4.7.1029.0 2007.09.02 -
AVG 7.5.0.484 2007.09.02 -
BitDefender 7.2 2007.09.02 -
CAT-QuickHeal 9.00 2007.09.01 -
ClamAV 0.91.2 2007.09.02 -
DrWeb 4.33 2007.09.02 -
eSafe 7.0.15.0 2007.09.02 -
eTrust-Vet 31.1.5100 2007.08.31 -
Ewido 4.0 2007.09.02 -
FileAdvisor 1 2007.09.02 -
Fortinet 3.11.0.0 2007.09.02 -
F-Prot 4.3.2.48 2007.09.02 -
F-Secure 6.70.13030.0 2007.09.02 -
Ikarus T3.1.1.12 2007.09.02 -
Kaspersky 4.0.2.24 2007.09.02 -
McAfee 5110 2007.08.31 -
Microsoft 1.2803 2007.09.02 -
NOD32v2 2497 2007.09.01 -
Norman 5.80.02 2007.09.02 -
Panda 9.0.0.4 2007.09.02 -
Prevx1 V2 2007.09.02 -
Rising 19.38.62.00 2007.09.02 -
Sophos 4.21.0 2007.09.02 -
Sunbelt 2.2.907.0 2007.08.31 -
Symantec 10 2007.09.02 -
TheHacker 6.1.9.175 2007.09.02 -
VBA32 3.12.2.3 2007.09.01 -
VirusBuster 4.3.26:9 2007.09.02 -
Webwasher-Gateway 6.0.1 2007.09.01 Exploit.Win32.MSWord-Repair-CodeExec.gen (suspicious)
Additional information
File size: 167068 bytes
MD5: c5e164c8d2322c492911db80a5c625c0
SHA1: 28d7457e748074e759a6c4176b81deac1d1ee7dd
packers: ZIP



Thank you again

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:44 AM

Posted 03 September 2007 - 01:01 AM

Hi,

Navigate to and delete next files:

C:\Program Files\farmtemp.exe
C:\WINDOWS\system32\drvpovr.dll

Also delete next folder:

C:\Qoobox

My boyfriend freaked out when I suggested deleting Party Poker and Ultimate Bet. He says he has one of the largest play money accts on the site. He is addicted, but he wants his computer to work, so if we must delete, we will.

No need to uninstall it if your boyfriend did install it. Sometimes it happens that PartyPoker and other pokergames are installed by malware - so people are not aware of it that it is installed. But in this case, your boyfriend did install it with the intension to play it, so this is a different situation.
Just tell him to be aware what he clicks while playing the game - in case it opens an online page with extra links to other sites. :thumbsup:

One more thing though.. Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 2.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 2".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 mbren

mbren
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 03 September 2007 - 05:33 PM

Hi, things seem to be OK. I did new scans, Spybot and Avast found nothing, but Ad-aware found some Zeno and 2o7 objects, which I deleted.

We are not seeing any popups or having any problems, and shut down and start up spped is very improved.

Is there anything else we should do, or any protection we need?

Also, can I delete Combofix and Vundofix now or should I see how things go.

Thanks again.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:44 AM

Posted 03 September 2007 - 05:38 PM

Hi,

Yes, delete Combofix and Vundofix.

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:44 AM

Posted 07 September 2007 - 08:42 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users