Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Removal


  • Please log in to reply
9 replies to this topic

#1 shamonemofo

shamonemofo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 September 2007 - 08:12 AM

I have had a few different malware on my computer that i can not remove
Here are my logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:48, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
P:\Ad-Aware 2007\aawservice.exe
p:\Alwil Software\Avast4\aswUpdSv.exe
p:\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
P:\AVG Anti-Spyware 7.5\guard.exe
p:\Grisoft\AVG7\avgamsvr.exe
p:\Grisoft\AVG7\avgupsvc.exe
p:\Comodo\CBOClean\BOCORE.exe
P:\Comodo\Firewall\cmdagent.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
I:\WINDOWS\system32\wwSecure.exe
p:\Alwil Software\Avast4\ashMaiSv.exe
p:\Alwil Software\Avast4\ashWebSv.exe
P:\Microsoft Office\Office12\GrooveMonitor.exe
I:\WINDOWS\SOUNDMAN.EXE
P:\Grisoft\AVG7\avgcc.exe
I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
P:\Comodo\Firewall\CPF.exe
P:\Comodo\CBOClean\BOC425.exe
P:\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
I:\Program Files\MSN Messenger\MsnMsgr.Exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
P:\ABIT\abiteq.exe
I:\Program Files\Google\Google Updater\GoogleUpdater.exe
P:\BESTCR~1\BCResident.exe
I:\Program Files\MSN Messenger\usnsvc.exe
I:\WINDOWS\system32\wuauclt.exe
P:\Mozilla Firefox\firefox.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39796DAA-7966-41C9-994F-0E12621CB841} - I:\WINDOWS\system32\jkhfc.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - P:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - p:\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [GrooveMonitor] "P:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] p:\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "P:\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "P:\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BOC-425] p:\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [avast!] p:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MilShieldSlave] "I:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] p:\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ABIT EQ.lnk = ?
O4 - Global Startup: BestCrypt Auto Open.lnk = P:\BestCrypt\BestCrypt.exe
O4 - Global Startup: Google Updater.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189416299625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183282341687
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - P:\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: hplun.dll
O20 - Winlogon Notify: byxvwvs - I:\WINDOWS\
O20 - Winlogon Notify: jkhfc - I:\WINDOWS\system32\jkhfc.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - P:\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - p:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - p:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - p:\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - p:\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - P:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - p:\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - p:\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BOCore - COMODO - p:\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - P:\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MilShieldCleaner - Unknown owner - I:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - I:\WINDOWS\system32\wwSecure.exe

--
End of file - 7593 bytes


ComboFix 07-09-21.2 - "Machine1" 2007-09-24 14:02:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1540 [GMT 1:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\DOCUME~1\Machine1\APPLIC~1\inst.exe
I:\WINDOWS\144.exe
I:\WINDOWS\system32\aocisonf.dll
I:\WINDOWS\system32\efjnmsqx.ini
I:\WINDOWS\system32\fnosicoa.ini
I:\WINDOWS\system32\pwdxdiar.ini
I:\WINDOWS\system32\raidxdwp.dll
I:\WINDOWS\system32\tqvmrwfy.dll
I:\WINDOWS\system32\vtutu.dll
I:\WINDOWS\system32\xqsmnjfe.dll
I:\WINDOWS\system32\yfwrmvqt.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 )))))))))))))))))))))))))))))))
.

2007-09-24 13:57 51,200 --a------ I:\WINDOWS\NirCmd.exe
2007-09-24 13:06 3,500 --a------ I:\WINDOWS\system32\tmp.reg
2007-09-24 12:02 95,608 --a------ I:\WINDOWS\system32\AvastSS.scr
2007-09-24 12:02 94,416 --a------ I:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-24 12:02 92,848 --a------ I:\WINDOWS\system32\drivers\aswmon.sys
2007-09-24 12:02 801,144 --a------ I:\WINDOWS\system32\aswBoot.exe
2007-09-24 12:02 42,912 --a------ I:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-24 12:02 26,624 --a------ I:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-24 12:02 23,152 --a------ I:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-23 11:16 85,568 --a------ I:\WINDOWS\system32\syvadiep.dll
2007-09-22 08:44 235,008 --a------ I:\WINDOWS\UNBOC.EXE
2007-09-22 08:44 208,896 --a------ I:\WINDOWS\CMDLIC.DLL
2007-09-22 08:44 <DIR> d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\BOC425
2007-09-22 00:58 <DIR> d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-21 17:54 <DIR> d-------- I:\Program Files\Mil Incorporated
2007-09-21 17:45 1,338,582 --ahs---- I:\WINDOWS\system32\ututv.bak2
2007-09-20 14:05 1,341,619 --ahs---- I:\WINDOWS\system32\ututv.bak1
2007-09-20 14:05 1,338,341 --ahs---- I:\WINDOWS\system32\ututv.ini2
2007-09-14 11:10 <DIR> d-------- I:\DOCUME~1\Machine1\APPLIC~1\Comodo
2007-09-14 11:10 <DIR> d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-09-14 09:39 11,264 --a------ I:\WINDOWS\system32\SpOrder.dll
2007-09-14 09:39 <DIR> d-------- I:\DOCUME~1\Machine1\APPLIC~1\MailFrontier
2007-09-14 09:17 1,355,149 --ahs---- I:\WINDOWS\system32\cfhkj.bak2
2007-09-12 17:52 109,600 --a------ I:\WINDOWS\system32\sptll.dll
2007-09-12 17:52 1,355,659 --ahs---- I:\WINDOWS\system32\cfhkj.bak1
2007-09-11 10:16 <DIR> d-------- I:\DOCUME~1\Machine1\APPLIC~1\VMware
2007-09-11 10:16 <DIR> d-------- I:\DOCUME~1\Machine1\APPLIC~1\sabayonlinux
2007-09-11 09:59 <DIR> d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-10 23:20 626,688 --a------ I:\WINDOWS\system32\msvcr80.dll
2007-09-10 23:16 <DIR> d-------- I:\DOCUME~1\LOCALS~1\APPLIC~1\VMware
2007-09-10 23:15 <DIR> d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\VMware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-24 12:01 --------- d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-19 18:10 --------- d-------- I:\DOCUME~1\Machine1\APPLIC~1\dvdcss
2007-09-11 09:58 --------- d-------- I:\Program Files\Common Files\Wise Installation Wizard
2007-09-06 16:14 1086952 --a------ I:\WINDOWS\system32\zpeng24.dll
2007-09-04 12:51 --------- d-------- I:\DOCUME~1\Machine1\APPLIC~1\Vso
2007-08-20 22:27 --------- d-------- I:\DOCUME~1\Machine1\APPLIC~1\Apple Computer
2007-08-20 22:27 --------- d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-09 16:46 --------- d--h----- I:\Program Files\InstallShield Installation Information
2007-08-07 13:58 8320 --a------ I:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ I:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-03 11:50 --------- d-------- I:\Program Files\Common Files\Webroot Shared
2007-07-30 19:19 92504 --a------ I:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ I:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ I:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ I:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ I:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ I:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ I:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ I:\WINDOWS\system32\wups.dll
2007-07-24 11:23 --------- d-------- I:\DOCUME~1\Machine1\APPLIC~1\Opera
2007-07-03 19:43 47360 --a------ I:\DOCUME~1\Machine1\APPLIC~1\pcouffin.sys
2007-07-01 10:13 499712 --a------ I:\WINDOWS\system32\msvcp71.dll
2007-07-01 10:13 348160 --a------ I:\WINDOWS\system32\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39796DAA-7966-41C9-994F-0E12621CB841}]
I:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="I:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"EPSON Stylus Photo R220 Series"="I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.exe" [2005-03-09 05:00]
"GrooveMonitor"="P:\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 10:41 I:\WINDOWS\SOUNDMAN.EXE]
"AVG7_CC"="p:\Grisoft\AVG7\avgcc.exe" [2007-09-14 09:19]
"QuickTime Task"="P:\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"COMODO Firewall Pro"="P:\Comodo\Firewall\CPF.exe" [2007-09-14 11:08]
"BOC-425"="p:\Comodo\CBOClean\BOC425.exe" [2007-08-08 19:49]
"avast!"="p:\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 10:04]
"MsnMsgr"="I:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MilShieldSlave"="I:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" [2007-09-21 17:54]

I:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
ABIT EQ.lnk - P:\ABIT\abiteq.exe [2007-07-01 09:58:42]
BestCrypt Auto Open.lnk - P:\BestCrypt\BestCrypt.exe [2007-02-14 13:58:33]
Google Updater.lnk - I:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-01 10:04:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvwvs]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc]
I:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=hplun.dll

R1 BC_3DES;BC_3DES;I:\WINDOWS\system32\drivers\BC_3DES.sys
R1 BC_BF128;BC_BF128;I:\WINDOWS\system32\drivers\BC_BF128.sys
R1 BC_BF448;BC_BF448;I:\WINDOWS\system32\drivers\BC_BF448.sys
R1 BC_BFish;BC_BFish;I:\WINDOWS\system32\drivers\BC_BFish.sys
R1 BC_CAST;BC_CAST;I:\WINDOWS\system32\drivers\BC_CAST.sys
R1 BC_DES;BC_DES;I:\WINDOWS\system32\drivers\BC_DES.sys
R1 BC_Gost;BC_Gost;I:\WINDOWS\system32\drivers\BC_Gost.sys
R1 BC_RC6;BC_RC6;I:\WINDOWS\system32\drivers\BC_RC6.sys
R1 BC_RIJN;BC_RIJN;I:\WINDOWS\system32\drivers\BC_RIJN.sys
R1 BC_SERP;BC_SERP;I:\WINDOWS\system32\drivers\BC_SERP.sys
R1 BC_TFISH;BC_TFISH;I:\WINDOWS\system32\drivers\BC_TFISH.sys
R1 bcbus;BestCrypt bus driver;I:\WINDOWS\system32\DRIVERS\bcbus.sys
R1 fsh;fsh;I:\WINDOWS\system32\drivers\fsh.sys
R3 BOCDRIVE;BOClean Kernel Monitor.;\??\p:\Comodo\CBOClean\BOCDRIVE.sys
R3 mhk;mhk;I:\WINDOWS\system32\drivers\mhk.sys
R3 moh;moh;I:\WINDOWS\system32\drivers\moh.sys
R3 WBHWDOCT;Winbond GPIO Driver1;I:\WINDOWS\system32\drivers\WBHWDOCT.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-21 20:46:01 I:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- I:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-24 14:07:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-24 14:08:00 - machine was rebooted
I:\ComboFix-quarantined-files.txt ... 2007-09-24 14:08
.
--- E O F ---
Hope you can help.

Thanks

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 September 2007 - 10:35 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum shamonemofo :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

You have Avast4 and AVG7 Antivirus installed.
Its definitely not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one of them now,then restart your pc.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
I:\WINDOWS\system32\syvadiep.dll
I:\WINDOWS\system32\ututv.bak2
I:\WINDOWS\system32\ututv.bak1
I:\WINDOWS\system32\ututv.ini2
I:\WINDOWS\system32\cfhkj.bak2
I:\WINDOWS\system32\sptll.dll
I:\WINDOWS\system32\cfhkj.bak1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39796DAA-7966-41C9-994F-0E12621CB841}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvwvs]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc]

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#3 shamonemofo

shamonemofo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 25 September 2007 - 03:28 AM

Ok done that here are the new logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:26:14, on 25/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
P:\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
P:\AVG Anti-Spyware 7.5\guard.exe
p:\Grisoft\AVG7\avgamsvr.exe
p:\Grisoft\AVG7\avgupsvc.exe
p:\Comodo\CBOClean\BOCORE.exe
P:\Comodo\Firewall\cmdagent.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
I:\WINDOWS\system32\wwSecure.exe
P:\Microsoft Office\Office12\GrooveMonitor.exe
I:\WINDOWS\SOUNDMAN.EXE
P:\Grisoft\AVG7\avgcc.exe
I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
P:\Comodo\Firewall\CPF.exe
P:\Comodo\CBOClean\BOC425.exe
I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
I:\Program Files\MSN Messenger\MsnMsgr.Exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
I:\Program Files\Google\Google Updater\GoogleUpdater.exe
P:\BESTCR~1\BCResident.exe
I:\Program Files\MSN Messenger\usnsvc.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - P:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - p:\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [GrooveMonitor] "P:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] p:\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "P:\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "P:\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BOC-425] p:\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MilShieldSlave] "I:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] p:\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ABIT EQ.lnk = ?
O4 - Global Startup: BestCrypt Auto Open.lnk = P:\BestCrypt\BestCrypt.exe
O4 - Global Startup: Google Updater.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189416299625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183282341687
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - P:\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: hplun.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - P:\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - P:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - p:\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - p:\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BOCore - COMODO - p:\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - P:\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MilShieldCleaner - Unknown owner - I:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - I:\WINDOWS\system32\wwSecure.exe

--
End of file - 6676 bytes


ComboFix 07-09-21.2 - "Machine1" 2007-09-25 9:22:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1592 [GMT 1:00]
* Created a new restore point

FILE::
I:\WINDOWS\system32\syvadiep.dll
I:\WINDOWS\system32\ututv.bak2
I:\WINDOWS\system32\ututv.bak1
I:\WINDOWS\system32\ututv.ini2
I:\WINDOWS\system32\cfhkj.bak2
I:\WINDOWS\system32\sptll.dll
I:\WINDOWS\system32\cfhkj.bak1
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\WINDOWS\system32\cfhkj.bak1
I:\WINDOWS\system32\cfhkj.bak2
I:\WINDOWS\system32\sptll.dll
I:\WINDOWS\system32\syvadiep.dll
I:\WINDOWS\system32\ututv.bak1
I:\WINDOWS\system32\ututv.bak2
I:\WINDOWS\system32\ututv.ini2

.
((((((((((((((((((((((((( Files Created from 2007-08-25 to 2007-09-25 )))))))))))))))))))))))))))))))
.

2007-09-24 14:10 <DIR> d-------- I:\Program Files\Trend Micro
2007-09-24 13:57 51,200 --a------ I:\WINDOWS\NirCmd.exe
2007-09-24 13:06 3,500 --a------ I:\WINDOWS\system32\tmp.reg
2007-09-22 08:44 235,008 --a------ I:\WINDOWS\UNBOC.EXE
2007-09-22 08:44 208,896 --a------ I:\WINDOWS\CMDLIC.DLL
2007-09-22 08:44 <DIR> d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\BOC425
2007-09-22 00:58 <DIR> d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-21 17:54 <DIR> d-------- I:\Program Files\Mil Incorporated
2007-09-14 11:10 <DIR> d-------- I:\DOCUME~1\Machine1\APPLIC~1\Comodo
2007-09-14 11:10 <DIR> d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-09-14 09:39 11,264 --a------ I:\WINDOWS\system32\SpOrder.dll
2007-09-14 09:39 <DIR> d-------- I:\DOCUME~1\Machine1\APPLIC~1\MailFrontier
2007-09-11 10:16 <DIR> d-------- I:\DOCUME~1\Machine1\APPLIC~1\VMware
2007-09-11 10:16 <DIR> d-------- I:\DOCUME~1\Machine1\APPLIC~1\sabayonlinux
2007-09-11 09:59 <DIR> d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-10 23:20 626,688 --a------ I:\WINDOWS\system32\msvcr80.dll
2007-09-10 23:16 <DIR> d-------- I:\DOCUME~1\LOCALS~1\APPLIC~1\VMware
2007-09-10 23:15 <DIR> d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\VMware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-24 14:36 --------- d-------- I:\DOCUME~1\Machine1\APPLIC~1\dvdcss
2007-09-24 12:01 --------- d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-11 09:58 --------- d-------- I:\Program Files\Common Files\Wise Installation Wizard
2007-09-06 16:14 1086952 --a------ I:\WINDOWS\system32\zpeng24.dll
2007-09-04 12:51 --------- d-------- I:\DOCUME~1\Machine1\APPLIC~1\Vso
2007-08-20 22:27 --------- d-------- I:\DOCUME~1\Machine1\APPLIC~1\Apple Computer
2007-08-20 22:27 --------- d-------- I:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-09 16:46 --------- d--h----- I:\Program Files\InstallShield Installation Information
2007-08-07 13:58 8320 --a------ I:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ I:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-03 11:50 --------- d-------- I:\Program Files\Common Files\Webroot Shared
2007-07-30 19:19 92504 --a------ I:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ I:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ I:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ I:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ I:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ I:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ I:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ I:\WINDOWS\system32\wups.dll
2007-07-03 19:43 47360 --a------ I:\DOCUME~1\Machine1\APPLIC~1\pcouffin.sys
2007-07-01 10:13 499712 --a------ I:\WINDOWS\system32\msvcp71.dll
2007-07-01 10:13 348160 --a------ I:\WINDOWS\system32\msvcr71.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-24_140740.59 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 262,144 2007-09-25 08:18:43 I:\WINDOWS\system32\config\systemprofile\NtUser.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="I:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"EPSON Stylus Photo R220 Series"="I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.exe" [2005-03-09 05:00]
"GrooveMonitor"="P:\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 10:41 I:\WINDOWS\SOUNDMAN.EXE]
"AVG7_CC"="p:\Grisoft\AVG7\avgcc.exe" [2007-09-14 09:19]
"QuickTime Task"="P:\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"COMODO Firewall Pro"="P:\Comodo\Firewall\CPF.exe" [2007-09-14 11:08]
"BOC-425"="p:\Comodo\CBOClean\BOC425.exe" [2007-08-08 19:49]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 10:04]
"MsnMsgr"="I:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MilShieldSlave"="I:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" [2007-09-21 17:54]

I:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
ABIT EQ.lnk - P:\ABIT\abiteq.exe [2007-07-01 09:58:42]
BestCrypt Auto Open.lnk - P:\BestCrypt\BestCrypt.exe [2007-02-14 13:58:33]
Google Updater.lnk - I:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-01 10:04:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=hplun.dll

R1 BC_3DES;BC_3DES;I:\WINDOWS\system32\drivers\BC_3DES.sys
R1 BC_BF128;BC_BF128;I:\WINDOWS\system32\drivers\BC_BF128.sys
R1 BC_BF448;BC_BF448;I:\WINDOWS\system32\drivers\BC_BF448.sys
R1 BC_BFish;BC_BFish;I:\WINDOWS\system32\drivers\BC_BFish.sys
R1 BC_CAST;BC_CAST;I:\WINDOWS\system32\drivers\BC_CAST.sys
R1 BC_DES;BC_DES;I:\WINDOWS\system32\drivers\BC_DES.sys
R1 BC_Gost;BC_Gost;I:\WINDOWS\system32\drivers\BC_Gost.sys
R1 BC_RC6;BC_RC6;I:\WINDOWS\system32\drivers\BC_RC6.sys
R1 BC_RIJN;BC_RIJN;I:\WINDOWS\system32\drivers\BC_RIJN.sys
R1 BC_SERP;BC_SERP;I:\WINDOWS\system32\drivers\BC_SERP.sys
R1 BC_TFISH;BC_TFISH;I:\WINDOWS\system32\drivers\BC_TFISH.sys
R1 bcbus;BestCrypt bus driver;I:\WINDOWS\system32\DRIVERS\bcbus.sys
R1 fsh;fsh;I:\WINDOWS\system32\drivers\fsh.sys
R3 BOCDRIVE;BOClean Kernel Monitor.;\??\p:\Comodo\CBOClean\BOCDRIVE.sys
R3 mhk;mhk;I:\WINDOWS\system32\drivers\mhk.sys
R3 moh;moh;I:\WINDOWS\system32\drivers\moh.sys
R3 WBHWDOCT;Winbond GPIO Driver1;I:\WINDOWS\system32\drivers\WBHWDOCT.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-21 20:46:01 I:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- I:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-25 09:24:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-25 9:25:23 - machine was rebooted
I:\ComboFix-quarantined-files.txt ... 2007-09-25 09:25
I:\ComboFix2.txt ... 2007-09-24 14:08
.
--- E O F ---


Thanks

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 25 September 2007 - 05:21 AM

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

Also post a new Hijackthis log.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 shamonemofo

shamonemofo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 25 September 2007 - 05:51 PM

ok heres the Bitdefender Log



BitDefender Online Scanner







Scan report generated at: Tue, Sep 25, 2007 - 23:47:05









Scan path: A:\;C:\;D:\;E:\;F:\;G:\;I:\;K:\;M:\;P:\;Y:\;















Statistics

Time


00:59:46

Files


159238

Folders


4343

Boot Sectors


10

Archives


1140

Packed Files


7373







Results

Identified Viruses


3

Infected Files


4

Suspect Files


1

Warnings


0

Disinfected


0

Deleted Files


5







Engines Info

Virus Definitions


823696

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


14

Archive plugins


38

Unpack plugins


7

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Apps\sscserve.exe


Infected with: Backdoor.Ontarg.E

C:\Apps\sscserve.exe


Disinfection failed

C:\Apps\sscserve.exe


Deleted

C:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP46\A0023573.exe


Infected with: Backdoor.Ontarg.E

C:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP46\A0023573.exe


Disinfection failed

C:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP46\A0023573.exe


Deleted

I:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP36\A0012478.exe=>(RAR Sfx o)=>keygen.exe


Suspected of: BehavesLike:Win32.AV-Killer

I:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP36\A0012478.exe=>(RAR Sfx o)=>keygen.exe


Disinfection failed

I:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP36\A0012478.exe=>(RAR Sfx o)=>keygen.exe


Deleted

I:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP36\A0012478.exe=>(RAR Sfx o)


Update failed

I:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP36\A0012478.exe=>(RAR Sfx o)=>install.exe


Infected with: Win32.Virtob.2.Gen

I:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP36\A0012478.exe=>(RAR Sfx o)=>install.exe


Disinfection failed

I:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP36\A0012478.exe=>(RAR Sfx o)=>install.exe


Deleted

I:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP36\A0012478.exe=>(RAR Sfx o)


Update failed

I:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP36\A0012554.dll


Infected with: Trojan.Downloader.CWS.AN

I:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP36\A0012554.dll


Disinfection failed

I:\System Volume Information\_restore{64E68D1A-3C31-4018-82AC-7C48A0C4D592}\RP36\A0012554.dll


Deleted



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:49:56, on 25/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
P:\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
P:\AVG Anti-Spyware 7.5\guard.exe
p:\Grisoft\AVG7\avgamsvr.exe
p:\Grisoft\AVG7\avgupsvc.exe
p:\Comodo\CBOClean\BOCORE.exe
P:\Comodo\Firewall\cmdagent.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
I:\WINDOWS\system32\wwSecure.exe
P:\Microsoft Office\Office12\GrooveMonitor.exe
I:\WINDOWS\SOUNDMAN.EXE
P:\Comodo\Firewall\CPF.exe
P:\Comodo\CBOClean\BOC425.exe
I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
I:\Program Files\MSN Messenger\MsnMsgr.Exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
I:\Program Files\Google\Google Updater\GoogleUpdater.exe
P:\BESTCR~1\BCResident.exe
I:\Program Files\MSN Messenger\usnsvc.exe
P:\Mozilla Firefox\firefox.exe
I:\Program Files\internet explorer\iexplore.exe
P:\Grisoft\AVG7\avgcc.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - P:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - p:\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [GrooveMonitor] "P:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] p:\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "P:\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "P:\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BOC-425] p:\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MilShieldSlave] "I:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] p:\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ABIT EQ.lnk = ?
O4 - Global Startup: BestCrypt Auto Open.lnk = P:\BestCrypt\BestCrypt.exe
O4 - Global Startup: Google Updater.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189416299625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183282341687
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - P:\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: hplun.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - P:\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - P:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - p:\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - p:\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BOCore - COMODO - p:\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - P:\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MilShieldCleaner - Unknown owner - I:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - I:\WINDOWS\system32\wwSecure.exe

--
End of file - 7041 bytes



The computer seems fine at the minute. the only one that was still a problem from last time was the homepage being changed all the time after i set it

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 26 September 2007 - 09:52 AM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
C:\QOOBOX

Download and install CCleaner:
http://www.ccleaner.com/download/builds/downloading-slim

Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
*Note*
Do not use the Issues block to clean anything with this program.
It is for experts only and it is risky.

Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked.
In the Advanced section,have a check only on Old PreFetch Data.

Click on the Options block on the left.
Select Advanced.
Uncheck "Only delete files in Windows Temp folders older than 48 hours".

Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.

Run Cleaning Scan.
Click on the Cleaner block on the left.
Choose the Windows tab.
Click the Run Cleaner button.
This process could take a while.
When CCleaner shows how much has been removed,cleaning is finished.


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
How to prevent Malware by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

*NOTE*
Let me know if your home page is still being changed.
Posted Image
Posted Image

#7 shamonemofo

shamonemofo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 27 September 2007 - 03:55 AM

Ok mate ran ccleaner and created a new restore point and deleted the old ones. My home page is still being changed to about:blank in both ie and firefox. i have tried to set it to default in firefox but it will not work still

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 27 September 2007 - 08:41 AM

Download and run Trend Micro™ CWShredder™:
http://www.trendmicro.com/ftp/products/onl.../cwshredder.exe
Double click on CWShredder.exe to run the program.
Click 'Fix' and then 'Next',let it fix everything/anything it detects.
When the scan is complete and all/any files are removed,close the application.

Download HostsXpert 3.8:
http://www.funkytoad.com/download/HostsXpert.zip
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Microsofts Original Hosts File"
4. Press "OK" and exit the program.

Follow these instructions to download/install/setup SpywareBlaster.
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware:
http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/

Download the trial version of Spy Sweeper:
http://www.webroot.com/shoppingcart/tryme....&vcode=DT14

Install it using the Standard Install option.
You will be asked for your e-mail address,it's safe to give it.
If you receive alerts from your firewall,allow all activities for Spy Sweeper.

You will be prompted to check for updated definitions,please do so,this may take several minutes so please be patient.

Once the updates have been installed,click on 'Options' and check/enable 'Full Sweep [Reccommended]'.
Click on 'Sweep',then 'Start Full Sweep' and allow it to fully scan your system.

When the sweep has finished,click 'Select All' and then click 'Quarantine Selected'.
Under the 'Summary' tab, select 'View Session Log'.
Click 'Save to File' and save the log to your desktop.

Exit Spy Sweeper.
Restart your pc,then copy and paste the SpySweeper log into your next reply.
Let me know whats happening now.

Edited by RichieUK, 27 September 2007 - 08:42 AM.

Posted Image
Posted Image

#9 shamonemofo

shamonemofo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 27 September 2007 - 04:56 PM

Ok cheers mate i done the above and both ie and firefox now have a homepage again :thumbsup:
I think it was after HostXpert was run i tried to set them and they worked when i re opened the browsers again
Thanks for your support Richie
Here is the log from Spy Sweeper


22:49: Removal process completed. Elapsed time 00:00:00
22:49: Quarantining All Traces: virtumonde
22:49: Removal process initiated
22:47: Traces Found: 1
22:47: Full Sweep has completed. Elapsed time 00:44:02
22:47: File Sweep Complete, Elapsed Time: 00:41:25
22:41: ApplicationMinimized - EXIT
22:41: ApplicationMinimized - ENTER
22:40: ApplicationMinimized - EXIT
22:40: ApplicationMinimized - ENTER
22:35: ApplicationMinimized - EXIT
22:35: ApplicationMinimized - ENTER
22:33: ApplicationMinimized - EXIT
22:33: ApplicationMinimized - ENTER
22:25: ApplicationMinimized - EXIT
22:25: ApplicationMinimized - ENTER
22:21: ApplicationMinimized - EXIT
22:21: ApplicationMinimized - ENTER
22:18: ApplicationMinimized - EXIT
22:18: ApplicationMinimized - ENTER
22:13: Warning: TCompressedFile.GetStreams(1): Stream read error
22:10: Warning: SweepDirectories: Cannot find directory "k:". This directory was not added to the list of paths to be scanned.
22:09: Warning: Failed to open file "i:\documents and settings\machine1\local settings\application data\microsoft\messenger\shamone@passport.com\sharingmetadata\pending.dat". The operation completed successfully
22:09: Warning: Failed to open file "i:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms2f3f7631-bbab-49d7-b5d8-c861f409400e.tmp". The operation completed successfully
22:09: Warning: Failed to open file "i:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsf931d2c2-7f4c-42d6-8f82-49cf2528426f.tmp". The operation completed successfully
22:09: Warning: Failed to open file "i:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsab84fb82-55b9-45d8-a370-b4e34ff138ae.tmp". The operation completed successfully
22:09: Warning: Failed to open file "i:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsfbeb666e-973b-42c1-bbef-1da7249fb014.tmp". The operation completed successfully
22:09: Warning: Failed to open file "i:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9a0da6ee-c64b-424e-81c6-fa5e0f210049.tmp". The operation completed successfully
22:09: Warning: Failed to open file "i:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsc81eb3dc-5f0e-417c-b5f7-7f5f2a35284b.tmp". The operation completed successfully
22:09: Warning: Failed to open file "i:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsc009536e-c813-45e3-a25c-5f8dbcb35e93.tmp". The operation completed successfully
22:09: Warning: Failed to open file "i:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9505c554-34f5-410f-8b13-4e828ca2a685.tmp". The operation completed successfully
22:06: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.
22:06: Starting File Sweep
22:06: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
22:06: Cookie Sweep Complete, Elapsed Time: 00:00:00
22:06: Starting Cookie Sweep
22:06: Registry Sweep Complete, Elapsed Time:00:00:07
22:06: HKU\S-1-5-21-1390067357-602609370-725345543-1003\atlmon.reusablecomp.5\ (ID = 1589917)
22:06: Found Adware: virtumonde
22:06: Starting Registry Sweep
22:06: Memory Sweep Complete, Elapsed Time: 00:02:14
22:05: ApplicationMinimized - EXIT
22:05: ApplicationMinimized - ENTER
22:03: Starting Memory Sweep
22:03: Start Full Sweep
22:03: Sweep initiated using definitions version 998
Keylogger: Off
22:03: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
22:03: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
22:03: Shield States
22:03: License Check Status (0): Success
22:03: Spyware Definitions: 998
22:02: Spy Sweeper 5.5.7.48 started
22:02: Spy Sweeper 5.5.7.48 started
22:02: | Start of Session, 27 September 2007 |
***************

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 27 September 2007 - 05:39 PM

Great,if alls ok then you're good to go :thumbsup:
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users