Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suddenly Suspiciously Slow Computer


  • This topic is locked This topic is locked
18 replies to this topic

#1 skyfuser

skyfuser

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:01 AM

Posted 28 January 2008 - 03:48 AM

My computer was suddenly slow and laggy while I was doing some research. It was like that for about 10 minutes, so I got a bit suspicious.
I ran a HJT log, and did a quick scan. from reading other HJT logs posted here, I cold pretty much give a guess that
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
is malicious.
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
also looks somewhat suspicious. But then again, I'm just paranoid.
The a2 Anti-Malware with file missing I should remove; I uninstalled the trial. But if someone can analyze and see if there's anything else that's malware, I would appreciate it.
Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:32 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\toshiba\sysstability\tsyssmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [WinPatrol System Monitor] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198056681937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198056668344
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8048 bytes
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 09 February 2008 - 10:33 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image

#3 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:01 AM

Posted 09 February 2008 - 02:20 PM

Hello Richie :thumbsup: I look forward to working with you again.
I looked the suspicious things up, and saw that the BHO was the Ask toolbar from ZoneAlarm SpyBlocker toolbar. I already uninstalled it, so I'm assuming that can be removed?
Same with the a2 Anti-Malware.
Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:35 AM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\toshiba\sysstability\tsyssmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198056681937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198056668344
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8017 bytes
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 09 February 2008 - 03:16 PM

Hello skyfuser :thumbsup:

If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,NOT for private use.

Now download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Do not run it just yet.

Now please go here and follow the instructions to install the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#5 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:01 AM

Posted 10 February 2008 - 02:04 AM

Thanks. Retiring in a few minutes, will run and post log tomorrow.
Edit: Logs; I installed the Recovery Console, and it said to post that as well.

Recovery Console log:
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons


And the ComboFix log:
ComboFix 08-02.05.3 - ZA 2008-02-09 23:32:08.1 - NTFSx86
Running from: C:\Documents and Settings\ZA\Desktop\ComboFix.exe
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-09 20:43 . 2004-08-03 23:56 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-02-09 10:56 . 2008-02-09 10:56 <DIR> d-------- C:\Program Files\Reshade
2008-02-09 10:37 . 2008-02-09 10:37 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-08 20:40 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-08 20:36 . 2008-02-08 20:40 <DIR> d-------- C:\Program Files\Java
2008-02-08 20:36 . 2008-02-08 20:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-07 23:28 . 2008-02-08 00:59 <DIR> d-------- C:\Program Files\Mozilla Sunbird
2008-02-04 22:24 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-04 22:24 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-02-04 12:33 . 2008-02-04 12:41 1,356 --a------ C:\WINDOWS\mgreg.ini
2008-02-04 12:29 . 2008-02-04 12:30 61 --a------ C:\WINDOWS\mgwin.ini
2008-02-04 12:28 . 2008-02-06 17:39 <DIR> d-------- C:\Program Files\Mgtweak
2008-02-03 21:47 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-03 21:47 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-02-02 23:10 . 2008-02-02 23:10 <DIR> d-------- C:\Program Files\Veoh Networks
2008-02-02 23:03 . 2008-02-02 23:03 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-01-30 22:31 . 2008-01-30 22:31 <DIR> d-------- C:\ZCVideoConverter
2008-01-30 21:27 . 2008-01-31 21:12 <DIR> d-------- C:\Documents and Settings\ZA\dwhelper
2008-01-21 22:40 . 2008-01-21 22:40 <DIR> d-------- C:\Program Files\Common Files\Xheo
2008-01-21 13:33 . 2008-01-21 13:33 <DIR> d-------- C:\Program Files\Brother
2008-01-21 13:33 . 2001-09-14 20:17 131,072 --a------ C:\WINDOWS\bruninst.dll
2008-01-21 13:33 . 2001-12-21 14:12 38,912 --------- C:\WINDOWS\system32\brinsstr.dll
2008-01-21 13:33 . 1999-11-18 18:17 19,361 --------- C:\WINDOWS\system32\drivers\BrPar.sys
2008-01-21 13:33 . 2001-07-24 02:00 16,773 --------- C:\WINDOWS\system32\pc_fax32.hlp
2008-01-21 13:33 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\Cvrpage.bmp
2008-01-21 13:32 . 2008-01-21 13:33 1,814 --a------ C:\WINDOWS\Status.mif
2008-01-21 13:31 . 2002-02-13 01:16 176,128 --------- C:\WINDOWS\system32\Pdrvinst.dll
2008-01-21 13:31 . 2002-02-05 01:08 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2008-01-21 13:31 . 2002-02-05 01:07 65,536 --------- C:\WINDOWS\system32\Brwebup.exe
2008-01-21 13:30 . 2001-10-01 08:19 87,552 -ra------ C:\WINDOWS\system32\BrmfWia1.dll
2008-01-21 13:30 . 2001-06-05 18:00 256 -ra------ C:\WINDOWS\system32\brmsl05.bin
2008-01-21 13:30 . 2008-02-07 17:27 49 --a------ C:\WINDOWS\BrmfBidi.ini
2008-01-21 13:18 . 2008-01-21 13:33 27,113 --a------ C:\WINDOWS\maxlink.ini
2008-01-21 13:15 . 2008-01-21 14:01 <DIR> d-------- C:\Program Files\Scansoft
2008-01-21 13:15 . 2008-01-21 13:16 <DIR> d-------- C:\Program Files\Common Files\scansoft shared
2008-01-21 12:42 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-21 12:42 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-21 12:42 . 2004-08-03 21:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-21 12:42 . 2004-08-03 21:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-21 12:41 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-21 12:41 . 2004-08-03 22:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-21 12:38 . 2008-01-21 12:38 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-01-21 12:38 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-21 12:37 . 2008-01-21 12:37 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-01-21 12:37 . 2008-01-21 12:37 <DIR> d--h----- C:\Program Files\CanonBJ
2008-01-21 12:37 . 2006-03-15 07:27 1,134,592 --a------ C:\WINDOWS\system32\CNCC460.DLL
2008-01-21 12:37 . 2006-03-26 21:00 161,792 --a------ C:\WINDOWS\system32\CNMLM81.DLL
2008-01-21 12:37 . 2006-03-24 07:30 135,168 --a------ C:\WINDOWS\system32\CNCL460.DLL
2008-01-21 12:37 . 2006-02-17 07:44 106,496 --a------ C:\WINDOWS\system32\cnco460.dll
2008-01-21 12:37 . 2006-03-15 07:27 57,344 --a------ C:\WINDOWS\system32\CNCI460.DLL
2008-01-21 12:34 . 2008-01-21 12:45 <DIR> d-------- C:\Program Files\Canon
2008-01-21 11:38 . 2008-01-21 11:38 <DIR> d-------- C:\Program Files\Gabest
2008-01-21 11:35 . 2008-01-21 11:35 <DIR> d-------- C:\VirtualDub-1.7.7
2008-01-20 22:16 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-20 19:39 . 2008-01-20 19:39 <DIR> d-------- C:\Program Files\Object Software (Beijing) Co., Ltd
2008-01-20 13:19 . 2008-01-20 13:23 <DIR> d-------- C:\Program Files\ZC Video Converter
2008-01-18 00:20 . 2008-01-18 00:20 <DIR> d-------- C:\Program Files\MagniGlassPro
2008-01-17 02:59 . 2008-02-07 20:41 <DIR> d-------- C:\Program Files\MediaMonkey
2008-01-15 23:39 . 2008-01-15 23:39 <DIR> d-------- C:\WINDOWS\Sun
2008-01-15 00:48 . 2008-01-15 00:49 179 --a------ C:\WINDOWS\ob1.INI
2008-01-15 00:26 . 2008-01-15 00:26 <DIR> d-------- C:\Documents and Settings\ZA\.gaupol
2008-01-14 23:29 . 2008-01-19 22:23 <DIR> d-------- C:\Documents and Settings\ZA\Application Data\gtk-2.0
2008-01-14 23:20 . 2008-01-14 23:24 <DIR> d-------- C:\Program Files\Gaupol
2008-01-14 23:13 . 2008-01-14 23:15 <DIR> d-------- C:\GTK
2008-01-14 23:00 . 2008-01-14 23:02 <DIR> d-------- C:\Python25
2008-01-14 22:55 . 2008-01-14 22:56 <DIR> d-------- C:\Documents and Settings\ZA\Application Data\vlc
2008-01-14 22:12 . 2007-12-09 18:28 31,232 --a------ C:\WINDOWS\system\vdremote.dll
2008-01-14 22:12 . 2007-12-09 18:28 25,088 --a------ C:\WINDOWS\system\vdsvrlnk.dll
2008-01-14 21:48 . 2008-01-14 21:48 <DIR> d-------- C:\Program Files\HPSW
2008-01-11 20:58 . 2008-01-25 20:10 2,067 --a------ C:\WINDOWS\mozver.dat
2008-01-11 20:47 . 2008-01-11 20:47 <DIR> d-------- C:\Documents and Settings\ZA\Application Data\Talkback
2008-01-11 20:12 . 1997-11-08 06:37 320,640 -ra------ C:\WINDOWS\system32\ilda16.dll
2008-01-11 20:12 . 1997-01-14 13:02 315,840 -ra------ C:\WINDOWS\system32\ilib31ht.dll
2008-01-11 20:12 . 1997-11-08 06:44 233,472 -ra------ C:\WINDOWS\system32\ilda32.dll
2008-01-11 20:12 . 2008-01-11 20:13 228 --a------ C:\WINDOWS\Insurrec.ini
2008-01-10 00:05 . 2008-01-10 00:05 <DIR> d-------- C:\Program Files\Pcsx2_0.9.4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 07:32 --------- d-----w C:\Documents and Settings\ZA\Application Data\DNA
2008-02-10 04:48 2,141,696 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-10 04:48 1,658,368 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-09 21:30 --------- d-----w C:\Documents and Settings\ZA\Application Data\WinPatrol
2008-02-09 07:20 --------- d-----w C:\Program Files\a-squared Free
2008-02-09 04:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-08 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-08 08:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-08 08:21 --------- d-----w C:\Program Files\SpywareGuard
2008-02-08 08:21 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-08 07:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 07:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-08 07:32 --------- d-----w C:\Program Files\Google
2008-02-08 03:58 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-07 02:13 --------- d-----w C:\Documents and Settings\ZA\Application Data\XnView
2008-02-03 07:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 18:33 --------- d-----w C:\Documents and Settings\ZA\Application Data\OfficeUpdate12
2008-01-30 01:54 --------- d-----w C:\Documents and Settings\ZA\Application Data\BitTorrent
2008-01-23 05:58 --------- d-----w C:\Program Files\Starcraft
2008-01-21 21:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-17 03:36 --------- d-----w C:\Documents and Settings\ZA\Application Data\AVG7
2008-01-16 13:34 714,752 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-16 13:34 1,920,512 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-01-16 00:56 --------- d-----w C:\Program Files\Paint.NET
2008-01-12 05:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 07:03 --------- d-----w C:\Program Files\Common Files\Vbox
2008-01-10 07:01 --------- d-----w C:\Program Files\Macromedia
2008-01-10 05:49 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-01-10 05:43 --------- d-----w C:\Program Files\EULAlyzer
2008-01-10 05:00 --------- d-----w C:\Program Files\Cheatbook Database 2008
2008-01-09 10:00 --------- d-----w C:\Program Files\Trisnap Technologies
2008-01-09 09:54 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-09 09:54 286,720 ------w C:\WINDOWS\Setup1.exe
2008-01-09 03:29 1,805,824 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-01-09 01:04 --------- d-----w C:\Program Files\CCleaner
2008-01-09 00:31 --------- d-----w C:\Documents and Settings\ZA\Application Data\Uniblue
2008-01-08 04:46 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-08 04:44 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-08 04:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-07 02:22 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-07 02:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-06 18:17 --------- d-----w C:\Program Files\Rocket Division Software
2008-01-02 06:24 --------- d-----w C:\Program Files\NCH Software
2008-01-02 06:14 107,520 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-02 06:14 1,715,200 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-12-29 00:51 184,832 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-12-29 00:51 1,709,568 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-12-27 23:45 85,760 ----a-w C:\WINDOWS\system32\drivers\StarPortLite.sys
2007-12-27 19:16 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2007-12-26 22:28 --------- d-----w C:\Program Files\Unlocker
2007-12-26 21:51 --------- d-----w C:\Program Files\Comodo
2007-12-25 23:29 --------- d-----w C:\Program Files\DOSBox-0.72
2007-12-25 05:01 31,232 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-12-25 04:33 348,160 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-12-25 02:25 --------- d-----w C:\Program Files\SuperMarioPac
2007-12-23 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2007-12-23 04:23 --------- d-----w C:\Program Files\Trend Micro
2007-12-22 06:28 10,752 ----a-w C:\WINDOWS\system32\drivers\RVSDISK.sys
2007-12-22 06:27 26,752 ----a-w C:\WINDOWS\system32\drivers\RVSYSTEM.sys
2007-12-22 06:27 --------- d-----w C:\Program Files\Returnil
2007-12-22 06:18 --------- d-----w C:\Program Files\BillP Studios
2007-12-22 05:11 --------- d-----w C:\Documents and Settings\ZA\Application Data\VSRevoGroup
2007-12-21 22:48 --------- d-----w C:\Program Files\Recuva
2007-12-21 22:29 --------- d-----w C:\Program Files\VS Revo Group
2007-12-21 21:53 --------- d-----w C:\Program Files\Combined Community Codec Pack
2007-12-21 06:41 --------- d-----w C:\Program Files\7-Zip
2007-12-21 03:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-21 03:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-20 07:53 319,488 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-12-20 06:25 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-20 06:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 05:45 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-20 02:49 --------- d-----w C:\Program Files\Common Files\aolshare
2007-12-20 02:41 --------- d-----w C:\Program Files\MSBuild
2007-12-20 02:29 --------- d-----w C:\Program Files\Reference Assemblies
2007-12-20 02:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-19 11:30 --------- d-----w C:\Documents and Settings\ZA\Application Data\DAEMON Tools
2007-12-19 10:27 --------- d-----w C:\Program Files\DNA
2007-12-19 10:27 --------- d-----w C:\Program Files\BitTorrent
2007-12-19 09:45 --------- d-----w C:\Program Files\XnViewer
2007-12-19 09:16 --------- d-----w C:\Program Files\NCH Swift Sound
2007-12-19 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-19 09:15 --------- d-----w C:\Program Files\Audacity
2007-12-19 09:15 --------- d-----w C:\Documents and Settings\ZA\Application Data\NCH Swift Sound
2007-12-19 09:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-19 09:10 --------- d-----w C:\Program Files\Zone Labs
2007-12-19 08:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-19 08:54 --------- d-----w C:\Documents and Settings\ZA\Application Data\SUPERAntiSpyware.com
2007-12-19 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-19 08:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-26 18:38 238,848 ----a-w C:\WINDOWS\UNBOC.EXE
2007-11-15 00:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 13:22 3739648]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2007-12-19 02:27 290112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-12-13 07:22 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-12-13 07:10 114688]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-03-30 06:40 122880]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2003-01-15 17:24 102400]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2003-01-14 15:52 561152]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2002-11-25 10:23 172032]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2003-01-22 17:23 45056]
"NDSTray.exe"="C:\Program Files\Toshiba\ConfigFree\NDSTray.exe" [2003-01-17 20:26 458752]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2002-10-17 13:21 159744]
"TSysSMon"="c:\toshiba\sysstability\tsyssmon.exe" [2002-12-17 14:23 49152]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-26 21:38 316728]

C:\Documents and Settings\ZA\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 08:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

R0 RVSDISK;RVSDISK;C:\WINDOWS\system32\Drivers\RVSDISK.sys [2007-12-21 22:28]
R0 RVSYSTEM;RVSYSTEM;C:\WINDOWS\system32\Drivers\RVSYSTEM.sys [2007-12-21 22:27]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\WINDOWS\system32\DRIVERS\StarPortLite.sys [2007-12-27 15:45]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-01-09 21:47]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 13:12]
S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 13:12]
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 13:12]
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\system32\DRIVERS\wlags48b.sys [2002-06-28 16:29]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 23:39:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-09 23:42:04
ComboFix-quarantined-files.txt 2008-02-10 07:41:41
.
2007-12-22 06:07:08 --- E O F ---





And finally the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:52 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\toshiba\sysstability\tsyssmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198056681937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198056668344
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8020 bytes


For O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
why does it suggest I'm using Java 1.6.0_03 aka Java 6 Update 3? I already updated it to Java 6 Update 4
Thanks :thumbsup:

Edited by skyfuser, 10 February 2008 - 11:11 AM.

"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 11 February 2008 - 02:35 PM

I now need you to do the following if you will:
First enable the viewing of hidden files and folders,reverse the process once you've done below:
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\Insurrec.ini
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Using the 'Browse' button,browse to:
C:\WINDOWS\Insurrec.ini
Then click on 'Send File'.
Post the results into your next reply.


Download and scan with CCleaner:
http://www.ccleaner.com/downloadbuilds.asp
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "Exit" when done.


Please disable Spybot S&D’s protection,or it will interfere.
You can enable it after you're clean.

Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm


Please temporarily disable SpywareGuard,or it may interfere:

* Right click the running icon of Spywareguard in the system tray to open the program.
* Then go to Menu, File, and choose Exit.


Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -



Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
• Scan using the following Anti-Virus database:
• Standard
• Scan Options:
• Scan Archives
• Scan Mail Bases
• Click OK
• Now under select a target to scan:
• Select My Computer
• This will start the program and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.It does not provide an option to clean/disinfect,i need to see the scan results.
• Now click on the Save as Text button.
• Save the file to your desktop.
• Copy and paste the contents of that file into your next reply.

If the above link doesn't work,try this:
http://www.kaspersky.com/kos/english/kavwebscan.html

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#7 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:01 AM

Posted 11 February 2008 - 08:31 PM

Uh oh. I don't think this should've happened. After scanning with http://virusscan.jotti.org/ all the scanners found nothing.
Edit: virustotal found nothing either.

Except immediately after scanning finished, a "Explorer has encountered an error and needs to close." popped up. Now my taskbar is gone, and the desktop is missing. I am completely independent on using Alt+Tab to get to current active programs. While the taskbar was disappearing My Documents popped out of nowhere with the Folders option on.

Should I restart my computer?
Edit: Sorry, the whole thing suddenly shut down so I had to restart.

Edited by skyfuser, 11 February 2008 - 10:20 PM.

"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#8 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:01 AM

Posted 11 February 2008 - 11:06 PM

Yeesh. My paranoid side suggests something sinister.
After I logged on after the forced restart as stated above, SpywareGuard popped up with this:
WARNING! Your IE search bar settings have been changed!
Old: http://www.toshiba.com/search
New: <none>
Of course, I didn't want any new possible malicious changes, so I restored the old value. Then Teatimer came up saying
Old: <none>
New: http://www.toshiba.com/search
I denied that, then SpywareGuard came up. I restored old value, Teatimer popped up again. Wasn't after a few clicks that I realized how idiotic it was to accept and deny the same thing. So I accepted the <none>.
This whole encounter was somewhat strange, since I haven't been using IE for a few weeks now.

I apologize if this sounds somewhat bizarre but is it possible that the online scan triggered the insurre.ini file to cause Explorer to end? Since checking for viruses on certain tampered compressed files can cause "triggers" is it possible for .ini files to do the same?

Continuing with the clean up process you stated above. Unless you suggest a different procedure, I will post results soon.
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 12 February 2008 - 04:38 AM

Carry on with the rest of the steps above please.
Posted Image
Posted Image

#10 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:01 AM

Posted 14 February 2008 - 04:34 AM

Sorry for the lack of information these past 2 days or so. First explorer.exe died when I connected to the Internet and I got continuous BSODs when going to Kaspersky.
The problem is still presisting, but I will try my best to finish the procedure.
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 14 February 2008 - 05:08 AM

Find and delete:
C:\WINDOWS\Insurrec.ini
Restart your pc,let me know what happens.
Posted Image
Posted Image

#12 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:01 AM

Posted 15 February 2008 - 03:59 AM

Hi again Richie.
After a few more BSODs I got Kaspersky running.
And deleting the insurre.ini file had no effect on the computer issue.

Here's Kaspersky. Apparently it found nothing...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 15, 2008 12:40:56 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/02/2008
Kaspersky Anti-Virus database records: 525316
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 60122
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 04:09:31

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\ZA\Application Data\Mozilla\Firefox\Profiles\szt1uhfg.default\cert8.db Object is locked skipped
C:\Documents and Settings\ZA\Application Data\Mozilla\Firefox\Profiles\szt1uhfg.default\history.dat Object is locked skipped
C:\Documents and Settings\ZA\Application Data\Mozilla\Firefox\Profiles\szt1uhfg.default\key3.db Object is locked skipped
C:\Documents and Settings\ZA\Application Data\Mozilla\Firefox\Profiles\szt1uhfg.default\parent.lock Object is locked skipped
C:\Documents and Settings\ZA\Application Data\Mozilla\Firefox\Profiles\szt1uhfg.default\search.sqlite Object is locked skipped
C:\Documents and Settings\ZA\Application Data\Mozilla\Firefox\Profiles\szt1uhfg.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\ZA\Application Data\Mozilla\Firefox\Profiles\szt1uhfg.default\zotero\zotero.sqlite Object is locked skipped
C:\Documents and Settings\ZA\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Application Data\Mozilla\Firefox\Profiles\szt1uhfg.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Application Data\Mozilla\Firefox\Profiles\szt1uhfg.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Application Data\Mozilla\Firefox\Profiles\szt1uhfg.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Application Data\Mozilla\Firefox\Profiles\szt1uhfg.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Temp\Perflib_Perfdata_8d0.dat Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Temp\~DF5672.tmp Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Temp\~DF8A7B.tmp Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\ZA\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ZA\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ZA\ntuser.dat.LOG Object is locked skipped
C:\Program Files\SpeedBit Video Accelerator\Accelerator.log Object is locked skipped
C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.log Object is locked skipped
C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP178\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\OWNER-WAM9O2STK.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{6E1E0B09-2C7E-4D4D-9A0C-D07641881D15}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\ZLT06844.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT06847.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.




Here's HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:47 AM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\toshiba\sysstability\tsyssmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198056681937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198056668344
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8163 bytes
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 15 February 2008 - 05:06 AM

Click Start/Control Panel/Add or Remove Programs and remove/uninstall DNA,then restart your pc.

Please uninstall/reinstall the latest version of Sun Java.

Go to:
Control Panel>System>Advanced tab>Startup and Recovery,'Settings' button.
Uncheck 'Automatically Restart',then Ok your way out.
The next time it displays an error message on a blue screen let me know the exact wording.

Do you have the Microsoft Windows XP installation disk.
Posted Image
Posted Image

#14 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:01 AM

Posted 16 February 2008 - 02:57 AM

Okay, I did the above.
And nope, I don't have the disk >_<
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 16 February 2008 - 03:22 AM

OK,hows your pc running now then please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users