Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xmas Virus's


  • Please log in to reply
13 replies to this topic

#1 Kbird

Kbird

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 28 December 2008 - 07:24 PM

While reading online Xmas night on options to setup my new HD's in raid , i think i picked up a virus ( not sure of webpage)
as AVGFree8 caught something opening and vaulted it ,( unless it was activated on DEC25th ,midnight which is a possibility) .I thought all was well until i rebooted next morning only to not have any desktop icons ,startbar etc just a blank screen so using C_A_D i got Taskmanager up and was able to run programs from there.After some research I got the SmitFraudFix pack and ran it from Safe Mode as directed. This has given me back my icons and startbar etc but has NOT cleared up the infection. Something is turning off the firewall eachtime i reboot , so i have to start it again via CPanel. Explorer is also very slow to show the contents of panes esp. scrolling.
AvgFree8 continues to give me alerts on a BHO.GSS on a file in WinXp\system32 which i am hestitant to delete as no online search can identify the file ,so i think it is a windows DLL that has been renamed ? which if i delete may cause windows problems.
BHO files are used by IE which is how i guess this virus has gotten onto this machine. I did not knowingly download anything ,I was just reading websites about raid stripe sizes.HijackThis does list 8-10 entries under BHO ,some with File missing errors or unknow programs
Following the guide here I downloaded the DSS.SCR file ,just thought i'd mention that as a .SCR on my system it was seen as a Autocad script so wouldnt run (invalid win32 app error) yet no entry under file types in Explorer for .scr so i couldnt change that. Knowing that DSS is a Dos Script i changed the ext. to .bat to get it to run (.exe works too) after disabling the option in AVG AntiSpyware 7.5 to allow scripts to run. ( a note in the guide perhaps?)

Below is the dss.txt file , as I dont know the particular virus(s) or malware involved I cant currently follow any of the guides ,so would appreciate any help that can be given.

thanks
Kbird.



DDS (Version 1.1.0) - NTFSx86
Run by Mick at 15:44:23.98 on 28/12/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.1023.573 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

M:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
M:\Program Files\Windows Defender\MsMpEng.exe
M:\WINXP\System32\svchost.exe -k netsvcs
M:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
M:\WINXP\system32\spoolsv.exe
M:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
M:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
M:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
M:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
M:\WINXP\system32\nvsvc32.exe
M:\WINXP\Explorer.EXE
M:\WINXP\System32\svchost.exe -k imgsvc
M:\Program Files\UPHClean\uphclean.exe
M:\WINXP\System32\MsPMSPSv.exe
M:\WINXP\system32\SearchIndexer.exe
M:\Program Files\Canon\CAL\CALMAIN.exe
M:\PROGRA~1\AVG\AVG8\avgrsx.exe
M:\WINXP\Logi_MwX.Exe
M:\WINXP\system32\rundll32.exe
M:\WINXP\CTHELPER.EXE
M:\WINXP\system32\taskswitch.exe
M:\WINXP\StartupMonitor.exe
M:\Program Files\Windows Defender\MSASCui.exe
M:\WINXP\system32\RUNDLL32.EXE
M:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
M:\PROGRA~1\AVG\AVG8\avgtray.exe
M:\WINXP\SOUNDMAN.EXE
M:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
M:\WINXP\system32\ctfmon.exe
M:\Program Files\Logitech\SetPoint\SetPoint.exe
M:\Program Files\Windows Desktop Search\WindowsSearch.exe
M:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
M:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
M:\WINXP\system32\rundll32.exe
M:\Program Files\Internet Explorer\IEXPLORE.EXE
M:\PROGRA~1\AVG\AVG8\aAvgApi.exe
M:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
M:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
M:\WINXP\system32\SearchProtocolHost.exe
M:\Documents and Settings\Mick\Desktop\dds.bat

============== Pseudo HJT Report ===============

uLocal Page = m:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = m:\windows\system32\blank.htm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - m:\program files\adobe\acrobat

7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - m:\program files\avg\avg8\avgssie.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - m:\winxp\system32\awtqqrpP.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - m:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - m:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - m:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - m:\program

files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {f0124c40-8345-4b7a-b169-fc1acc4fbc7c} - m:\winxp\system32\ljJARIxy.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - m:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [updateMgr] "m:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [CLIP.EXE]
uRun: [swg] m:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [QuickGammaLoader] m:\program files\quickgamma\QuickGammaLoader.exe
uRun: [ctfmon.exe] m:\winxp\system32\ctfmon.exe
uRun: [gadcom] "m:\documents and settings\mick\application data\gadcom\gadcom.exe"

61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [NvCplDaemon] RUNDLL32.EXE m:\winxp\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SBDrvDet] m:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [ABITEQ] m:\program files\abit\abiteq\abiteq.exe -M
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CoolSwitch] m:\winxp\system32\taskswitch.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [Windows Defender] "m:\program files\windows defender\MSASCui.exe" -hide
mRun: [NvMediaCenter] RUNDLL32.EXE m:\winxp\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "m:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AVG8_TRAY] m:\progra~1\avg\avg8\avgtray.exe
mRun: [OSSelectorReinstall] m:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [!AVG Anti-Spyware] "m:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
dRun: [CTFMON.EXE] m:\winxp\system32\CTFMON.EXE
StartupFolder: m:\docume~1\mick\startm~1\programs\startup\adobeg~1.lnk - m:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: m:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - m:\program files\adobe\acrobat

7.0\reader\reader_sl.exe
StartupFolder: m:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - m:\program files\common files\autodesk

shared\acstart16.exe
StartupFolder: m:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - m:\program

files\logitech\setpoint\SetPoint.exe
StartupFolder: m:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - m:\program files\windows desktop

search\WindowsSearch.exe
StartupFolder: m:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - m:\program

files\trendnet\tew-424ub\WlanCU.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - m:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://m:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://m:\program files\iespell\wikipedia.HTM
IE: Send to &Bluetooth Device... - m:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - m:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - m:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - m:\program

files\java\jre1.6.0_07\bin\ssv.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - m:\program files\avg\avg8\avgpp.dll
Notify: awtqqrpP - awtqqrpP.dll
Notify: LBTWlgn - m:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - m:\winxp\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - m:\program files\windows

desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} -

m:\progra~1\wifd1f~1\MpShHook.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - m:\winxp\system32\awtqqrpP.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - m:\program files\grisoft\avg

anti-spyware 7.5\shellexecutehook.dll
LSA: Authentication Packages = msv1_0 m:\winxp\system32\ljJARIxy

============= SERVICES / DRIVERS ===============

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\m:\program files\grisoft\avg anti-spyware 7.5\guard.sys

[2006-9-28 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;m:\winxp\system32\drivers\AvgAsCln.sys [2008-12-28 3968]
R1 AvgLdx86;AVG AVI Loader Driver x86;m:\winxp\system32\drivers\avgldx86.sys [2008-5-31 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;m:\winxp\system32\drivers\avgmfx86.sys [2007-1-1 26824]
R1 Ext2fs;Ext2fs;m:\winxp\system32\drivers\ext2fs.sys [2007-10-6 132736]
R1 IfsDrives;IfsDrives;m:\winxp\system32\drivers\IfsDrives.sys [2007-10-6 4608]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;m:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28

312880]
R2 avg8wd;AVG8 WatchDog;m:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-31 231704]
R2 Iprip;RIP Listener;m:\winxp\system32\svchost.exe -k netsvcs [2004-5-29 14336]
R2 LBeepKE;LBeepKE;m:\winxp\system32\drivers\LBeepKE.sys [2008-12-23 10384]
R2 WinDefend;Windows Defender;"m:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
S3 AC2003;AC2003;m:\winxp\system32\drivers\AC2003.sys [2005-1-30 4224]
S3 DCamUSBPremier;DC E30;m:\winxp\system32\drivers\mpixvid.sys [2006-4-4 81921]
S3 hcdriver;EHCI;m:\winxp\system32\drivers\hcdriver.sys [2007-2-3 50432]
S3 Memctl;Memctl;\??\m:\program files\abit\flashmenu\Memctl.sys []
S3 MotDev;Motorola Inc. USB Device;m:\winxp\system32\drivers\motodrv.sys [2007-2-10 40832]
S3 NPF;NetGroup Packet Filter Driver;m:\winxp\system32\drivers\npf.sys [2007-6-28 42512]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

=============== Created Last 30 ================

2008-12-28 14:35 3,968 a------- m:\winxp\system32\drivers\AvgAsCln.sys
2008-12-28 02:39 <DIR> --d----- m:\documents and settings\mick\.housecall6.6
2008-12-26 21:24 2,116 a------- m:\winxp\system32\tmp.reg
2008-12-26 16:56 262,144 a------- m:\winxp\system32\default_user_class.dat
2008-12-26 01:53 609,828 a--sh--- m:\winxp\system32\yxIRAJjl.ini
2008-12-26 01:53 609,650 a--sh--- m:\winxp\system32\yxIRAJjl.ini2
2008-12-26 01:49 <DIR> --d-h--- M:\$AVG8.VAULT$
2008-12-26 01:42 45,056 a------- m:\winxp\system32\khfCsqoP.dll
2008-12-26 01:42 <DIR> --d----- m:\docume~1\mick\applic~1\gadcom
2008-12-23 22:17 10,384 a------- m:\winxp\system32\drivers\LBeepKE.sys
2008-12-23 22:16 301,656 a------- m:\winxp\system32\BtCoreIf.dll
2008-12-23 22:16 170,512 a------- m:\winxp\system32\kemutb.dll
2008-12-23 22:16 145,936 a------- m:\winxp\system32\KemUtil.dll
2008-12-23 22:16 117,264 a------- m:\winxp\system32\KemWnd.dll
2008-12-23 22:16 84,496 a------- m:\winxp\system32\KemXML.dll
2008-12-23 17:54 115,200 -c------ m:\winxp\system32\dllcache\guitrna.dll
2008-12-23 17:50 144,384 -------- m:\winxp\system32\drivers\hdaudbus.sys
2008-12-23 17:50 10,240 -------- m:\winxp\system32\drivers\sffp_mmc.sys
2008-12-23 17:49 19,569 a------- m:\winxp\003751_.tmp
2008-12-23 15:35 974 -c------ m:\winxp\system32\dllcache\pid.inf
2008-12-23 15:35 974 -------- m:\winxp\system32\pid.inf
2008-12-23 14:13 6,066,176 -c------ m:\winxp\system32\dllcache\ieframe.dll
2008-12-23 14:13 991,232 -c------ m:\winxp\system32\dllcache\ieframe.dll.mui
2008-12-23 14:13 459,264 -c------ m:\winxp\system32\dllcache\msfeeds.dll
2008-12-23 14:13 383,488 -c------ m:\winxp\system32\dllcache\ieapfltr.dll
2008-12-23 14:13 267,776 -c------ m:\winxp\system32\dllcache\iertutil.dll
2008-12-23 14:13 52,224 -c------ m:\winxp\system32\dllcache\msfeedsbs.dll
2008-12-23 14:13 13,824 -c------ m:\winxp\system32\dllcache\ieudinit.exe
2008-12-23 14:13 2,455,488 -c------ m:\winxp\system32\dllcache\ieapfltr.dat
2008-12-23 14:13 63,488 -c------ m:\winxp\system32\dllcache\icardie.dll
2008-12-19 18:59 5,273,088 a------- m:\winxp\system32\RTLCPL.EXE
2008-12-19 18:59 391,424 a------- m:\winxp\system32\drivers\ALCXSENS.SYS
2008-12-19 18:59 155,648 a------- m:\winxp\system32\RTLCPAPI.dll
2008-12-19 18:27 <DIR> --d----- m:\program files\Realtek Sound Manager
2008-12-19 18:27 <DIR> --d----- m:\program files\AvRack
2008-12-19 18:27 65,536 a------- m:\winxp\system32\Audio3D.dll
2008-12-19 18:27 541,548 a------- m:\winxp\system32\drivers\ALCXWDM.SYS
2008-12-19 18:27 65,024 a------- m:\winxp\SOUNDMAN.EXE
2008-12-19 18:27 141,016 a------- m:\winxp\system32\ALSNDMGR.WAV
2008-12-19 18:26 14,204,416 a------- m:\winxp\system32\ALSNDMGR.CPL
2008-12-19 18:26 208,896 -------- m:\winxp\alcupd.exe
2008-12-19 18:26 139,264 -------- m:\winxp\alcrmv.exe
2008-12-16 18:17 1,075,712 a------- m:\winxp\system32\AutoPartNt.exe
2008-12-16 18:17 1,024 a------- m:\winxp\system32\AutoPartNt.let
2008-12-15 20:46 886,008 a------- m:\winxp\system32\SNU.dll
2008-12-15 20:46 <DIR> --d----- m:\program files\2BrightSparks
2008-12-15 20:46 <DIR> --d----- m:\docume~1\alluse~1\applic~1\2BrightSparks
2008-12-08 15:05 <DIR> --d----- m:\program files\QuickGamma
2008-12-08 00:02 36,864 a------- m:\winxp\system32\BlackSecurity.scr

==================== Find3M ====================

2008-12-23 17:58 86,315 a------- m:\winxp\pchealth\helpctr\offlinecache\index.dat
2008-12-16 17:48 97,248 a------- m:\winxp\system32\drivers\snapman.sys
2008-10-23 04:36 286,720 a------- m:\winxp\system32\gdi32.dll
2008-10-16 14:06 268,648 a------- m:\winxp\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- m:\winxp\system32\muweb.dll
2008-10-16 12:38 826,368 a------- m:\winxp\system32\wininet.dll
2008-10-10 14:46 69,632 a------- m:\winxp\KHALMNPR.Exe
2008-10-03 02:02 247,326 -------- m:\winxp\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- m:\winxp\system32\msxml4.dll
2008-04-11 17:54 52,224 a------- m:\docume~1\mick\applic~1\GDIPFONTCACHEV1.DAT
2007-02-10 18:46 92,064 a------- m:\documents and settings\mick\mqdmmdm.sys
2007-02-10 18:46 79,328 a------- m:\documents and settings\mick\mqdmserd.sys
2007-02-10 18:46 66,656 a------- m:\documents and settings\mick\mqdmbus.sys
2007-02-10 18:46 25,600 a------- m:\documents and settings\mick\usbsermptxp.sys
2007-02-10 18:46 22,768 a------- m:\documents and settings\mick\usbsermpt.sys
2007-02-10 18:46 9,232 a------- m:\documents and settings\mick\mqdmmdfl.sys
2007-02-10 18:46 6,208 a------- m:\documents and settings\mick\mqdmcmnt.sys
2007-02-10 18:46 5,936 a------- m:\documents and settings\mick\mqdmwhnt.sys
2007-02-10 18:46 4,048 a------- m:\documents and settings\mick\mqdmcr.sys

============= FINISH: 15:44:45.18 ===============

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:35 PM

Posted 06 January 2009 - 10:02 AM

Download GMER Rootkit Scanner from here.
  • Extract the contents of the zipped file to the desktop.
  • Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO.
  • In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Now click on the Scan button and wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.
Please post the contents of the ark.txt as your next reply.

#3 Kbird

Kbird
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 06 January 2009 - 10:46 PM

Hi thanks for the help Grinler , this is the current Ark file contents below. As noted in my 5day+ post i did run some other programs so perhaps all is good except the Intranet/Home network slow access. Looks like i need to run a driver Cleaner though i see refs to creative and that card is no longer in this comp. THX.


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-06 19:35:46
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF4A04576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF4A04432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF4A04910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF4A0400A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF4A0450C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF4A03F4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF4A03FAE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF4A0462C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF4A045EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF4A0476C]
SSDT \??\M:\WINXP\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xBA7616D0]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (TrueImage Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (TrueImage Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (TrueImage Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 timntr.sys (TrueImage Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs B9E8F400

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Control\Creative Tech\Ctstring\Strings\{97BCAF95-9091-
Reg HKLM\SYSTEM\ControlSet001\Control\Creative Tech\Ctstring\Strings\{97BCAF95-9091-@ Output Delay Right Front
Reg HKLM\SYSTEM\ControlSet002\Control\Creative Tech\Ctstring\Strings\{97BCAF95-9091-
Reg HKLM\SYSTEM\ControlSet002\Control\Creative Tech\Ctstring\Strings\{97BCAF95-9091-@ Output Delay Right Front
Reg HKLM\SYSTEM\ControlSet003\Control\Creative Tech\Ctstring\Strings\{97BCAF95-9091-
Reg HKLM\SYSTEM\ControlSet003\Control\Creative Tech\Ctstring\Strings\{97BCAF95-9091-@ Output Delay Right Front
Reg HKLM\SYSTEM\CurrentControlSet\Control\Creative Tech\Ctstring\Strings\{97BCAF95-9091-
Reg HKLM\SYSTEM\CurrentControlSet\Control\Creative Tech\Ctstring\Strings\{97BCAF95-9091-@ Output Delay Right Front

---- EOF - GMER 1.0.14 ----

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:35 PM

Posted 07 January 2009 - 04:00 PM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

After running ComboFix, please post the ComboFix log as a reply to this

#5 Kbird

Kbird
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 08 January 2009 - 09:19 PM

hi Lawerance ,thanks for the reply , I am having trouble with copy and pasting the ComboFix .txt file each time i try to paste into the reply window IE lockes up and crashes , happen 4 times last night so am trying to add the file so you can look at it instead of C&P'ing it into the reply window.
thanks Mick.

Attached Files



#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:35 PM

Posted 09 January 2009 - 12:17 PM

Do you know what this screen saver is ?

m:\winxp\system32\BlackSecurity.scr

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

DDS::
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - m:\winxp\system32\awtqqrpP.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {f0124c40-8345-4b7a-b169-fc1acc4fbc7c} - m:\winxp\system32\ljJARIxy.dll
uRun: [gadcom] "m:\documents and settings\mick\application data\gadcom\gadcom.exe"
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - m:\winxp\system32\awtqqrpP.dll

Folder::
m:\documents and settings\mick\application data\gadcom\

File::
m:\winxp\system32\tmp.reg
m:\winxp\system32\yxIRAJjl.ini
m:\winxp\system32\yxIRAJjl.ini2
m:\winxp\system32\khfCsqoP.dll
m:\winxp\003751_.tmp

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}"=-


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

#7 Kbird

Kbird
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 09 January 2009 - 05:55 PM

I have attached the file again since i cant figure out the IE crash when i copy and paste. Avast anti virus is turned off but i cant seem to stop the AVG 8 Service from running ( followed webpage and used msconfig to stop services etc ) i can see in task manager, there is a avgsrx service running which can be stop but it immediately restarts ,so if this is a problem let me know and i will unistall AVG 8 for now since Combofix continues to complain about it.

The BlackSecurity.scr is a screen saver that came on my Toshiba Laptop that i copied over to this Desktop ,no probs on the laptop so iassume it is a safe file.

thanks again.

Mick

Attached Files



#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:35 PM

Posted 12 January 2009 - 05:21 PM

Sorry for the delay.

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
m:\winxp\system32\SNU.dll
m:\winxp\Tasks\polizlln.job


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

#9 Kbird

Kbird
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 12 January 2009 - 10:34 PM

hi L. no worries , just glad you are here at all , looks like you are swapped judging by the site traffic the last few days.Not sure if its related , the logfile crashed my system last night and tonite when i tried to upload it but has copy and pasted just fine now , opposite of last time? very weird , maybe I am just paraniod now ? be interested to know what software you have running as far as Antivirus/spyware etc incase i should add something.

Thanks,

Mick.


ComboFix 09-01-11.04 - Mick 2009-01-12 17:32:49.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT -8:00]
Running from: m:\documents and settings\Mick\Desktop\ComboFix.exe
Command switches used :: m:\documents and settings\Mick\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090112-0] *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active


FILE ::
m:\winxp\system32\SNU.dll
m:\winxp\Tasks\polizlln.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

m:\winxp\system32\SNU.dll
m:\winxp\Tasks\polizlln.job

.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-06 19:18 . 2009-01-06 19:18 250 --a------ m:\winxp\gmer.ini
2009-01-06 16:49 . 2009-01-06 16:49 410,984 --a------ m:\winxp\system32\deploytk.dll
2009-01-04 23:45 . 2009-01-04 23:45 <DIR> d-------- m:\program files\VS Revo Group
2009-01-04 22:01 . 2008-06-13 03:05 272,128 -----c--- m:\winxp\system32\dllcache\bthport.sys
2009-01-04 22:00 . 2008-08-14 02:11 2,189,184 -----c--- m:\winxp\system32\dllcache\ntoskrnl.exe
2009-01-04 22:00 . 2008-08-14 02:09 2,145,280 -----c--- m:\winxp\system32\dllcache\ntkrnlmp.exe
2009-01-04 22:00 . 2008-08-14 01:33 2,066,048 -----c--- m:\winxp\system32\dllcache\ntkrnlpa.exe
2009-01-04 22:00 . 2008-08-14 01:33 2,023,936 -----c--- m:\winxp\system32\dllcache\ntkrpamp.exe
2009-01-04 21:59 . 2008-10-24 03:21 455,296 -----c--- m:\winxp\system32\dllcache\mrxsmb.sys
2009-01-04 21:51 . 2008-10-16 12:38 6,066,176 -----c--- m:\winxp\system32\dllcache\ieframe.dll
2009-01-04 21:51 . 2007-04-17 01:32 2,455,488 -----c--- m:\winxp\system32\dllcache\ieapfltr.dat
2009-01-04 21:51 . 2007-03-07 21:10 991,232 -----c--- m:\winxp\system32\dllcache\ieframe.dll.mui
2009-01-04 21:51 . 2008-10-16 12:38 459,264 -----c--- m:\winxp\system32\dllcache\msfeeds.dll
2009-01-04 21:51 . 2008-10-16 12:38 383,488 -----c--- m:\winxp\system32\dllcache\ieapfltr.dll
2009-01-04 21:51 . 2008-10-16 12:38 267,776 -----c--- m:\winxp\system32\dllcache\iertutil.dll
2009-01-04 21:51 . 2008-10-16 12:38 63,488 -----c--- m:\winxp\system32\dllcache\icardie.dll
2009-01-04 21:51 . 2008-10-16 12:38 52,224 -----c--- m:\winxp\system32\dllcache\msfeedsbs.dll
2009-01-04 21:51 . 2008-10-16 05:11 13,824 -----c--- m:\winxp\system32\dllcache\ieudinit.exe
2009-01-04 21:40 . 2008-10-16 14:09 43,544 --a------ m:\winxp\system32\wups2.dll
2009-01-04 17:33 . 2009-01-12 14:54 <DIR> d-------- m:\winxp\system32\drivers\Avg
2009-01-04 17:33 . 2009-01-06 19:44 <DIR> d-------- m:\documents and settings\Mick\Application Data\AVGTOOLBAR
2009-01-04 17:33 . 2009-01-04 17:39 97,928 --a------ m:\winxp\system32\drivers\avgldx86.sys
2009-01-04 17:33 . 2009-01-04 17:39 10,520 --a------ m:\winxp\system32\avgrsstx.dll
2009-01-04 17:11 . 2001-08-23 03:00 113,222 --a--c--- m:\winxp\system32\dllcache\zoneclim.dll
2009-01-04 17:11 . 2001-08-23 03:00 41,029 --a--c--- m:\winxp\system32\dllcache\zcorem.dll
2009-01-04 17:11 . 2001-08-23 03:00 36,937 --a--c--- m:\winxp\system32\dllcache\zclientm.exe
2009-01-04 17:11 . 2001-08-23 03:00 29,760 --a--c--- m:\winxp\system32\dllcache\znetm.dll
2009-01-04 17:11 . 2001-08-23 03:00 13,894 --a--c--- m:\winxp\system32\dllcache\zonelibm.dll
2009-01-04 17:11 . 2001-08-23 03:00 4,677 --a--c--- m:\winxp\system32\dllcache\zeeverm.dll
2009-01-04 17:09 . 2001-08-23 03:00 1,875,968 --a--c--- m:\winxp\system32\dllcache\msir3jp.lex
2009-01-04 17:08 . 2008-04-14 05:39 13,463,552 --a--c--- m:\winxp\system32\dllcache\hwxjpn.dll
2009-01-04 17:07 . 2001-08-23 03:00 1,817,687 --a--c--- m:\winxp\system32\dllcache\bckgres.dll
2009-01-04 17:06 . 2003-03-24 16:52 20,540 --a--c--- m:\winxp\system32\dllcache\admin.dll
2009-01-04 17:06 . 2003-03-24 16:52 16,439 --a--c--- m:\winxp\system32\dllcache\admin.exe
2009-01-04 17:04 . 2009-01-04 17:04 749 -rah----- m:\winxp\WindowsShell.Manifest
2009-01-04 17:04 . 2009-01-04 17:04 749 -rah----- m:\winxp\system32\wuaucpl.cpl.manifest
2009-01-04 17:04 . 2009-01-04 17:04 749 -rah----- m:\winxp\system32\sapi.cpl.manifest
2009-01-04 17:04 . 2009-01-04 17:04 749 -rah----- m:\winxp\system32\nwc.cpl.manifest
2009-01-04 17:04 . 2009-01-04 17:04 749 -rah----- m:\winxp\system32\ncpa.cpl.manifest
2009-01-04 17:04 . 2009-01-04 17:04 488 -rah----- m:\winxp\system32\logonui.exe.manifest
2009-01-04 16:57 . 2009-01-04 16:57 4,444 --a------ m:\winxp\system32\pid.PNF
2009-01-04 08:39 . 2009-01-04 08:39 <DIR> d-------- m:\winxp\java
2009-01-03 20:16 . 2009-01-12 16:34 <DIR> d-------- m:\program files\Avast4
2009-01-03 20:16 . 2003-03-18 13:20 1,060,864 --a------ m:\winxp\system32\MFC71.dll
2008-12-31 16:59 . 2008-12-31 17:04 <DIR> d-------- m:\program files\Spybot - Search & Destroy
2008-12-30 01:12 . 2008-12-30 01:12 <DIR> d-------- m:\program files\Malwarebytes' Anti-Malware
2008-12-30 01:12 . 2008-12-30 01:12 <DIR> d-------- m:\documents and settings\Mick\Application Data\Malwarebytes
2008-12-30 01:12 . 2008-12-30 01:12 <DIR> d-------- m:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 01:12 . 2008-12-03 19:54 38,496 --a------ m:\winxp\system32\drivers\mbamswissarmy.sys
2008-12-30 01:12 . 2008-12-03 19:54 15,504 --a------ m:\winxp\system32\drivers\mbam.sys
2008-12-30 01:09 . 2008-12-30 01:09 <DIR> d-------- m:\program files\SUPERAntiSpyware
2008-12-30 01:09 . 2008-12-30 01:09 <DIR> d-------- m:\documents and settings\Mick\Application Data\SUPERAntiSpyware.com
2008-12-30 01:09 . 2008-12-30 01:09 <DIR> d-------- m:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-30 01:08 . 2008-12-30 01:08 <DIR> d-------- m:\program files\Common Files\Wise Installation Wizard
2008-12-27 10:50 . 2008-12-27 10:50 <DIR> d-------- m:\program files\Microsoft Silverlight
2008-12-26 16:56 . 2008-12-26 16:56 262,144 --a------ m:\winxp\system32\default_user_class.dat
2008-12-26 01:49 . 2009-01-03 20:00 <DIR> d--h----- M:\$AVG8.VAULT$
2008-12-23 22:18 . 2008-12-23 22:18 <DIR> d-------- m:\documents and settings\Mick\Application Data\Logitech
2008-12-23 22:18 . 2008-12-23 22:18 <DIR> d-------- m:\documents and settings\All Users\Application Data\LogiShrd
2008-12-23 22:17 . 2008-09-26 09:52 10,384 --a------ m:\winxp\system32\drivers\LBeepKE.sys
2008-12-23 22:16 . 2008-12-23 22:16 <DIR> d-------- m:\program files\Common Files\Logishrd
2008-12-23 22:16 . 2008-12-23 22:16 <DIR> d-------- m:\documents and settings\All Users\Application Data\Logitech
2008-12-23 22:16 . 2008-11-07 16:37 301,656 --a------ m:\winxp\system32\BtCoreIf.dll
2008-12-23 22:16 . 2008-11-07 16:38 170,512 --a------ m:\winxp\system32\kemutb.dll
2008-12-23 22:16 . 2008-11-07 16:38 145,936 --a------ m:\winxp\system32\KemUtil.dll
2008-12-23 22:16 . 2008-11-07 16:38 117,264 --a------ m:\winxp\system32\KemWnd.dll
2008-12-23 22:16 . 2008-11-07 16:38 84,496 --a------ m:\winxp\system32\KemXML.dll
2008-12-23 17:55 . 2008-12-23 17:55 <DIR> d-------- m:\winxp\ServicePackFiles
2008-12-23 17:55 . 2008-04-14 05:42 221,696 --a--c--- m:\winxp\system32\dllcache\seo.dll
2008-12-23 17:55 . 2008-04-14 05:42 189,440 --a--c--- m:\winxp\system32\dllcache\smtpadm.dll
2008-12-23 17:55 . 2008-04-14 05:42 10,752 --------- m:\winxp\system32\smtpapi.dll
2008-12-23 17:55 . 2008-04-14 05:42 10,752 --a--c--- m:\winxp\system32\dllcache\smtpapi.dll
2008-12-23 17:55 . 2008-04-14 05:42 9,728 --------- m:\winxp\system32\rwnh.dll
2008-12-23 17:55 . 2008-04-14 05:42 9,728 --a--c--- m:\winxp\system32\dllcache\rwnh.dll
2008-12-23 17:54 . 2009-01-04 08:44 <DIR> d-------- m:\winxp\system32\scripting
2008-12-23 14:41 . 2009-01-04 16:24 105,777 --a------ m:\winxp\setupapi.old
2008-12-19 18:59 . 2003-12-19 15:04 5,273,088 --a------ m:\winxp\system32\RTLCPL.EXE
2008-12-19 18:59 . 2003-12-11 23:54 391,424 --a------ m:\winxp\system32\drivers\ALCXSENS.SYS
2008-12-19 18:59 . 2003-12-18 02:05 155,648 --a------ m:\winxp\system32\RTLCPAPI.dll
2008-12-19 18:27 . 2008-12-19 18:27 <DIR> d-------- m:\program files\Realtek Sound Manager
2008-12-19 18:27 . 2008-12-19 18:59 <DIR> d-------- m:\program files\AvRack
2008-12-19 18:27 . 2003-12-19 20:07 541,548 --a------ m:\winxp\system32\drivers\ALCXWDM.SYS
2008-12-19 18:27 . 2002-02-05 13:54 141,016 --a------ m:\winxp\system32\ALSNDMGR.WAV
2008-12-19 18:27 . 2003-08-19 19:36 65,536 --a------ m:\winxp\system32\Audio3D.dll
2008-12-19 18:27 . 2003-12-19 17:53 65,024 --a------ m:\winxp\SOUNDMAN.EXE
2008-12-19 18:26 . 2003-12-19 17:54 14,204,416 --a------ m:\winxp\system32\ALSNDMGR.CPL
2008-12-19 18:26 . 2003-11-21 16:58 208,896 --a------ m:\winxp\alcupd.exe
2008-12-19 18:26 . 2003-11-21 16:56 139,264 --a------ m:\winxp\alcrmv.exe
2008-12-16 18:17 . 2008-12-16 18:17 <DIR> d-------- m:\documents and settings\All Users\Application Data\Acronis
2008-12-16 18:17 . 2008-12-16 18:17 1,075,712 --a------ m:\winxp\system32\AutoPartNt.exe
2008-12-16 18:17 . 2008-12-16 18:18 1,024 --a------ m:\winxp\system32\AutoPartNt.let
2008-12-15 20:46 . 2008-12-15 20:46 <DIR> d-------- m:\program files\2BrightSparks
2008-12-15 20:46 . 2008-12-15 20:46 <DIR> d-------- m:\documents and settings\All Users\Application Data\2BrightSparks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 02:50 --------- d-----w m:\documents and settings\All Users\Application Data\Google Updater
2009-01-07 00:49 --------- d-----w m:\program files\Java
2009-01-05 01:33 --------- d-----w m:\documents and settings\All Users\Application Data\avg8
2009-01-01 07:01 --------- d-----w m:\program files\MSN Messenger
2009-01-01 01:34 --------- d-----w m:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 06:16 --------- d--h--w m:\program files\InstallShield Installation Information
2008-12-24 06:16 --------- d-----w m:\program files\Logitech
2008-12-17 01:48 97,248 ----a-w m:\winxp\system32\drivers\snapman.sys
2008-12-17 01:48 --------- d-----w m:\program files\Common Files\Acronis
2008-12-16 23:42 --------- d-----w m:\program files\SyncBack
2008-12-16 01:56 --------- d-----w m:\program files\Creative
2008-12-16 01:50 --------- d-----w m:\program files\Microsoft ActiveSync
2008-12-16 01:48 --------- d-----w m:\program files\DiscWizard for Windows
2008-12-16 01:46 --------- d-----w m:\program files\Nero5
2008-12-16 01:45 --------- d-----w m:\program files\ABIT
2008-12-08 23:05 --------- d-----w m:\program files\QuickGamma
2008-11-30 23:03 --------- d-----w m:\program files\Synology Assistant
2008-11-27 03:12 --------- d-----w m:\program files\NOS
2008-11-27 03:12 --------- d-----w m:\documents and settings\All Users\Application Data\NOS
2008-11-26 09:02 --------- d-----w m:\program files\Common Files\Adobe
2008-11-26 08:55 --------- d-----w m:\program files\Skype
2008-11-26 08:50 --------- d-----w m:\program files\Canon
2008-10-23 12:36 286,720 ----a-w m:\winxp\system32\gdi32.dll
2008-10-16 22:13 1,809,944 ----a-w m:\winxp\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w m:\winxp\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w m:\winxp\system32\wucltui.dll
2008-10-16 22:12 202,776 ----a-w m:\winxp\system32\wuweb.dll
2008-10-16 22:09 92,696 ----a-w m:\winxp\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w m:\winxp\system32\wuauclt.exe
2008-10-16 22:08 34,328 ----a-w m:\winxp\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w m:\winxp\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w m:\winxp\system32\muweb.dll
2008-10-16 20:38 826,368 ----a-w m:\winxp\system32\wininet.dll
2008-04-12 01:54 52,224 ----a-w m:\documents and settings\Mick\Application Data\GDIPFONTCACHEV1.DAT
2007-02-11 02:46 92,064 ----a-w m:\documents and settings\Mick\mqdmmdm.sys
2007-02-11 02:46 9,232 ----a-w m:\documents and settings\Mick\mqdmmdfl.sys
2007-02-11 02:46 79,328 ----a-w m:\documents and settings\Mick\mqdmserd.sys
2007-02-11 02:46 66,656 ----a-w m:\documents and settings\Mick\mqdmbus.sys
2007-02-11 02:46 6,208 ----a-w m:\documents and settings\Mick\mqdmcmnt.sys
2007-02-11 02:46 5,936 ----a-w m:\documents and settings\Mick\mqdmwhnt.sys
2007-02-11 02:46 4,048 ----a-w m:\documents and settings\Mick\mqdmcr.sys
2007-02-11 02:46 25,600 ----a-w m:\documents and settings\Mick\usbsermptxp.sys
2007-02-11 02:46 22,768 ----a-w m:\documents and settings\Mick\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot_2009-01-07_18.57.42.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 16:00:00 28,672 ----a-w m:\winxp\NIRCMD.exe
+ 2000-08-31 16:00:00 29,696 ----a-w m:\winxp\NIRCMD.exe
+ 2009-01-13 00:33:29 16,384 ----atw m:\winxp\temp\Perflib_Perfdata_428.dat
+ 2009-01-13 00:33:21 16,384 ----atw m:\winxp\temp\Perflib_Perfdata_698.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="m:\winxp\system32\ctfmon.exe" [2008-04-14 15360]
"QuickGammaLoader"="m:\program files\QuickGamma\QuickGammaLoader.exe" [2005-03-28 68096]
"SpybotSD TeaTimer"="m:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="m:\winxp\system32\NvCpl.dll" [2007-06-28 8466432]
"CoolSwitch"="m:\winxp\system32\taskswitch.exe" [2002-03-19 45632]
"SunJavaUpdateSched"="m:\program files\Java\jre6\bin\jusched.exe" [2009-01-06 136600]
"OSSelectorReinstall"="m:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2005-11-07 1540003]
"avast!"="m:\progra~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvMediaCenter"="m:\winxp\system32\NvMcTray.dll" [2007-06-28 81920]
"AVG8_TRAY"="m:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-04 1261336]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 m:\winxp\LOGI_MWX.EXE]
"nwiz"="nwiz.exe" [2007-06-28 m:\winxp\system32\nwiz.exe]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 m:\winxp\system32\TWEAKUI.CPL]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 m:\winxp\StartupMonitor.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 m:\winxp\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 m:\winxp\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="m:\winxp\system32\tscupgrd.exe" [2004-08-03 44544]

m:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - m:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Logitech SetPoint.lnk - m:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 809488]
Wireless Configuration Utility HW.14.lnk - m:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-09 634880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "m:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "m:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 m:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 m:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\M:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=m:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=m:\winxp\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\M:^Documents and Settings^Mick^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=m:\documents and settings\Mick\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=m:\winxp\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-08-17 19:04 39408 m:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 m:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:1\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:1\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:1\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:1\\WINXP\\system32\\dpvsetup.exe"=
"C:1\\Program Files\\Motorola\\Software Update\\msu.exe"=
"m:\\WINXP\\system32\\sessmgr.exe"=
"C:1\\WINXP\\system32\\rundll32.exe"=
"C:1\\Program Files\\Messenger\\msmsgs.exe"=
"C:1\\WINXP\\system32\\fxsclnt.exe"=
"C:1\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:1\\Program Files\\MSN Messenger\\livecall.exe"=
"C:1\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:1\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:1\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:1\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:1\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:1\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:1\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:1\\Documents and Settings\\Mick\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:1\\Program Files\\Synology Assistant\\DSAssistant.exe"=
"m:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:1\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"C:1\\Program Files\\Synology Data Replicator II\\Backup.exe"=
"C:1\\Program Files\\Synology Data Replicator II\\Backup.exe"=
"C:1\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:1\\Program Files\\Synology Download Redirector\\Redirector.exe"=
"m:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"m:\\Program Files\\MSN Messenger\\livecall.exe"=
"m:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 aswSP;avast! Self Protection;m:\winxp\system32\drivers\aswSP.sys [2009-01-03 111184]
R1 AvgLdx86;AVG AVI Loader Driver x86;m:\winxp\system32\drivers\avgldx86.sys [2009-01-04 97928]
R1 Ext2fs;Ext2fs;m:\winxp\system32\drivers\ext2fs.sys [2007-10-06 132736]
R1 IfsDrives;IfsDrives;m:\winxp\system32\drivers\IfsDrives.sys [2007-10-06 4608]
R1 SASDIFSV;SASDIFSV;m:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;m:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R4 aswFsBlk;aswFsBlk;m:\winxp\system32\drivers\aswFsBlk.sys [2009-01-03 20560]
R4 avg8wd;AVG8 WatchDog;m:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-04 231704]
R4 LBeepKE;LBeepKE;m:\winxp\system32\drivers\LBeepKE.sys [2008-12-23 10384]
R4 WinDefend;Windows Defender;m:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 AC2003;AC2003;m:\winxp\system32\drivers\AC2003.sys [2005-01-30 4224]
S3 DCamUSBPremier;DC E30;m:\winxp\system32\drivers\MPIXVID.SYS [2006-04-04 81921]
S3 hcdriver;EHCI;m:\winxp\system32\drivers\hcdriver.sys [2007-02-03 50432]
S3 MotDev;Motorola Inc. USB Device;m:\winxp\system32\drivers\motodrv.sys [2007-02-10 40832]
S3 NPF;NetGroup Packet Filter Driver;m:\winxp\system32\drivers\npf.sys [2007-06-28 42512]
S3 SASENUM;SASENUM;m:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 m:\winxp\Tasks\MP Scheduled Scan.job
- m:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-01-09 m:\winxp\Tasks\OUTLOOK.job
- m:\program files\Microsoft Office\Office10\OUTLOOK.EXE [2008-01-11 10:23]

2009-01-09 m:\winxp\Tasks\OUTLOOK.job
- m:\program files\Microsoft Office\Office10 [2008-12-16 15:27]

2008-11-30 m:\winxp\Tasks\SyncBack Downloads.job
- m:\program files\SyncBack\SyncBack.exe [2008-08-12 12:00]

2008-11-30 m:\winxp\Tasks\SyncBack Work.job
- m:\program files\SyncBack\SyncBack.exe [2008-08-12 12:00]

2008-11-30 m:\winxp\Tasks\SyncBack Work.job
- m:\program files\SyncBack [2008-12-16 15:42]
.
.
------- Supplementary Scan -------
.
uLocal Page = m:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - m:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://m:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://m:\program files\ieSpell\wikipedia.HTM
IE: Send to &Bluetooth Device... - m:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: www.bleepingcomputer.com
Trusted Zone: *.update.microsoft.com
Trusted Zone: download.windowsupdate.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 17:35:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet004\Control\Creative Tech\Ctstring\Strings\{97BCAF95-9091-*C7F-A2F5-3DD6D5*C187D}]
@="Output Delay Right Front"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
m:\winxp\system32\avgrsstx.dll
m:\program files\SUPERAntiSpyware\SASWINLO.dll
m:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
m:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(852)
m:\winxp\system32\avgrsstx.dll
.
Completion time: 2009-01-12 17:38:25
ComboFix-quarantined-files.txt 2009-01-13 01:38:14
ComboFix2.txt 2009-01-09 22:46:46
ComboFix3.txt 2009-01-08 02:59:27

Pre-Run: 16,447,860,736 bytes free
Post-Run: 16,409,804,800 bytes free

Current=4 Default=4 Failed=0 LastKnownGood=3 Sets=1,2,3,4
324 --- E O F --- 2009-01-12 21:14:34

#10 Kbird

Kbird
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 12 January 2009 - 10:49 PM

hi L. no worries , just glad you are here at all , looks like you are swapped judging by the site traffic the last few days.Not sure if its related , the logfile crashed my system last night and tonite when i tried to upload it but has copy and pasted just fine now , opposite of last time? very weird , maybe I am just paraniod now ? be interested to know what software you have running as far as Antivirus/spyware etc incase i should add something.

Thanks,

Mick.


ComboFix 09-01-11.04 - Mick 2009-01-12 17:32:49.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT -8:00]
Running from: m:\documents and settings\Mick\Desktop\ComboFix.exe
Command switches used :: m:\documents and settings\Mick\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090112-0] *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active


FILE ::
m:\winxp\system32\SNU.dll
m:\winxp\Tasks\polizlln.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

m:\winxp\system32\SNU.dll
m:\winxp\Tasks\polizlln.job

.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-06 19:18 . 2009-01-06 19:18 250 --a------ m:\winxp\gmer.ini
2009-01-06 16:49 . 2009-01-06 16:49 410,984 --a------ m:\winxp\system32\deploytk.dll
2009-01-04 23:45 . 2009-01-04 23:45 <DIR> d-------- m:\program files\VS Revo Group
2009-01-04 22:01 . 2008-06-13 03:05 272,128 -----c--- m:\winxp\system32\dllcache\bthport.sys
2009-01-04 22:00 . 2008-08-14 02:11 2,189,184 -----c--- m:\winxp\system32\dllcache\ntoskrnl.exe
2009-01-04 22:00 . 2008-08-14 02:09 2,145,280 -----c--- m:\winxp\system32\dllcache\ntkrnlmp.exe
2009-01-04 22:00 . 2008-08-14 01:33 2,066,048 -----c--- m:\winxp\system32\dllcache\ntkrnlpa.exe
2009-01-04 22:00 . 2008-08-14 01:33 2,023,936 -----c--- m:\winxp\system32\dllcache\ntkrpamp.exe
2009-01-04 21:59 . 2008-10-24 03:21 455,296 -----c--- m:\winxp\system32\dllcache\mrxsmb.sys
2009-01-04 21:51 . 2008-10-16 12:38 6,066,176 -----c--- m:\winxp\system32\dllcache\ieframe.dll
2009-01-04 21:51 . 2007-04-17 01:32 2,455,488 -----c--- m:\winxp\system32\dllcache\ieapfltr.dat
2009-01-04 21:51 . 2007-03-07 21:10 991,232 -----c--- m:\winxp\system32\dllcache\ieframe.dll.mui
2009-01-04 21:51 . 2008-10-16 12:38 459,264 -----c--- m:\winxp\system32\dllcache\msfeeds.dll
2009-01-04 21:51 . 2008-10-16 12:38 383,488 -----c--- m:\winxp\system32\dllcache\ieapfltr.dll
2009-01-04 21:51 . 2008-10-16 12:38 267,776 -----c--- m:\winxp\system32\dllcache\iertutil.dll
2009-01-04 21:51 . 2008-10-16 12:38 63,488 -----c--- m:\winxp\system32\dllcache\icardie.dll
2009-01-04 21:51 . 2008-10-16 12:38 52,224 -----c--- m:\winxp\system32\dllcache\msfeedsbs.dll
2009-01-04 21:51 . 2008-10-16 05:11 13,824 -----c--- m:\winxp\system32\dllcache\ieudinit.exe
2009-01-04 21:40 . 2008-10-16 14:09 43,544 --a------ m:\winxp\system32\wups2.dll
2009-01-04 17:33 . 2009-01-12 14:54 <DIR> d-------- m:\winxp\system32\drivers\Avg
2009-01-04 17:33 . 2009-01-06 19:44 <DIR> d-------- m:\documents and settings\Mick\Application Data\AVGTOOLBAR
2009-01-04 17:33 . 2009-01-04 17:39 97,928 --a------ m:\winxp\system32\drivers\avgldx86.sys
2009-01-04 17:33 . 2009-01-04 17:39 10,520 --a------ m:\winxp\system32\avgrsstx.dll
2009-01-04 17:11 . 2001-08-23 03:00 113,222 --a--c--- m:\winxp\system32\dllcache\zoneclim.dll
2009-01-04 17:11 . 2001-08-23 03:00 41,029 --a--c--- m:\winxp\system32\dllcache\zcorem.dll
2009-01-04 17:11 . 2001-08-23 03:00 36,937 --a--c--- m:\winxp\system32\dllcache\zclientm.exe
2009-01-04 17:11 . 2001-08-23 03:00 29,760 --a--c--- m:\winxp\system32\dllcache\znetm.dll
2009-01-04 17:11 . 2001-08-23 03:00 13,894 --a--c--- m:\winxp\system32\dllcache\zonelibm.dll
2009-01-04 17:11 . 2001-08-23 03:00 4,677 --a--c--- m:\winxp\system32\dllcache\zeeverm.dll
2009-01-04 17:09 . 2001-08-23 03:00 1,875,968 --a--c--- m:\winxp\system32\dllcache\msir3jp.lex
2009-01-04 17:08 . 2008-04-14 05:39 13,463,552 --a--c--- m:\winxp\system32\dllcache\hwxjpn.dll
2009-01-04 17:07 . 2001-08-23 03:00 1,817,687 --a--c--- m:\winxp\system32\dllcache\bckgres.dll
2009-01-04 17:06 . 2003-03-24 16:52 20,540 --a--c--- m:\winxp\system32\dllcache\admin.dll
2009-01-04 17:06 . 2003-03-24 16:52 16,439 --a--c--- m:\winxp\system32\dllcache\admin.exe
2009-01-04 17:04 . 2009-01-04 17:04 749 -rah----- m:\winxp\WindowsShell.Manifest
2009-01-04 17:04 . 2009-01-04 17:04 749 -rah----- m:\winxp\system32\wuaucpl.cpl.manifest
2009-01-04 17:04 . 2009-01-04 17:04 749 -rah----- m:\winxp\system32\sapi.cpl.manifest
2009-01-04 17:04 . 2009-01-04 17:04 749 -rah----- m:\winxp\system32\nwc.cpl.manifest
2009-01-04 17:04 . 2009-01-04 17:04 749 -rah----- m:\winxp\system32\ncpa.cpl.manifest
2009-01-04 17:04 . 2009-01-04 17:04 488 -rah----- m:\winxp\system32\logonui.exe.manifest
2009-01-04 16:57 . 2009-01-04 16:57 4,444 --a------ m:\winxp\system32\pid.PNF
2009-01-04 08:39 . 2009-01-04 08:39 <DIR> d-------- m:\winxp\java
2009-01-03 20:16 . 2009-01-12 16:34 <DIR> d-------- m:\program files\Avast4
2009-01-03 20:16 . 2003-03-18 13:20 1,060,864 --a------ m:\winxp\system32\MFC71.dll
2008-12-31 16:59 . 2008-12-31 17:04 <DIR> d-------- m:\program files\Spybot - Search & Destroy
2008-12-30 01:12 . 2008-12-30 01:12 <DIR> d-------- m:\program files\Malwarebytes' Anti-Malware
2008-12-30 01:12 . 2008-12-30 01:12 <DIR> d-------- m:\documents and settings\Mick\Application Data\Malwarebytes
2008-12-30 01:12 . 2008-12-30 01:12 <DIR> d-------- m:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 01:12 . 2008-12-03 19:54 38,496 --a------ m:\winxp\system32\drivers\mbamswissarmy.sys
2008-12-30 01:12 . 2008-12-03 19:54 15,504 --a------ m:\winxp\system32\drivers\mbam.sys
2008-12-30 01:09 . 2008-12-30 01:09 <DIR> d-------- m:\program files\SUPERAntiSpyware
2008-12-30 01:09 . 2008-12-30 01:09 <DIR> d-------- m:\documents and settings\Mick\Application Data\SUPERAntiSpyware.com
2008-12-30 01:09 . 2008-12-30 01:09 <DIR> d-------- m:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-30 01:08 . 2008-12-30 01:08 <DIR> d-------- m:\program files\Common Files\Wise Installation Wizard
2008-12-27 10:50 . 2008-12-27 10:50 <DIR> d-------- m:\program files\Microsoft Silverlight
2008-12-26 16:56 . 2008-12-26 16:56 262,144 --a------ m:\winxp\system32\default_user_class.dat
2008-12-26 01:49 . 2009-01-03 20:00 <DIR> d--h----- M:\$AVG8.VAULT$
2008-12-23 22:18 . 2008-12-23 22:18 <DIR> d-------- m:\documents and settings\Mick\Application Data\Logitech
2008-12-23 22:18 . 2008-12-23 22:18 <DIR> d-------- m:\documents and settings\All Users\Application Data\LogiShrd
2008-12-23 22:17 . 2008-09-26 09:52 10,384 --a------ m:\winxp\system32\drivers\LBeepKE.sys
2008-12-23 22:16 . 2008-12-23 22:16 <DIR> d-------- m:\program files\Common Files\Logishrd
2008-12-23 22:16 . 2008-12-23 22:16 <DIR> d-------- m:\documents and settings\All Users\Application Data\Logitech
2008-12-23 22:16 . 2008-11-07 16:37 301,656 --a------ m:\winxp\system32\BtCoreIf.dll
2008-12-23 22:16 . 2008-11-07 16:38 170,512 --a------ m:\winxp\system32\kemutb.dll
2008-12-23 22:16 . 2008-11-07 16:38 145,936 --a------ m:\winxp\system32\KemUtil.dll
2008-12-23 22:16 . 2008-11-07 16:38 117,264 --a------ m:\winxp\system32\KemWnd.dll
2008-12-23 22:16 . 2008-11-07 16:38 84,496 --a------ m:\winxp\system32\KemXML.dll
2008-12-23 17:55 . 2008-12-23 17:55 <DIR> d-------- m:\winxp\ServicePackFiles
2008-12-23 17:55 . 2008-04-14 05:42 221,696 --a--c--- m:\winxp\system32\dllcache\seo.dll
2008-12-23 17:55 . 2008-04-14 05:42 189,440 --a--c--- m:\winxp\system32\dllcache\smtpadm.dll
2008-12-23 17:55 . 2008-04-14 05:42 10,752 --------- m:\winxp\system32\smtpapi.dll
2008-12-23 17:55 . 2008-04-14 05:42 10,752 --a--c--- m:\winxp\system32\dllcache\smtpapi.dll
2008-12-23 17:55 . 2008-04-14 05:42 9,728 --------- m:\winxp\system32\rwnh.dll
2008-12-23 17:55 . 2008-04-14 05:42 9,728 --a--c--- m:\winxp\system32\dllcache\rwnh.dll
2008-12-23 17:54 . 2009-01-04 08:44 <DIR> d-------- m:\winxp\system32\scripting
2008-12-23 14:41 . 2009-01-04 16:24 105,777 --a------ m:\winxp\setupapi.old
2008-12-19 18:59 . 2003-12-19 15:04 5,273,088 --a------ m:\winxp\system32\RTLCPL.EXE
2008-12-19 18:59 . 2003-12-11 23:54 391,424 --a------ m:\winxp\system32\drivers\ALCXSENS.SYS
2008-12-19 18:59 . 2003-12-18 02:05 155,648 --a------ m:\winxp\system32\RTLCPAPI.dll
2008-12-19 18:27 . 2008-12-19 18:27 <DIR> d-------- m:\program files\Realtek Sound Manager
2008-12-19 18:27 . 2008-12-19 18:59 <DIR> d-------- m:\program files\AvRack
2008-12-19 18:27 . 2003-12-19 20:07 541,548 --a------ m:\winxp\system32\drivers\ALCXWDM.SYS
2008-12-19 18:27 . 2002-02-05 13:54 141,016 --a------ m:\winxp\system32\ALSNDMGR.WAV
2008-12-19 18:27 . 2003-08-19 19:36 65,536 --a------ m:\winxp\system32\Audio3D.dll
2008-12-19 18:27 . 2003-12-19 17:53 65,024 --a------ m:\winxp\SOUNDMAN.EXE
2008-12-19 18:26 . 2003-12-19 17:54 14,204,416 --a------ m:\winxp\system32\ALSNDMGR.CPL
2008-12-19 18:26 . 2003-11-21 16:58 208,896 --a------ m:\winxp\alcupd.exe
2008-12-19 18:26 . 2003-11-21 16:56 139,264 --a------ m:\winxp\alcrmv.exe
2008-12-16 18:17 . 2008-12-16 18:17 <DIR> d-------- m:\documents and settings\All Users\Application Data\Acronis
2008-12-16 18:17 . 2008-12-16 18:17 1,075,712 --a------ m:\winxp\system32\AutoPartNt.exe
2008-12-16 18:17 . 2008-12-16 18:18 1,024 --a------ m:\winxp\system32\AutoPartNt.let
2008-12-15 20:46 . 2008-12-15 20:46 <DIR> d-------- m:\program files\2BrightSparks
2008-12-15 20:46 . 2008-12-15 20:46 <DIR> d-------- m:\documents and settings\All Users\Application Data\2BrightSparks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 02:50 --------- d-----w m:\documents and settings\All Users\Application Data\Google Updater
2009-01-07 00:49 --------- d-----w m:\program files\Java
2009-01-05 01:33 --------- d-----w m:\documents and settings\All Users\Application Data\avg8
2009-01-01 07:01 --------- d-----w m:\program files\MSN Messenger
2009-01-01 01:34 --------- d-----w m:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 06:16 --------- d--h--w m:\program files\InstallShield Installation Information
2008-12-24 06:16 --------- d-----w m:\program files\Logitech
2008-12-17 01:48 97,248 ----a-w m:\winxp\system32\drivers\snapman.sys
2008-12-17 01:48 --------- d-----w m:\program files\Common Files\Acronis
2008-12-16 23:42 --------- d-----w m:\program files\SyncBack
2008-12-16 01:56 --------- d-----w m:\program files\Creative
2008-12-16 01:50 --------- d-----w m:\program files\Microsoft ActiveSync
2008-12-16 01:48 --------- d-----w m:\program files\DiscWizard for Windows
2008-12-16 01:46 --------- d-----w m:\program files\Nero5
2008-12-16 01:45 --------- d-----w m:\program files\ABIT
2008-12-08 23:05 --------- d-----w m:\program files\QuickGamma
2008-11-30 23:03 --------- d-----w m:\program files\Synology Assistant
2008-11-27 03:12 --------- d-----w m:\program files\NOS
2008-11-27 03:12 --------- d-----w m:\documents and settings\All Users\Application Data\NOS
2008-11-26 09:02 --------- d-----w m:\program files\Common Files\Adobe
2008-11-26 08:55 --------- d-----w m:\program files\Skype
2008-11-26 08:50 --------- d-----w m:\program files\Canon
2008-10-23 12:36 286,720 ----a-w m:\winxp\system32\gdi32.dll
2008-10-16 22:13 1,809,944 ----a-w m:\winxp\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w m:\winxp\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w m:\winxp\system32\wucltui.dll
2008-10-16 22:12 202,776 ----a-w m:\winxp\system32\wuweb.dll
2008-10-16 22:09 92,696 ----a-w m:\winxp\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w m:\winxp\system32\wuauclt.exe
2008-10-16 22:08 34,328 ----a-w m:\winxp\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w m:\winxp\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w m:\winxp\system32\muweb.dll
2008-10-16 20:38 826,368 ----a-w m:\winxp\system32\wininet.dll
2008-04-12 01:54 52,224 ----a-w m:\documents and settings\Mick\Application Data\GDIPFONTCACHEV1.DAT
2007-02-11 02:46 92,064 ----a-w m:\documents and settings\Mick\mqdmmdm.sys
2007-02-11 02:46 9,232 ----a-w m:\documents and settings\Mick\mqdmmdfl.sys
2007-02-11 02:46 79,328 ----a-w m:\documents and settings\Mick\mqdmserd.sys
2007-02-11 02:46 66,656 ----a-w m:\documents and settings\Mick\mqdmbus.sys
2007-02-11 02:46 6,208 ----a-w m:\documents and settings\Mick\mqdmcmnt.sys
2007-02-11 02:46 5,936 ----a-w m:\documents and settings\Mick\mqdmwhnt.sys
2007-02-11 02:46 4,048 ----a-w m:\documents and settings\Mick\mqdmcr.sys
2007-02-11 02:46 25,600 ----a-w m:\documents and settings\Mick\usbsermptxp.sys
2007-02-11 02:46 22,768 ----a-w m:\documents and settings\Mick\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot_2009-01-07_18.57.42.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 16:00:00 28,672 ----a-w m:\winxp\NIRCMD.exe
+ 2000-08-31 16:00:00 29,696 ----a-w m:\winxp\NIRCMD.exe
+ 2009-01-13 00:33:29 16,384 ----atw m:\winxp\temp\Perflib_Perfdata_428.dat
+ 2009-01-13 00:33:21 16,384 ----atw m:\winxp\temp\Perflib_Perfdata_698.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="m:\winxp\system32\ctfmon.exe" [2008-04-14 15360]
"QuickGammaLoader"="m:\program files\QuickGamma\QuickGammaLoader.exe" [2005-03-28 68096]
"SpybotSD TeaTimer"="m:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="m:\winxp\system32\NvCpl.dll" [2007-06-28 8466432]
"CoolSwitch"="m:\winxp\system32\taskswitch.exe" [2002-03-19 45632]
"SunJavaUpdateSched"="m:\program files\Java\jre6\bin\jusched.exe" [2009-01-06 136600]
"OSSelectorReinstall"="m:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2005-11-07 1540003]
"avast!"="m:\progra~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvMediaCenter"="m:\winxp\system32\NvMcTray.dll" [2007-06-28 81920]
"AVG8_TRAY"="m:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-04 1261336]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 m:\winxp\LOGI_MWX.EXE]
"nwiz"="nwiz.exe" [2007-06-28 m:\winxp\system32\nwiz.exe]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 m:\winxp\system32\TWEAKUI.CPL]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 m:\winxp\StartupMonitor.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 m:\winxp\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 m:\winxp\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="m:\winxp\system32\tscupgrd.exe" [2004-08-03 44544]

m:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - m:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Logitech SetPoint.lnk - m:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 809488]
Wireless Configuration Utility HW.14.lnk - m:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-09 634880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "m:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "m:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 m:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 m:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\M:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=m:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=m:\winxp\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\M:^Documents and Settings^Mick^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=m:\documents and settings\Mick\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=m:\winxp\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-08-17 19:04 39408 m:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 m:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:1\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:1\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:1\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:1\\WINXP\\system32\\dpvsetup.exe"=
"C:1\\Program Files\\Motorola\\Software Update\\msu.exe"=
"m:\\WINXP\\system32\\sessmgr.exe"=
"C:1\\WINXP\\system32\\rundll32.exe"=
"C:1\\Program Files\\Messenger\\msmsgs.exe"=
"C:1\\WINXP\\system32\\fxsclnt.exe"=
"C:1\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:1\\Program Files\\MSN Messenger\\livecall.exe"=
"C:1\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:1\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:1\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:1\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:1\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:1\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:1\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:1\\Documents and Settings\\Mick\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:1\\Program Files\\Synology Assistant\\DSAssistant.exe"=
"m:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:1\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"C:1\\Program Files\\Synology Data Replicator II\\Backup.exe"=
"C:1\\Program Files\\Synology Data Replicator II\\Backup.exe"=
"C:1\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:1\\Program Files\\Synology Download Redirector\\Redirector.exe"=
"m:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"m:\\Program Files\\MSN Messenger\\livecall.exe"=
"m:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 aswSP;avast! Self Protection;m:\winxp\system32\drivers\aswSP.sys [2009-01-03 111184]
R1 AvgLdx86;AVG AVI Loader Driver x86;m:\winxp\system32\drivers\avgldx86.sys [2009-01-04 97928]
R1 Ext2fs;Ext2fs;m:\winxp\system32\drivers\ext2fs.sys [2007-10-06 132736]
R1 IfsDrives;IfsDrives;m:\winxp\system32\drivers\IfsDrives.sys [2007-10-06 4608]
R1 SASDIFSV;SASDIFSV;m:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;m:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R4 aswFsBlk;aswFsBlk;m:\winxp\system32\drivers\aswFsBlk.sys [2009-01-03 20560]
R4 avg8wd;AVG8 WatchDog;m:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-04 231704]
R4 LBeepKE;LBeepKE;m:\winxp\system32\drivers\LBeepKE.sys [2008-12-23 10384]
R4 WinDefend;Windows Defender;m:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 AC2003;AC2003;m:\winxp\system32\drivers\AC2003.sys [2005-01-30 4224]
S3 DCamUSBPremier;DC E30;m:\winxp\system32\drivers\MPIXVID.SYS [2006-04-04 81921]
S3 hcdriver;EHCI;m:\winxp\system32\drivers\hcdriver.sys [2007-02-03 50432]
S3 MotDev;Motorola Inc. USB Device;m:\winxp\system32\drivers\motodrv.sys [2007-02-10 40832]
S3 NPF;NetGroup Packet Filter Driver;m:\winxp\system32\drivers\npf.sys [2007-06-28 42512]
S3 SASENUM;SASENUM;m:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 m:\winxp\Tasks\MP Scheduled Scan.job
- m:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-01-09 m:\winxp\Tasks\OUTLOOK.job
- m:\program files\Microsoft Office\Office10\OUTLOOK.EXE [2008-01-11 10:23]

2009-01-09 m:\winxp\Tasks\OUTLOOK.job
- m:\program files\Microsoft Office\Office10 [2008-12-16 15:27]

2008-11-30 m:\winxp\Tasks\SyncBack Downloads.job
- m:\program files\SyncBack\SyncBack.exe [2008-08-12 12:00]

2008-11-30 m:\winxp\Tasks\SyncBack Work.job
- m:\program files\SyncBack\SyncBack.exe [2008-08-12 12:00]

2008-11-30 m:\winxp\Tasks\SyncBack Work.job
- m:\program files\SyncBack [2008-12-16 15:42]
.
.
------- Supplementary Scan -------
.
uLocal Page = m:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - m:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://m:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://m:\program files\ieSpell\wikipedia.HTM
IE: Send to &Bluetooth Device... - m:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: www.bleepingcomputer.com
Trusted Zone: *.update.microsoft.com
Trusted Zone: download.windowsupdate.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 17:35:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet004\Control\Creative Tech\Ctstring\Strings\{97BCAF95-9091-*C7F-A2F5-3DD6D5*C187D}]
@="Output Delay Right Front"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
m:\winxp\system32\avgrsstx.dll
m:\program files\SUPERAntiSpyware\SASWINLO.dll
m:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
m:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(852)
m:\winxp\system32\avgrsstx.dll
.
Completion time: 2009-01-12 17:38:25
ComboFix-quarantined-files.txt 2009-01-13 01:38:14
ComboFix2.txt 2009-01-09 22:46:46
ComboFix3.txt 2009-01-08 02:59:27

Pre-Run: 16,447,860,736 bytes free
Post-Run: 16,409,804,800 bytes free

Current=4 Default=4 Failed=0 LastKnownGood=3 Sets=1,2,3,4
324 --- E O F --- 2009-01-12 21:14:34

Attached Files

  • Attached File  log.txt   22.47KB   1 downloads


#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:35 PM

Posted 13 January 2009 - 12:29 PM

Everything looks good at this point. Are the problems gone?

As for my security software, I just use Avast Free on my home computer. No firewalls as I have a hardware router that blocks inbound traffic and am not as concerned about outbound traffic.

#12 Kbird

Kbird
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 13 January 2009 - 10:58 PM

Hi L. Thanks alot , all does seem well tonte , I am not sure the internet problems are related to the virus now , could be my ISP or other issues. Tonite no problem getting to Bleeping, last 48 hrs were terrible ,though sites like ggogle just fine ,was thinking the virus "knew" about you guys as was blocking me.:thumbsup: Computer/IExp. locked up on sending yesterday's logfile ,so wasnt sure my response got posted or not ,but it's here :) .

Thanks for the info ,I am now running Avast Free as well ,been using AVGFree (8) for years an am still surprised this (?) got on my machine past it somehow. Are there good tutorials on how to use/understand ComboFix and HijackThis ,you can point me too? I like to know more and have an idea on what it was you actually were doing for me. You couldnt have made it simpler , so thanks for all your time.


I will monitor the next few days and update the topic if needed , so thanks very much once again.

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:35 PM

Posted 14 January 2009 - 06:54 PM

Yes, it is very common for malware to block infected computers from reaching BleepingComputer.com. They know we remove their infections, so try to stop you from getting here.

Tutorial on hijackthis that I wrote can be found here:

http://www.bleepingcomputer.com/tutorials/how-to-use-hijackthis/

Combofix has no such tutorial.

Glad to know things are working properly now.

#14 Kbird

Kbird
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 14 January 2009 - 09:14 PM

thx again L. :thumbsup: will havea read of that tutorial now ...

Mick




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users