Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with Malware: jineboka.dll, rubufofo.dll, etc


  • This topic is locked This topic is locked
10 replies to this topic

#1 Dave Marsh

Dave Marsh

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 27 January 2009 - 04:36 PM

Need help salvaging infected Windows XP unit. The malware redirects websites, especially if you google the dll file names.

Posted is the requested dump information. Appologies if this is in the wrong spot - new at this:

Note the dll's being run on the current date - Jan 27 in the dump file below. Attempts to weed them out after booting off of a recovery disk have been unsuccesful. Windows defender (newest definitions loaded) crashed attempting to disable/dissallow them (I'm not surprised).

Dave Marsh
e-mail removed to protect from spambots. ~ OB

DDS (Ver_09-01-19.01) - NTFSx86
Run by Admin_User at 10:48:40.79 on 27/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.495.43 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin_User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = https://reg.knowledgeadventure.com/prodreg....Email%20Address
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {67e4b1f6-9b47-48c8-a468-16494ad8ae57} - c:\windows\system32\ljJBtrqP.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\jkkJbcDT.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7dea8b50-aab0-43b3-9f19-0071719d45ee} - c:\windows\system32\tekumubu.dll
BHO: {8ae7ef4c-5229-ffb8-06a4-834a4a1b0e6d}: {d6e0b1a4-a438-4a60-8bff-9225c4fe7ea8} - c:\windows\system32\umznfq.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [LXCECATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCEtime.dll,_RunDLLEntry@16
mRun: [lxcemon.exe] "c:\program files\lexmark 4300 series\lxcemon.exe"
mRun: [EzPrint] "c:\program files\lexmark 4300 series\ezprint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [lxdjmon.exe] "c:\program files\lexmark 1400 series\lxdjmon.exe"
mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe"
mRun: [LXDJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDJtime.dll,_RunDLLEntry@16
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [PadTouch] "c:\program files\toshiba\padtouch\PadExe.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Norton Ghost 12.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [gomahutapa] Rundll32.exe "c:\windows\system32\ribigode.dll",s
mRun: [CPM17440692] Rundll32.exe "c:\windows\system32\kamezuzi.dll",a
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax\2007\ic2007pp.dll
Notify: igfxcui - igfxsrvc.dll
Notify: jkkJbcDT - jkkJbcDT.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
AppInit_DLLs: c:\windows\system32\rubufofu.dll c:\windows\system32\kamezuzi.dll umznfq.dll c:\docume~1\alluse~1\applic~1\jineboka\jineboka.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\docume~1\alluse~1\applic~1\jineboka\jineboka.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\kamezuzi.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\jkkJbcDT.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ljJBtrqP
LSA: Notification Packages = scecli c:\windows\system32\rubufofu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin_user\application data\mozilla\firefox\profiles\agkorej1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\mozilla firefox\plugins\npvirtools.dll

============= SERVICES / DRIVERS ===============

R4 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-4-7 14336]
R4 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2008-11-25 991232]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2004-4-7 46108]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-26 18560]
S3 getPlusŪ Helper;getPlusŪ Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-17 33752]

=============== Created Last 30 ================

2009-01-27 10:04 135,345 a--sh--- c:\windows\system32\umznfq.dll
2009-01-27 09:45 1,493,953 ---sh--- c:\windows\system32\uhowepap.ini
2009-01-27 09:45 133,306 a--sh--- c:\windows\system32\jcyfpn.dll
2009-01-26 13:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\dupiduhu
2009-01-26 13:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\jineboka
2009-01-26 13:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\bimuroda
2009-01-24 08:52 1,468,094 ---sh--- c:\windows\system32\qxoiorla.ini
2009-01-24 08:39 30,866 a--sh--- c:\windows\system32\PqrtBJjl.ini2
2009-01-24 08:39 30,866 a--sh--- c:\windows\system32\PqrtBJjl.ini
2009-01-24 08:34 48,128 a------- c:\windows\system32\wvUoOGwU.dll
2009-01-20 13:14 <DIR> --d----- c:\program files\LEGO Company
2009-01-01 08:56 <DIR> --d----- c:\program files\iPod
2009-01-01 08:56 <DIR> --d----- c:\program files\iTunes
2009-01-01 08:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-01 08:54 <DIR> --d----- c:\program files\Bonjour
2009-01-01 08:50 32,000 a------- c:\windows\system32\drivers\usbaapl.sys

==================== Find3M ====================

2009-01-27 10:04 135,345 a--sh--- c:\windows\system32\fawofofo.dll
2009-01-27 10:04 99,981 a--sh--- c:\windows\system32\honomige.dll
2009-01-27 10:04 86,126 a--sh--- c:\windows\system32\ragehage.dll
2009-01-27 09:45 133,306 a--sh--- c:\windows\system32\vobulofo.dll
2009-01-27 09:45 86,313 a--sh--- c:\windows\system32\papewohu.dll
2009-01-27 09:45 100,572 a--sh--- c:\windows\system32\kamezuzi.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-04 09:38 1,901 a------- c:\windows\panose.bin
2008-10-18 18:24 2,828 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-10-18 18:24 88 ---shr-- c:\docume~1\alluse~1\applic~1\A622D2D867.sys
2008-05-17 09:15 0 a------- c:\program files\temp01
2005-04-19 18:52 149 a------- c:\program files\INSTALL.LOG
0000-00-00 00:00 69,892 a--sh--- c:\windows\system32\ribigode.dll
0000-00-00 00:00 69,892 a--sh--- c:\windows\system32\rubufofu.dll
0000-00-00 00:00 69,892 a--sh--- c:\windows\system32\tekumubu.dll
2008-08-23 14:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 10:51:02.48 ===============

Attached Files


Edited by Orange Blossom, 27 January 2009 - 08:21 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:40 PM

Posted 28 January 2009 - 06:14 AM

Hi,

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually this doesn't suprise me at all...

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Dave Marsh

Dave Marsh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 28 January 2009 - 02:13 PM

miekiemoes,

Thanks for the quick reply. Here is an update. But I have two questions first.

One:

I have a data backup of relevant data files and use Norton Ghost to backup the data - docs, mp3, itunes, etc. If I run a Norton Ghost backup on the data files today to create a current version what is the likely hood that I will re-introduce the problems onto a clean system after a rebuild? As an alternate to Norton Ghost onto the portable HD I could FTP copies of the files onto one of my Linux machines.

I don't have a problem re-building this machine. Its been running XP since 2003 and would be much happier after a complete re-build. If you think that the data won't re-infect a new build then perhaps the best use of your and my time is for me to do a current data backup and rebuild this machine.

Two:

Do you know the nature of the virus that I am dealing with?

Back to your instructions:

Avira has been installed and setup with current definitions. - Note I was running this before installing windows defender about 6 months back.

>>* Please install Avira Antivirus: http://www.free-av.com/
>>This is a free Antivirus.

Done.

>> Perform a full scan with Avira and let it delete everything it is finding.

Done. - Some warnings but no reports of deletions.

>> Then reboot.
>> After reboot, open your Avira and select "reports".
>> There doubleclick the report from the Full scan you have done.
>> Click the "Report File" button and copy and paste this report in your next reply

See below.

>> together with a new HijackThislog.

After the Avira Report.



Avira AntiVir Personal
Report file date: 28 January 2009 12:04

Scanning for 1293555 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MARSH_LAPTOP

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 1/14/2009 17:02:03
ANTIVIR2.VDF : 7.1.1.172 958464 Bytes 1/23/2009 17:02:19
ANTIVIR3.VDF : 7.1.1.195 301568 Bytes 1/28/2009 17:02:24
Engineversion : 8.2.0.60
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 16:05:56
AESCRIPT.DLL : 8.1.1.32 340347 Bytes 1/28/2009 17:02:51
AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 21:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38
AEPACK.DLL : 8.1.3.5 393588 Bytes 1/28/2009 17:02:48
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 1/28/2009 17:02:44
AEHEUR.DLL : 8.1.0.86 1552759 Bytes 1/28/2009 17:02:42
AEHELP.DLL : 8.1.2.0 119159 Bytes 1/28/2009 17:02:31
AEGEN.DLL : 8.1.1.10 323957 Bytes 1/28/2009 17:02:29
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 1/28/2009 17:02:26
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 28 January 2009 12:04

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'AdobeUpdater.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'lxcecoms.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RAMASST.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process '00THotkey.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'ezprint.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'lxcemon.exe' - '1' Module(s) have been scanned
Scan process 'lxdjamon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'VProTray.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'stacmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'TouchED.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'VProSvc.exe' - '1' Module(s) have been scanned
Scan process 'lxdjcoms.exe' - '1' Module(s) have been scanned
Scan process 'CommandService.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
60 processes with 60 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '75' files ).


Starting the file scan:

Begin scan in 'C:\' <S3A1684D001>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OP23GHUJ\mscmisc[1].cab
[0] Archive type: CAB (Microsoft)
--> McMscVer.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{58837669-1590-4B2B-A336-32AC0731AEC9}\RP617\A0193288.exe
[0] Archive type: NSIS
--> ProgramFilesDir/dotnetfx.exe
[WARNING] The file could not be written!


End of the scan: 28 January 2009 13:13
Used time: 1:09:36 Hour(s)

The scan has been done completely.

11939 Scanning directories
490848 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
490846 Files not concerned
9728 Archives were scanned
4 Warnings
0 Notes


DDS (Ver_09-01-19.01) - NTFSx86
Run by Admin_User at 13:55:27.38 on 28/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.495.140 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin_User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = https://reg.knowledgeadventure.com/prodreg....Email%20Address
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {67e4b1f6-9b47-48c8-a468-16494ad8ae57} - c:\windows\system32\ljJBtrqP.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\jkkJbcDT.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7dea8b50-aab0-43b3-9f19-0071719d45ee} - c:\windows\system32\tekumubu.dll
BHO: {cd41fce0-baae-40d6-a0af-47b8fa84e59c} - c:\windows\system32\ribigode.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LXCECATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCEtime.dll,_RunDLLEntry@16
mRun: [LXDJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDJtime.dll,_RunDLLEntry@16
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [TFNF5] TFNF5.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [NoteBurner] c:\program files\noteburner\VTBurnerGUI.exe /silence
mRun: [Norton Ghost 12.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [lxdjmon.exe] "c:\program files\lexmark 1400 series\lxdjmon.exe"
mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe"
mRun: [lxcemon.exe] "c:\program files\lexmark 4300 series\lxcemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 4300 series\ezprint.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [gomahutapa] Rundll32.exe "c:\windows\system32\tekumubu.dll",s
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [CPM17440692] Rundll32.exe "c:\windows\system32\bikuhagu.dll",a
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax\2007\ic2007pp.dll
Notify: igfxcui - igfxsrvc.dll
Notify: jkkJbcDT - jkkJbcDT.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
AppInit_DLLs: c:\windows\system32\rubufofu.dll c:\windows\system32\kamezuzi.dll c:\docume~1\alluse~1\applic~1\jineboka\jineboka.dll c:\windows\system32\ribigode.dll c:\windows\system32\bikuhagu.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bikuhagu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\bikuhagu.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\jkkJbcDT.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ljJBtrqP
LSA: Notification Packages = scecli c:\windows\system32\rubufofu.dll c:\windows\system32\ribigode.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin_user\application data\mozilla\firefox\profiles\agkorej1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\mozilla firefox\plugins\npvirtools.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-28 11840]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-28 52032]
R4 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-28 68865]
R4 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-28 151297]
R4 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-4-7 14336]
R4 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2008-11-25 991232]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2004-4-7 46108]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-26 18560]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-17 33752]

=============== Created Last 30 ================

2009-01-28 11:59 <DIR> --d----- c:\program files\Avira
2009-01-28 11:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-01-28 09:57 1,493,299 ---sh--- c:\windows\system32\etupepar.ini
2009-01-28 09:57 133,290 a--sh--- c:\windows\system32\myhwbb.dll
2009-01-27 13:55 133,229 a--sh--- c:\windows\system32\sxtqrm.dll
2009-01-27 13:55 1,496,280 ---sh--- c:\windows\system32\imahogej.ini
2009-01-27 13:49 2,148 a------- c:\windows\system32\wpa.dbl
2009-01-27 13:26 <DIR> --d----- C:\Inetpub
2009-01-20 13:14 <DIR> --d----- c:\program files\LEGO Company
2009-01-01 08:56 <DIR> --d----- c:\program files\iPod
2009-01-01 08:56 <DIR> --d----- c:\program files\iTunes
2009-01-01 08:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-01 08:54 <DIR> --d----- c:\program files\Bonjour
2009-01-01 08:50 32,000 a------- c:\windows\system32\drivers\usbaapl.sys

==================== Find3M ====================

2009-01-28 10:02 100,151 a------- c:\windows\system32\bikuhagu.dll
2009-01-28 09:57 133,290 a--sh--- c:\windows\system32\nawowami.dll
2009-01-28 09:57 86,237 a--sh--- c:\windows\system32\rapepute.dll
2009-01-27 13:55 133,229 a--sh--- c:\windows\system32\penigusa.dll
2009-01-27 13:55 100,623 a--sh--- c:\windows\system32\fidofepu.dll
2009-01-27 13:55 86,189 a--sh--- c:\windows\system32\jegohami.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-04 09:38 1,901 a------- c:\windows\panose.bin
2008-10-18 18:24 2,828 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-10-18 18:24 88 ---shr-- c:\docume~1\alluse~1\applic~1\A622D2D867.sys
2008-05-17 09:15 0 a------- c:\program files\temp01
2005-04-19 18:52 149 a------- c:\program files\INSTALL.LOG
0000-00-00 00:00 69,892 a--sh--- c:\windows\system32\ribigode.dll
0000-00-00 00:00 69,892 a--sh--- c:\windows\system32\tekumubu.dll
2008-08-23 14:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 13:57:54.12 ===============

Attached Files



#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:40 PM

Posted 28 January 2009 - 02:56 PM

Hi,

I have a data backup of relevant data files and use Norton Ghost to backup the data - docs, mp3, itunes, etc. If I run a Norton Ghost backup on the data files today to create a current version what is the likely hood that I will re-introduce the problems onto a clean system after a rebuild? As an alternate to Norton Ghost onto the portable HD I could FTP copies of the files onto one of my Linux machines.

The malware you are dealing with doesn't affect docs, mp3 files; pictures etc.. so that's OK.
It's always a good idea to back up your data once in a while though.

In anyway, a rebuild is not really needed here - this all depends how malware removal goes and how things are running afterwards.

Do you know the nature of the virus that I am dealing with?

Ehm, you are dealing with several different malware variants. Trojans, backdoors, adware, spyware etc etc.
This because the malware that was installed was actually a malware bundle which downloaded and installed more different malware all the time.
Keep in mind to change all your passwords once we are done here, because they may be known.

Anyway, do next please..

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Dave Marsh

Dave Marsh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 28 January 2009 - 06:29 PM

Here is the log from ComboFix:

I also completed a data backup before running ComboFix.
It looks like I also did a full system ghost about 5 months back.

ComboFix 09-01-21.04 - Admin_User 2009-01-28 18:00:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.495.179 [GMT -5:00]
Running from: c:\documents and settings\Admin_User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin_User\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\INSTALL.LOG
c:\program files\MyWebSearch
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\system32\bikuhagu.dll
c:\windows\system32\Cache
c:\windows\system32\etupepar.ini
c:\windows\system32\fidofepu.dll
c:\windows\system32\imahogej.ini
c:\windows\system32\jegohami.dll
c:\windows\system32\myhwbb.dll
c:\windows\system32\nawowami.dll
c:\windows\system32\penigusa.dll
c:\windows\system32\rapepute.dll
c:\windows\system32\ribigode.dll
c:\windows\system32\sxtqrm.dll
c:\windows\system32\tekumubu.dll
c:\windows\Tasks\zelmctta.job

----- BITS: Possible infected sites -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
.

2009-01-28 18:14 . 2009-01-28 18:14 <DIR> d-------- c:\windows\LastGood
2009-01-28 14:26 . 2009-01-28 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-01-28 14:25 . 2009-01-28 14:25 <DIR> d-------- c:\program files\Common Files\iS3
2009-01-28 14:25 . 2009-01-28 16:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-01-28 11:59 . 2009-01-28 11:59 <DIR> d-------- c:\program files\Avira
2009-01-28 11:59 . 2009-01-28 11:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-27 13:49 . 2009-01-28 18:13 2,148 --a------ c:\windows\system32\wpa.dbl
2009-01-27 13:26 . 2009-01-27 13:27 <DIR> d-------- C:\Inetpub
2009-01-20 13:14 . 2009-01-20 13:14 <DIR> d-------- c:\program files\LEGO Company
2009-01-20 13:14 . 2009-01-20 13:14 <DIR> d-------- c:\documents and settings\Lynne\Application Data\LEGO Company
2009-01-20 12:17 . 2009-01-20 12:17 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-01 08:56 . 2009-01-01 08:57 <DIR> d-------- c:\program files\iTunes
2009-01-01 08:56 . 2009-01-01 08:56 <DIR> d-------- c:\program files\iPod
2009-01-01 08:56 . 2009-01-01 08:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-01 08:54 . 2009-01-01 08:54 <DIR> d-------- c:\program files\Bonjour
2009-01-01 08:52 . 2009-01-01 08:53 <DIR> d-------- c:\program files\QuickTime
2009-01-01 08:51 . 2009-01-01 08:51 <DIR> d-------- c:\program files\Apple Software Update
2009-01-01 08:50 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 16:39 --------- d-----w c:\documents and settings\Dave\Application Data\OpenOffice.org2
2009-01-27 18:25 --------- d-----w c:\program files\Toshiba
2009-01-27 18:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-27 18:22 --------- d-----w c:\program files\IKEA HomePlanner
2009-01-27 18:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-27 18:21 --------- d-----w c:\program files\Busytown
2009-01-26 20:02 --------- d-----w c:\documents and settings\Lynne\Application Data\OpenOffice.org2
2009-01-19 22:04 --------- d-----w c:\documents and settings\NetworkService\Application Data\FaxCtr
2009-01-02 23:33 --------- d-----w c:\documents and settings\Lynne\Application Data\Apple Computer
2009-01-02 20:04 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-02 20:00 --------- d-----w c:\program files\Norton Security Scan
2009-01-01 14:39 --------- d-----w c:\documents and settings\Dave\Application Data\Apple Computer
2009-01-01 14:02 --------- d-----w c:\documents and settings\Dave\Application Data\iPodder
2008-12-26 18:04 --------- d-----w c:\program files\LeapFrog
2008-12-26 18:04 --------- d-----w c:\program files\DIFX
2008-12-26 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\Leapfrog
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 18:34 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-04 14:38 1,901 ----a-w c:\windows\panose.bin
2008-10-18 23:24 88 --sh--r c:\documents and settings\All Users\Application Data\A622D2D867.sys
2008-10-18 23:24 2,828 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-05-17 14:15 0 ----a-w c:\program files\temp01
2008-08-23 19:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-03-22 69632]
"LXDJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [2007-02-09 102400]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-05 20480]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-03-22 192512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-01-26 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-01-26 118784]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-03-16 299008]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-02-15 61440]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-26 118843]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2004-02-25 16:12 258048]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TPSMain"="TPSMain.exe" [2004-03-03 c:\windows\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\Dave\Start Menu\Programs\Startup\
iPodder.lnk - c:\program files\iPodder\iPodder.exe [2005-06-20 40960]

c:\documents and settings\Lynne\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-04-07 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 16:49 110592 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MSFtpsvc"=2 (0x2)
"mnmsrvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFSServW.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdjcoms.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\App4R.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R4 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-11-25 991232]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2004-04-07 46108]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-26 18560]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-17 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-16 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]

2009-01-28 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SmartDraw 2009\Messages\SDNotify.exe [2008-08-11 06:29]
.
- - - - ORPHANS REMOVED - - - -

BHO-{67E4B1F6-9B47-48C8-A468-16494AD8AE57} - c:\windows\system32\ljJBtrqP.dll
BHO-{7dea8b50-aab0-43b3-9f19-0071719d45ee} - c:\windows\system32\tekumubu.dll
BHO-{cd41fce0-baae-40d6-a0af-47b8fa84e59c} - c:\windows\system32\ribigode.dll
HKLM-Run-NoteBurner - c:\program files\NoteBurner\VTBurnerGUI.exe
HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe
HKLM-Run-TFNF5 - TFNF5.exe
MSConfigStartUp-CPM17440692 - c:\windows\system32\fidofepu.dll
MSConfigStartUp-gomahutapa - c:\windows\system32\ribigode.dll


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = https://reg.knowledgeadventure.com/prodreg....Email%20Address
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax\2007\ic2007pp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin_User\Application Data\Mozilla\Firefox\Profiles\agkorej1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 18:15:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
LXDJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\windows\System32\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\lxdjcoms.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\lxcecoms.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-28 18:18:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-28 23:18:19

Pre-Run: 20,291,719,168 bytes free
Post-Run: 20,355,280,896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

244 --- E O F --- 2009-01-26 17:50:18

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:40 PM

Posted 29 January 2009 - 02:53 AM

Hi,

This looks OK again. Just a little regfix we have to do to restore some security settings..

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Then, Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 11.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • For Platform, select "Windows"
  • For language, select your language
  • Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • Java™ 6 Update 5
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Dave Marsh

Dave Marsh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 29 January 2009 - 12:28 PM

Thank you.

I completed the above instructions successfully.

Everything that I could see is now gone so that much is very promising. I will use the machine normally over the next few days and post back any findings within the week.

Again, thanks.

Dave

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:40 PM

Posted 29 January 2009 - 12:32 PM

Glad I could help. :thumbup2:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Dave Marsh

Dave Marsh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 02 February 2009 - 11:41 AM

Thanks for all of your help. The system is behaving normally again and I'll follow-up on your suggestions.

Much appreciated,

Dave

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:40 PM

Posted 02 February 2009 - 11:57 AM

You're most welcome :thumbup2:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:40 PM

Posted 05 February 2009 - 07:01 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users