Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with vundo, backdoor.bot


  • This topic is locked This topic is locked
15 replies to this topic

#1 shivna

shivna

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 03 February 2009 - 09:16 PM

Hi,

The infections, as i am not sure which ones, hare causing my computer to become slow. Every time i try to remove it with either CA antivirus or Malewarebtyes Anti-Maleware, it seems to come back. Right now i cannot access the internet on my computer, im using a laptop, to seek help and everytime i try to connect, the infection kills the connection. I try to update AVG anti virus but no go.

DDS file
______________________________________--


DDS (Ver_09-02-01.01) - NTFSx86
Run by User at 21:03:08.95 on Tue 02/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1410 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: eTrust EZ Antivirus *On-access scanning enabled* (Outdated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCASharedComponentsHIPSEngineUmxCfg.exe
C:Program FilesCASharedComponentsHIPSEngineUmxFwHlp.exe
C:Program FilesCASharedComponentsHIPSEngineUmxPol.exe
C:Program FilesCASharedComponentsHIPSEngineUmxAgent.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCAeTrust Internet Security SuiteeTrust EZ AntivirusISafe.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
svchost.exe "C:WINDOWSsystem32advapi32n.exe"
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSusbservice.exe
C:Program FilesCAeTrust Internet Security SuiteeTrust EZ AntivirusVetMsg.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSExplorer.EXE
C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfsem.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesLexmark 5200 serieslxbtbmgr.exe
C:Program FilesLexmark 5200 serieslxbtbmon.exe
C:Program FilesCAeTrust Internet Security SuiteeTrust EZ AntivirusCAVRID.exe
C:Program FilesWindows LiveFamily Safetyfssui.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesiTunesiTunesHelper.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAIM6aim6.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesiPodbiniPodService.exe
C:PROGRA~1Microsoft ActiveSyncrapimgr.exe
C:Documents and SettingsUserLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:Program FilesAIM6aolsoftware.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesResearch In MotionBlackBerryDesktopMgr.exe
C:Program FilesStardockObjectDockObjectDock.exe
C:Program FilesCommon FilesResearch In MotionRIMDeviceManagerRIMDeviceManager.exe
C:Program FilesCommon FilesResearch In MotionUSB DriversBbDevMgr.exe
C:Program FilesCommon FilesLogitechKhalSharedKHALMNPR.EXE
C:WINDOWSsystem32msfeedssync.exe
C:Program FilesAVGAVG8avgui.exe
C:Documents and SettingsUserDesktopdds.scr
C:DOCUME~1UserDesktopdds.scr
C:Documents and SettingsUserDesktopdds.scr
C:WINDOWSsystem32findstr.exe

============== Pseudo HJT Report ===============

mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:progra~1yahoo!companioninstallscpnyt.dll
BHO: NoExplorer - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg8avgssie.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:program fileswindows live toolbarmsntb.dll
BHO: NoExplorer - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogletoolbar2.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:program fileswindows live toolbarmsntb.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:program filescaca internet security suiteca website inspectortoolbarCallingIDIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:progra~1yahoo!companioninstallscpnyt.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:progra~1flashgetfgiebar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:program filesveoh networksveohwebplayerVeohIEToolbar.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [Aim6] "c:program filesaim6aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe
uRun: [EasyLinkAdvisor] "c:program fileslinksys easylink advisorLinksysAgent.exe" /startup
uRun: [msnmsgr] "c:program fileswindows livemessengermsnmsgr.exe" /background
uRun: [H/PC Connection Agent] "c:program filesmicrosoft activesyncwcescomm.exe"
uRun: [VeohPlugin] "c:program filesveoh networksveohwebplayerveohwebplayer.exe"
uRun: [Yahoo! Pager] "c:program filesyahoo!messengerYahooMessenger.exe" -quiet
uRun: [Google Update] "c:documents and settingsuserlocal settingsapplication datagoogleupdateGoogleUpdate.exe" /c
uRun: [Skype] "c:program filesskypephoneSkype.exe" /nosplash /minimized
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [RegistryMechanic] c:program filesregistry mechanicRegMech.exe /S
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Lexmark 5200 series] "c:program fileslexmark 5200 serieslxbtbmgr.exe"
mRun: [LXBTCATS] rundll32 c:windowssystem32spooldriversw32x863LXBTtime.dll,_RunDLLEntry@16
mRun: [FaxCenterServer] "c:program fileslexmark fax solutionsfm3032.exe" /s
mRun: [<NO NAME>]
mRun: [CAVRID] "c:program filescaetrust internet security suiteetrust ez antivirusCAVRID.exe"
mRun: [fssui] "c:program fileswindows livefamily safetyfssui.exe" -autorun
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Turbo Memory] c:program filespc washerPC Turbo Memory.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [Secure System Restorese32] w32usb.exe
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
mRunServices: [System] explorer.exe
dRun: [System] explorer.exe
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
dRunServices: [System] explorer.exe
StartupFolder: c:docume~1userstartm~1programsstartupdesktop manager.lnk - c:program filesresearch in motionblackberryDesktopMgr.exe
StartupFolder: c:docume~1userstartm~1programsstartupstardock objectdock.lnk - c:program filesstardockobjectdockObjectDock.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuplogitech desktop messenger.lnk - c:program fileslogitechdesktop messenger8876480programLogitechDesktopMessenger.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuplogitech setpoint.lnk - c:program fileslogitechsetpointSetPoint.exe
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &Windows Live Search - c:program fileswindows live toolbarmsntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download All by FlashGet - c:program filesflashgetjc_all.htm
IE: Download using FlashGet - c:program filesflashgetjc_link.htm
IE: E&xport to Microsoft Excel - c:progra~1micros~1office12EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:progra~1flashgetflashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~1office12ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:progra~1microsoft activesyncINetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:progra~1microsoft activesyncINetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:program filesyahoo!commonyiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~1office12REFIEBAR.DLL
LSP: c:windowssystem32VetRedir.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:program fileslogitechdesktop messenger8876480programGAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSkype4COM.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:program filescommon fileslogitechbluetoothLBTWlgn.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - Groove GFS Stub Execution Hook
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:program filescaca internet security suiteca website inspectorlinkadvisorCIDLinkAdvisor.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1userapplic~1mozillafirefoxprofiles8lxpbzre.default
FF - prefs.js: browser.startup.homepage - hxxp://www.animenewsnetwork.com/
FF - component: c:documents and settingsuserapplication datamozillafirefoxprofiles8lxpbzre.defaultextensionspiclens@cooliris.comcomponentscoolirisstub.dll
FF - component: c:program filescaca internet security suiteca website inspectorlinkadvisorfirefoxcomponentsCallingIDLinkAdvisorGecko.dll
FF - component: c:program filescaca internet security suiteca website inspectortoolbarfirefoxcomponentsCIDDomFx3.dll
FF - component: c:program filesmozilla firefoxcomponentsiamfamous.dll
FF - plugin: c:documents and settingsuserlocal settingsapplication datagoogleupdate1.2.133.33npGoogleOneClick7.dll
FF - plugin: c:program filesk-lite codec packrealbrowserpluginsnppl3260.dll
FF - plugin: c:program filesk-lite codec packrealbrowserpluginsnprpjplug.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpmozax.dll
FF - plugin: c:program filesmozilla firefoxpluginsNPUploader.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpViewpoint.dll
FF - plugin: c:program filesveoh networksveohwebplayerNPVeohTVPlugin.dll
FF - plugin: c:program filesveoh networksveohwebplayernpWebPlayerVideoPluginATL.dll
FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll
FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint_03050024.dll

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');
============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:windowssystem32driversKmxStart.sys [2008-6-24 93712]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-2-3 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2009-2-3 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [2009-2-3 107272]
R1 KmxAgent;KmxAgent;c:windowssystem32driversKmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:windowssystem32driversKmxFile.sys [2008-6-24 45584]
R1 VET-FILT;VET File System Filter;c:windowssystem32driversvet-filt.sys [2008-2-7 26352]
R1 VET-REC;VET File System Recognizer;c:windowssystem32driversvet-rec.sys [2008-2-7 21104]
R1 VETEFILE;VET File Scan Engine;c:windowssystem32driversvetefile.sys [2008-2-7 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:windowssystem32driversvetfddnt.sys [2008-2-7 21488]
R1 VETMONNT;VET File Monitor;c:windowssystem32driversvetmonnt.sys [2008-2-7 32240]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1avgavg8avgwdsvc.exe [2009-2-3 298264]
R2 CAISafe;CAISafe;c:program filescaetrust internet security suiteetrust ez antivirusisafe.exe [2008-2-7 144696]
R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr.sys [2007-12-17 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:program fileswindows livefamily safetyfsssvc.exe [2007-12-17 523816]
R2 KmxCF;KmxCF;c:windowssystem32driversKmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:windowssystem32driversKmxSbx.sys [2008-6-24 66576]
R2 UmxAgent;HIPS Event Manager;c:program filescasharedcomponentshipsengineUmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:program filescasharedcomponentshipsengineUmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:program filescasharedcomponentshipsengineUmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:program filescaetrust internet security suiteetrust ez antivirusvetmsg.exe [2008-2-7 255216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesviewpointcommonViewpointService.exe [2007-11-7 24652]
R3 KmxCfg;KmxCfg;c:windowssystem32driversKmxCfg.sys [2008-6-24 88816]
R3 sysdrv32;Play Port I/O Driver;c:windowssystem32driverssysdrv32.sys [2009-2-3 11656]
R3 VETEBOOT;VET Boot Scan Engine;c:windowssystem32driversveteboot.sys [2008-2-7 108368]
S1 KmxFw;KmxFw;c:windowssystem32driversKmxFw.sys [2008-6-24 115216]
S2 NetDDEIDriverT;Network DDE NetDDEIDriverT;c:windowssystem32advapi32n.exe srv --> c:windowssystem32advapi32n.exe srv [?]
S2 TrkWksERSvc;Distributed Link Tracking Client TrkWksERSvc;c:windowssystem323076h.exe srv --> c:windowssystem323076h.exe srv [?]
S2 Usb Service 2.0;Usb Service 2.0;c:windowsusbservice.exe [2009-2-3 159744]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;??c:windowssystem32driversnsdriver.sys --> c:windowssystem32driversNSDriver.sys [?]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;??c:windowssystem32driversawrtpd.sys --> c:windowssystem32driversAWRTPD.sys [?]
S3 DADriv1;DADriv1;??c:docume~1userlocals~1temprar$ex00.719daenginedak32.sys --> c:docume~1userlocals~1temprar$ex00.719daengineDAK32.sys [?]
S3 Revolution1;Revolution1;??c:docume~1userlocals~1temprar$ex44.468revolution engine 6.2shak3.sys --> c:docume~1userlocals~1temprar$ex44.468revolution engine 6.2SHAK3.sys [?]
S3 XDva039;XDva039;??c:windowssystem32xdva039.sys --> c:windowssystem32XDva039.sys [?]
S3 XDva090;XDva090;??c:windowssystem32xdva090.sys --> c:windowssystem32XDva090.sys [?]

=============== Created Last 30 ================

2009-02-03 20:59 11,656 a------- c:windowssystem32driverssysdrv32.sys
2009-02-03 20:51 10,520 a------- c:windowssystem32avgrsstx.dll
2009-02-03 20:51 107,272 a------- c:windowssystem32driversavgtdix.sys
2009-02-03 20:51 325,128 a------- c:windowssystem32driversavgldx86.sys
2009-02-03 20:51 <DIR> --d----- c:windowssystem32driversAvg
2009-02-03 20:51 <DIR> --d----- c:program filesAVG
2009-02-03 20:50 <DIR> --d----- c:docume~1alluse~1applic~1avg8
2009-02-03 20:42 578,560 a------- c:windowssystem32user32.DLL.vet
2009-02-03 18:59 0 a------- c:windowswinsock32.exe
2009-02-03 18:58 0 a------- c:windowswin32.exe
2009-02-03 18:32 159,744 ---shr-- c:windowsusbservice.exe
2009-02-02 17:24 192,001 ---shr-- c:windowssystem32explorer.exe
2009-02-02 15:45 827 a------- c:windowssystem32win32hlp.cnf
2009-02-02 15:45 301 a------- c:windowssystem32test.ttt
2009-02-02 15:45 1 a------- c:windowssystem32uniq.tll
2009-02-02 15:44 26,112 a------- c:windowssystem32303378.exe
2009-02-02 14:59 23,040 a--sh--- c:windowssystem32actxprxyp.dll
2009-02-02 14:58 37,376 ---shr-- c:windowssystem32advapi32n.exe
2009-02-02 14:58 0 a------- c:windowsmqcd.dbt
2009-02-02 14:56 1,493,528 a------- c:windowssystem32D3DCompiler_39.dll
2009-02-02 14:56 467,984 a------- c:windowssystem32d3dx10_39.dll
2009-02-02 14:56 238,088 a------- c:windowssystem32xactengine3_2.dll
2009-02-02 14:56 3,851,784 a------- c:windowssystem32D3DX9_39.dll
2009-02-02 14:52 4 a------- c:windowssystem32gaopdxcounter
2009-01-26 22:24 <DIR> --dsh--- c:documents and settingsuserPrivacIE
2009-01-26 20:56 <DIR> --d----- c:docume~1userapplic~1Malwarebytes
2009-01-26 20:56 15,504 a------- c:windowssystem32driversmbam.sys
2009-01-26 20:56 38,496 a------- c:windowssystem32driversmbamswissarmy.sys
2009-01-26 20:56 <DIR> --d----- c:docume~1alluse~1applic~1Malwarebytes
2009-01-26 20:56 <DIR> --d----- c:program filesMalwarebytes' Anti-Malware
2009-01-25 11:49 81,920 a------- c:windowssystem32ieencode.dll
2009-01-25 11:49 81,920 a------- c:windowssystem32dllcacheieencode.dll
2009-01-25 11:45 <DIR> --d----- C:2a47253678b337d1dee128
2009-01-25 02:19 23,576 a------- c:windowssystem32wuapi.dll.mui
2009-01-14 19:31 <DIR> --d----- c:program filesFiraxis Games
2009-01-10 01:04 3 a------- c:windowssbacknt.bin
2009-01-10 01:04 152,904 a------- c:windowssystem32vghd.scr
2009-01-10 01:04 <DIR> --d----- c:program filesvghd
2009-01-10 01:04 <DIR> --d----- c:docume~1userapplic~1vghd
2009-01-09 17:32 <DIR> --d----- c:docume~1userapplic~1Crayon Physics Deluxe
2009-01-09 17:32 <DIR> --d----- c:program filesCrayon Physics Deluxe

==================== Find3M ====================

2009-02-03 19:48 513,150 a------- c:windowssystem32driverskmxcfg.u2k0
2009-02-03 19:48 64 a------- c:windowssystem32driverskmxcfg.u2k7
2009-02-03 19:48 64 a------- c:windowssystem32driverskmxcfg.u2k6
2009-02-03 19:48 64 a------- c:windowssystem32driverskmxcfg.u2k5
2009-02-03 19:48 64 a------- c:windowssystem32driverskmxcfg.u2k4
2009-02-03 19:48 64 a------- c:windowssystem32driverskmxcfg.u2k3
2009-02-03 19:48 64 a------- c:windowssystem32driverskmxcfg.u2k2
2009-02-03 19:48 64 a------- c:windowssystem32driverskmxcfg.u2k1
2009-02-02 15:45 125,440 a------- c:windowssystem32userinit.exe
2009-02-02 14:57 118,784 ---shr-- c:windowsw32usb.exe
2009-02-02 14:57 578,560 a------- c:windowssystem32dllcacheuser32.dll
2009-02-02 14:57 578,560 -------- c:windowssystem32user32.DLL
2009-02-02 14:57 37,376 ---shr-- c:windowssystem323076h.exe
2008-12-30 15:24 91,376 a------- c:windowssystem32isafprod.dll
2008-12-30 15:24 32,240 a------- c:windowssystem32driversvetmonnt.sys
2008-12-30 15:24 26,352 a------- c:windowssystem32driversvet-filt.sys
2008-12-30 15:24 21,488 a------- c:windowssystem32driversvetfddnt.sys
2008-12-30 15:24 21,104 a------- c:windowssystem32driversvet-rec.sys
2008-11-30 01:21 410,976 a------- c:windowssystem32deploytk.dll
2008-05-10 11:34 32,768 ac-sh--- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012008051020080511index.dat

============= FINISH: 21:03:32.48 ===============

My most recent mbam log
________________________________________

Malwarebytes' Anti-Malware 1.33
Database version: 1697
Windows 5.1.2600 Service Pack 2

2/3/2009 7:47:46 PM
mbam-log-2009-02-03 (19-47-46).txt

Scan type: Full Scan (C:|)
Objects scanned: 171057
Time elapsed: 39 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 6
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicessysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstallms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunms antispyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunmicrosoft windows automatic update (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Trojan.Agent) -> Data: c:windowssystem32userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Trojan.Agent) -> Data: system32userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
C:Documents and SettingsAll UsersApplication DataCrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataCrucialSoft LtdMS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataCrucialSoft LtdMS AntiSpyware 2009BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataCrucialSoft LtdMS AntiSpyware 2009DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataCrucialSoft LtdMS AntiSpyware 2009LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataCrucialSoft LtdMS AntiSpyware 2009SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:WINDOWSsystem32driverssysdrv32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataCrucialSoft LtdMS AntiSpyware 2009msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataCrucialSoft LtdMS AntiSpyware 2009LOG20090203185805203.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:WINDOWSsystem32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSkernel32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:RECYCLERS-1-5-21-2028097992-9446265146-573931947-5195mwau.exe (Trojan.Agent) -> Delete on reboot.

Merged posts. ~ OB

Edited by Orange Blossom, 03 February 2009 - 10:10 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 05 February 2009 - 05:04 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 shivna

shivna
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 05 February 2009 - 05:14 PM

ok i ran combo fix and had to do it in safe mode since something kept killing my connection. After i ran it, in safe mode, it went through and combo fix had detected rootkit activity at
c:\windows\system32\drivers\senekavgrqmsxw.dll
c:\windows\system32\senekavpwodytd.dat
c:\windows\system32\senekaoyojmomx.dll
c:\windows\system32\senekasulydwco.dll
c:\windows\system32\senekahwhtmlpm.dat

Also after it had finished, there were still the problems of my internet connection being killed off and my mouse keep acting like there is a program about to start up. I do not know is this is important, but i had recently did an update from Microsoft and they had installed IE8 beta.

Here is the log from combo fix
________________________________________

ComboFix 09-02-05.01 - User 2009-02-05 16:43:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1645 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\303378.exe
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekakvaodqsd.sys
c:\windows\system32\drivers\sysdrv32.sys
c:\windows\system32\explorer.exe
c:\windows\system32\rlxf.dll
c:\windows\system32\senekahwhtmlpm.dat
c:\windows\system32\senekaoyojmomx.dll
c:\windows\system32\senekasulydwco.dll
c:\windows\system32\senekavgrqmsxw.dll
c:\windows\system32\senekavpwodytd.dat
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\Tasks\nhbgkimh.job
c:\windows\wiaserviv.log
c:\windows\win32.exe
c:\windows\winsock32.exe

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA
-------\Legacy_ISODRIVE
-------\Legacy_SYSDRV32
-------\Legacy_TRKWKSERSVC
-------\Service_ISODrive
-------\Service_sysdrv32
-------\Service_TrkWksERSvc


((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))
.

2009-02-05 16:54 . 2009-02-05 16:54 77,867 --a------ C:\v2.exe
2009-02-05 16:21 . 2009-02-05 16:33 <DIR> d-------- C:\ComboFix
2009-02-04 14:42 . 2009-02-04 15:38 41,003 --a------ c:\windows\amin.exe
2009-02-04 14:42 . 2009-02-04 15:38 41,003 --a------ C:\amin.exe
2009-02-03 21:14 . 2009-02-04 15:57 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-03 20:51 . 2009-02-03 20:51 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-03 20:51 . 2009-02-03 20:51 <DIR> d-------- c:\program files\AVG
2009-02-03 20:51 . 2009-02-03 20:51 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-03 20:51 . 2009-02-03 20:51 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-03 20:51 . 2009-02-03 20:51 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-03 20:50 . 2009-02-04 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-03 20:42 . 2009-02-02 14:57 578,560 --a------ c:\windows\system32\user32.DLL.vet
2009-02-03 18:32 . 2009-02-03 18:32 159,744 -r-hs---- c:\windows\usbservice.exe
2009-02-02 17:19 . 2009-02-02 17:19 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-02 14:59 . 2009-02-02 14:59 23,040 --ahs---- c:\windows\system32\actxprxyp.dll
2009-02-02 14:58 . 2009-02-02 14:58 37,376 -r-hs---- c:\windows\system32\advapi32n.exe
2009-02-02 14:58 . 2009-02-02 14:58 0 --a------ c:\windows\mqcd.dbt
2009-02-02 14:56 . 2008-07-10 11:00 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-02-02 14:56 . 2008-07-10 11:00 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2009-02-02 14:56 . 2008-07-10 11:01 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2009-02-02 14:56 . 2008-07-30 06:20 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2009-02-02 14:52 . 2009-02-02 15:29 4 --a------ c:\windows\system32\gaopdxcounter
2009-01-26 22:24 . 2009-01-26 22:24 <DIR> d--hs---- c:\documents and settings\User\PrivacIE
2009-01-26 20:56 . 2009-01-26 20:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-26 20:56 . 2009-01-26 20:56 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes
2009-01-26 20:56 . 2009-01-26 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 20:56 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 20:56 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-25 11:49 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-01-25 11:49 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- C:\2a47253678b337d1dee128
2009-01-25 02:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-01-14 19:31 . 2009-01-14 19:31 <DIR> d-------- c:\program files\Firaxis Games
2009-01-10 01:04 . 2009-01-10 11:39 <DIR> d-------- c:\program files\vghd
2009-01-10 01:04 . 2009-01-10 01:08 <DIR> d-------- c:\documents and settings\User\Application Data\vghd
2009-01-10 01:04 . 2009-01-10 01:04 152,904 --a------ c:\windows\system32\vghd.scr
2009-01-10 01:04 . 2009-01-10 01:07 3 --a------ c:\windows\sbacknt.bin
2009-01-09 17:32 . 2009-01-31 11:55 <DIR> d-------- c:\program files\Crayon Physics Deluxe
2009-01-09 17:32 . 2009-01-09 17:34 <DIR> d-------- c:\documents and settings\User\Application Data\Crayon Physics Deluxe
2009-01-07 14:23 . 2009-01-07 17:13 <DIR> d-------- c:\documents and settings\Geeta\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 21:53 --------- d-----w c:\documents and settings\User\Application Data\Skype
2009-02-05 21:44 578,560 ----a-w c:\windows\system32\user32.dll.tmp
2009-02-04 21:45 --------- d-----w c:\program files\MozBackup
2009-02-04 20:37 --------- d-----w c:\documents and settings\All Users\Application Data\CA
2009-02-04 02:39 --------- d-----w c:\program files\Add Remove Pro
2009-02-03 23:44 --------- d-----w c:\documents and settings\User\Application Data\uTorrent
2009-02-03 21:30 --------- d-----w c:\program files\City of Heroes
2009-02-02 19:57 578,560 ----a-w c:\windows\system32\user32.dll
2009-02-02 19:57 578,560 ----a-w c:\windows\system32\dllcache\user32.dll
2009-02-02 19:57 118,784 --sh--r c:\windows\w32usb.exe
2009-01-31 02:31 --------- d-----w c:\documents and settings\User\Application Data\skypePM
2009-01-29 00:14 --------- d-----w c:\documents and settings\User\Application Data\Desktopicon
2009-01-25 22:55 --------- d-----w c:\program files\Lx_cats
2009-01-25 07:31 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-25 07:28 --------- d-----w c:\program files\Windows Live
2009-01-24 04:03 --------- d-----w c:\program files\9Dragons
2009-01-17 05:28 --------- d-----w c:\documents and settings\User\Application Data\LimeWire
2009-01-16 15:34 --------- d-----w c:\documents and settings\Geeta\Application Data\LimeWire
2009-01-15 00:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-07 15:53 --------- d-----w c:\documents and settings\Geeta\Application Data\CallingID
2008-12-30 20:25 --------- d-----w c:\documents and settings\LocalService\Application Data\CallingID
2008-12-30 20:18 --------- d-----w c:\program files\Lavasoft
2008-12-30 20:18 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-30 20:15 --------- d-----w c:\documents and settings\User\Application Data\GetRightToGo
2008-12-29 07:31 --------- d-----w c:\program files\Skype
2008-12-29 07:31 --------- d-----w c:\program files\Common Files\Skype
2008-12-29 07:31 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-24 21:06 --------- d-----w c:\program files\Google
2008-12-16 19:53 --------- d-----w c:\documents and settings\Geeta\Application Data\FaxCtr
2008-12-14 07:21 --------- d-----w c:\documents and settings\User\Application Data\SoundSpectrum
2008-12-14 07:18 --------- d-----w c:\program files\SoundSpectrum
2008-12-14 07:17 --------- d-----w c:\program files\Common Files\Real
2008-12-11 02:04 --------- d-----w c:\documents and settings\User\Application Data\MysteryStudio
2008-11-30 06:21 410,976 ----a-w c:\windows\system32\deploytk.dll
2007-10-20 01:15 24,192 ----a-w c:\documents and settings\Geeta\usbsermptxp.sys
2007-10-20 01:15 22,768 ----a-w c:\documents and settings\Geeta\usbsermpt.sys
2008-05-10 16:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051020080511\index.dat
.
file copied: c:\windows\system32\user32.dll -> c:\qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir ( 578560 bytes )
file copied: c:\windows\system32\user32.dll -> c:\qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir ( 578560 bytes )
Infected c:\windows\system32\user32.dll hex repaired


------- Sigcheck -------

2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtServicePackUninstall$\tcpip.sys
2007-08-30 17:29 360704 1157d0d6ba036fb9537d4cd81375b12c c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 14:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-13 14:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\system32\dllcache\tcpip.sys
2008-04-13 14:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-06 50528]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-09-27 3497208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-24 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"Microsoft Windows Automatic Update"="c:\recycler\S-1-5-21-9794534011-4781610398-116550065-7448\mwau.exe" [2009-02-05 90624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2006-10-30 2287152]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2004-03-23 294912]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"Turbo Memory"="c:\program files\PC Washer\PC Turbo Memory.exe" [2008-08-29 860160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-03 1601304]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
"Secure System Restorese32"="w32usb.exe" [2009-02-02 c:\windows\w32usb.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"System"="explorer.exe" [2008-04-13 c:\windows\explorer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"System"="explorer.exe" [2008-04-13 c:\windows\explorer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-04-22 c:\windows\system32\advpack.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"System"="explorer.exe" [2008-04-13 c:\windows\explorer.exe]

c:\documents and settings\Geeta\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-08 147456]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-10-21 3450608]

c:\documents and settings\User\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2006-09-07 1114217]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-10-21 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-07 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-08 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-03 20:51 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\User\\Desktop\\Stuff\\utorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\usbservice.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R?2 Usb Service 2.0;Usb Service 2.0;c:\windows\usbservice.exe [2009-02-03 159744]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-03 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-03 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-03 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2007-12-17 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-11-07 24652]
R3 sysdrv32;Play Port I/O Driver;\??\c:\windows\system32\drivers\sysdrv32.sys --> c:\windows\system32\drivers\sysdrv32.sys [?]
S2 NetDDEIDriverT;Network DDE NetDDEIDriverT;c:\windows\system32\advapi32n.exe srv --> c:\windows\system32\advapi32n.exe srv [?]
S3 DADriv1;DADriv1;\??\c:\docume~1\User\LOCALS~1\Temp\Rar$EX00.719\DAEngine\DAK32.sys --> c:\docume~1\User\LOCALS~1\Temp\Rar$EX00.719\DAEngine\DAK32.sys [?]
S3 Revolution1;Revolution1;\??\c:\docume~1\User\LOCALS~1\Temp\Rar$EX44.468\Revolution Engine 6.2\SHAK3.sys --> c:\docume~1\User\LOCALS~1\Temp\Rar$EX44.468\Revolution Engine 6.2\SHAK3.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SYSDRV32
.
Contents of the 'Scheduled Tasks' folder

2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1450960922-839522115-1003.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-24 00:29]

2008-07-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 11:01]

2009-02-05 c:\windows\Tasks\User_Feed_Synchronization-{0A070337-C45B-4BED-90CA-C092C2344080}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -

Notify-WBSrv - (no file)


.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8lxpbzre.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.animenewsnetwork.com/
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint_03050024.dll

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 16:53:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1177238915-1450960922-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:06,fd,9d,cd,fc,c1,9c,7d,0e,a8,26,64,3b,38,20,ee,18,69,df,61,ff,5f,20,
36,60,86,87,d9,c7,82,07,3e,fc,98,7c,47,fd,2d,33,91,9a,a0,4f,1f,43,b6,75,20,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1177238915-1450960922-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:11,e3,8f,b9,2a,65,23,e8,8d,1b,5b,72,58,36,f8,34,30,02,41,3d,96,
33,ee,d6,f0,d3,05,61,52,c6,0f,e9,80,57,8a,ef,6a,53,f1,9a,ad,4d,f3,6b,62,b8,\
"rkeysecu"=hex:6b,9b,72,a9,03,67,90,06,07,49,64,62,ac,71,e8,1e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Lexmark 5200 series\lxbtbmon.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\progra~1\Microsoft ActiveSync\rapimgr.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-02-05 16:55:52 - machine was rebooted [User]
ComboFix-quarantined-files.txt 2009-02-05 21:55:49

Pre-Run: 178,835,070,976 bytes free
Post-Run: 179,380,301,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

348

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 06 February 2009 - 01:46 AM

Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 shivna

shivna
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 08 February 2009 - 07:29 PM

I had read some where on another site that someone had a similar problem where they could not access the internet on their computer, only in safe mode like me. They said that it might be a bug or something in windows.

I have attached the gmer file

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 08 February 2009 - 11:25 PM

WARNING!
Looking at your system now, one or more of the identified infections is a backdoor Trojan. If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:

  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear




1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.bleepingcomputer.com/forums/index.php?showtopic=200479&view=findpost&p=1122991

KillAll::

Driver::
Usb Service 2.0
sysdrv32

Collect::
C:\v2.exe
c:\windows\amin.exe
C:\amin.exe
c:\windows\system32\user32.DLL.vet
c:\windows\usbservice.exe
c:\windows\system32\actxprxyp.dll
c:\windows\system32\advapi32n.exe
c:\windows\mqcd.dbt
c:\windows\system32\gaopdxcounter
c:\recycler\S-1-5-21-9794534011-4781610398-116550065-7448\mwau.exe
c:\windows\w32usb.exe
c:\windows\system32\drivers\sysdrv32.sys

RegLock::
[HKEY_USERS\S-1-5-21-1177238915-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Automatic Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Secure System Restorese32"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\usbservice.exe"=-

DirLook::

SysRst::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
**Note**

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • Simply follow the instructions to copy/paste/send the requested file.

Edited by fenzodahl512, 08 February 2009 - 11:26 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 shivna

shivna
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 12 February 2009 - 08:47 PM

Here is the combo fix log and the HJT log

Attached Files



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 13 February 2009 - 03:00 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"System"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"System"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"System"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 shivna

shivna
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 17 February 2009 - 12:37 AM

here is the new combof fix log and the HJT log.
It appears as if my internet seems to be working now in normal mode. I do not want to assume anything yet.

Attached Files



#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 17 February 2009 - 12:48 AM

Lets run an online scan to make sure we didn't miss anything else...


Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 shivna

shivna
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 17 February 2009 - 12:58 PM

here is the kaspersky scan report

Attached Files



#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 17 February 2009 - 01:05 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore

Then please create a fresh Restore Point... Please visit this webpage if you do not know how..

If you are using Windows Vista, please visit this webpage for more information.





Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 shivna

shivna
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 17 February 2009 - 05:37 PM

OK i have ran OTCleanIt and have made a system restore point. Well the computer seems to be back to its normal state as there is no program, or whatever it was, trying to start up and i can access the internet in normal mode. My only other question is that is it safe for me to now input sensitive data like making online payments or paying bills?

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 18 February 2009 - 01:30 AM

Yup.. Its should be safe to do that now.. Your computer is good to go.. Anymore questions? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 shivna

shivna
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 18 February 2009 - 11:31 AM

nope i got no more questions and if i ever have any trouble, i know where to look :thumbup2:

Thanks for all your help in saving my computer :D i am greatly indebted to you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users