Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe application error and some referenced memory could not be read, MBAM.exe not running after installation and Viruses


  • This topic is locked This topic is locked
12 replies to this topic

#1 al's

al's

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 16 March 2009 - 10:46 AM

Hey @ll,

I was posting before this on Am I infected? What do I do? forum.... as my pc was infected by WIN32/Patched.Y and WIN32/Kryptic.JV virus. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/208819/when-i-click-on-c-or-d-drive-it-says-cannot-access/ ~ OB I use NOD32 antivirus it detected both these virus and deleted one and quarantined the other but than C: and D: drive were not opening so i deleted the autorun.inf using MS-DOS and used flash disinfector also.... They worked fine than on the forum i was suggested by Bleeping janitor to download Malwarebytes Anti-Malware (v1.34) and run it i did download it but it wont run....
So i posted the same he told me to rename the mbam.exe file in the program files folder to mscan.scr or any other extention i did than still no luck and it didnt run....
So than he asked me to download Sreng2 and run it.. so i did but than all the file extentions were showing normal..... After that suddenly the Window appeared saying SVchost.exe application error some referenced memory could not be read and the start menu tab started blinking and the audio went off..... there was computer sound but no sound in movies etc.....


So than i posted the same he asked me to post here so i am doing that...... and than i restarted the pc now after comming to log in window it said C:/ Program could not be found check start menu.... and than the audio came back... but still there is some problem.. in between these things keep on happening.. i have scanned the system with stinger.exe, nod32...


Please help!!!!! i dont wanna format my pc again as i have done it 2 weeks back because of the same svchost.exe error....
I am posting the dds.txt....


DDS (Ver_09-03-16.01) - NTFSx86
Run by Al at 21:00:23.07 on Mon 03/16/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.169 [GMT 5.5:30]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Al\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [Google Update] "c:\documents and settings\al\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: []
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
Trusted Zone: orkut.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {D5FDEC9D-59E9-403F-84B5-11CF71A3234C} = 203.94.227.70,203.94.243.70
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\al\applic~1\mozilla\firefox\profiles\td8f7dru.default\
FF - plugin: c:\documents and settings\al\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-3-3 15424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-3-3 549256]

=============== Created Last 30 ================

2009-03-15 15:15 --d----- C:\Sreng2
2009-03-13 20:44 a-dshr-- C:\autorun.inf
2009-03-09 09:03 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-09 08:40 --d----- c:\windows\system32\scripting
2009-03-09 08:40 --d----- c:\windows\l2schemas
2009-03-09 08:40 --d----- c:\windows\system32\en
2009-03-09 08:40 --d----- c:\windows\system32\bits
2009-03-09 08:36 --d----- c:\windows\ServicePackFiles
2009-03-09 08:27 --d----- c:\windows\EHome
2009-03-04 20:56 --d----- c:\windows\network diagnostic
2009-03-04 05:59 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-03-04 01:10 --d----- c:\program files\uTorrent
2009-03-04 01:10 --d----- c:\docume~1\al\applic~1\uTorrent
2009-03-04 00:57 --d----- c:\program files\MSXML 4.0
2009-03-04 00:51 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-04 00:51 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-03-04 00:44 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-03-04 00:43 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-04 00:43 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-04 00:43 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-04 00:43 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-04 00:37 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-03-04 00:37 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-04 00:36 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-04 00:35 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-04 00:35 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-04 00:28 --d----- c:\windows\system32\PreInstall
2009-03-04 00:28 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-03-04 00:28 --d-h--- c:\windows\$hf_mig$
2009-03-04 00:06 --d----- c:\docume~1\al\applic~1\Uniblue
2009-03-04 00:06 --d----- c:\program files\Uniblue
2009-03-04 00:00 -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-03 18:40 --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-03-03 18:40 --d----- c:\docume~1\al\applic~1\Azureus
2009-03-03 18:40 --d----- c:\program files\common files\i4j_jres
2009-03-03 17:58 --d----- c:\windows\system32\SoftwareDistribution
2009-03-03 04:46 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-03-03 04:45 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-03-03 04:45 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-03-03 04:45 5,504 a------- c:\windows\system32\drivers\intelide.sys
2009-03-03 04:44 74,240 a------- c:\windows\system32\usbui.dll
2009-03-03 04:44 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-03-03 04:44 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-03-03 04:44 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2009-03-03 04:43 --d----- c:\program files\common files\ODBC
2009-03-03 04:43 --d----- c:\program files\common files\SpeechEngines
2009-03-03 04:42 --d--r-- c:\documents and settings\all users\Documents
2009-03-03 04:42 797,189 ac------ c:\windows\system32\dllcache\NT5IIS.CAT
2009-03-03 04:41 261 a------- c:\windows\system32\$winnt$.inf
2009-03-03 00:17 --d----- c:\program files\common files\L&H
2009-03-03 00:17 --d----- c:\program files\Microsoft ActiveSync
2009-03-03 00:08 --d----- c:\program files\ESET
2009-03-03 00:06 --d----- c:\program files\K-Lite Codec Pack
2009-03-03 00:00 --d----- c:\program files\VideoLAN
2009-03-02 23:52 --d----- c:\program files\Apoint
2009-03-02 23:52 --d----- c:\program files\Modem Helper
2009-03-02 23:50 --d----- c:\program files\Dell
2009-03-02 23:48 --d----- c:\docume~1\al\applic~1\Intel
2009-03-02 23:45 --d----- c:\program files\Broadcom
2009-03-02 23:44 --d----- c:\program files\CONEXANT
2009-03-02 23:42 --d----- c:\program files\SigmaTel
2009-03-02 23:32 --dsh--- c:\documents and settings\all users\DRM
2009-03-02 23:32 --d-h--- c:\program files\WindowsUpdate
2009-03-02 23:31 --d----- c:\program files\common files\MSSoap
2009-03-02 23:29 --d----- c:\program files\Online Services
2009-03-02 23:29 --d----- c:\program files\Messenger
2009-03-02 23:29 --d----- c:\program files\MSN Gaming Zone
2009-03-02 23:28 --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-03-09 08:42 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-03 00:08 512,096 a------- c:\windows\system32\drivers\amon.sys
2009-03-03 00:08 299,392 a------- c:\windows\system32\imon.dll
2009-03-03 00:08 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
2009-03-02 23:47 17,056 a------- c:\windows\system32\drivers\AegisP.sys
2009-03-02 23:30 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-21 04:45 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 21:00:44.60 ===============

Attached Files


Edited by Orange Blossom, 16 March 2009 - 09:35 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:06 AM

Posted 27 March 2009 - 08:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 al's

al's
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 29 March 2009 - 04:44 AM

Hey....
As it was suggested by Hijack this team while posting that i should'nt mess with the computer or take advice from any other forum... I did'nt touch the PC so the problem is same as posted by me in the earlier post.. Following are thetwo more additions....

1. Now the Orkut website does'nt open.
2. Disc Defragmentation is not possible... it say "Disc Defrag could not start"

I am posting the DDS files again....

Please help me out as early as possible as i have some important work.......



DDS (Ver_09-03-16.01) - NTFSx86
Run by Al at 15:06:03.01 on Sun 03/29/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.190 [GMT 5.5:30]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Documents and Settings\Al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Al\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
Trusted Zone: orkut.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {D5FDEC9D-59E9-403F-84B5-11CF71A3234C} = 203.94.227.70,203.94.243.70
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\al\applic~1\mozilla\firefox\profiles\td8f7dru.default\
FF - plugin: c:\documents and settings\al\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-3-3 15424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-3-3 549256]

=============== Created Last 30 ================

2009-03-22 21:21 <DIR> --d----- c:\windows\pss
2009-03-15 15:15 <DIR> --d----- C:\Sreng2
2009-03-13 20:44 <DIR> a-dshr-- C:\autorun.inf
2009-03-09 09:03 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-09 08:40 <DIR> --d----- c:\windows\system32\scripting
2009-03-09 08:40 <DIR> --d----- c:\windows\l2schemas
2009-03-09 08:40 <DIR> --d----- c:\windows\system32\en
2009-03-09 08:40 <DIR> --d----- c:\windows\system32\bits
2009-03-09 08:36 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-09 08:27 <DIR> --d----- c:\windows\EHome
2009-03-04 20:56 <DIR> --d----- c:\windows\network diagnostic
2009-03-04 05:59 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-03-04 01:10 <DIR> --d----- c:\program files\uTorrent
2009-03-04 01:10 <DIR> --d----- c:\docume~1\al\applic~1\uTorrent
2009-03-04 00:57 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-04 00:51 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-04 00:51 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-03-04 00:44 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-03-04 00:43 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-04 00:43 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-04 00:43 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-04 00:43 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-04 00:37 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-03-04 00:37 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-04 00:36 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-04 00:35 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-04 00:35 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-04 00:28 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-04 00:28 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-03-04 00:28 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-04 00:06 <DIR> --d----- c:\docume~1\al\applic~1\Uniblue
2009-03-04 00:06 <DIR> --d----- c:\program files\Uniblue
2009-03-04 00:00 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-03 18:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-03-03 18:40 <DIR> --d----- c:\docume~1\al\applic~1\Azureus
2009-03-03 18:40 <DIR> --d----- c:\program files\common files\i4j_jres
2009-03-03 17:58 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-03 04:46 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-03-03 04:45 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-03-03 04:45 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-03-03 04:45 5,504 a------- c:\windows\system32\drivers\intelide.sys
2009-03-03 04:44 74,240 a------- c:\windows\system32\usbui.dll
2009-03-03 04:44 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-03-03 04:44 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-03-03 04:44 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2009-03-03 04:43 <DIR> --d----- c:\program files\common files\ODBC
2009-03-03 04:43 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-03-03 04:42 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-03-03 04:42 797,189 ac------ c:\windows\system32\dllcache\NT5IIS.CAT
2009-03-03 04:41 261 a------- c:\windows\system32\$winnt$.inf
2009-03-03 00:17 <DIR> --d----- c:\program files\common files\L&H
2009-03-03 00:17 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-03-03 00:08 <DIR> --d----- c:\program files\ESET
2009-03-03 00:06 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-03-03 00:00 <DIR> --d----- c:\program files\VideoLAN
2009-03-02 23:52 <DIR> --d----- c:\program files\Apoint
2009-03-02 23:52 <DIR> --d----- c:\program files\Modem Helper
2009-03-02 23:50 <DIR> --d----- c:\program files\Dell
2009-03-02 23:48 <DIR> --d----- c:\docume~1\al\applic~1\Intel
2009-03-02 23:45 <DIR> --d----- c:\program files\Broadcom
2009-03-02 23:44 <DIR> --d----- c:\program files\CONEXANT
2009-03-02 23:42 <DIR> --d----- c:\program files\SigmaTel
2009-03-02 23:32 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-02 23:32 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-03-02 23:31 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-02 23:29 <DIR> --d----- c:\program files\Online Services
2009-03-02 23:29 <DIR> --d----- c:\program files\Messenger
2009-03-02 23:29 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-02 23:28 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-03-09 08:42 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-03 00:08 512,096 a------- c:\windows\system32\drivers\amon.sys
2009-03-03 00:08 299,392 a------- c:\windows\system32\imon.dll
2009-03-03 00:08 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
2009-03-02 23:47 17,056 a------- c:\windows\system32\drivers\AegisP.sys
2009-03-02 23:30 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 15:06:23.31 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 29 March 2009 - 11:11 AM

Hello.

Please do the following.

Download and Run Combofix

Important: Before we start please disabe any anti-virus programs or any real-time protection that is enabled.

Please refer to this page if your unsure how.
  • Please follow the instructions for running Combofix from here
  • Please read the guide carefully and follow every instructions percisly and remeber to install the Recovery Console first.
Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Download the appropriate Windows XP setup boot disk and drag it on Combofix like the image below:
    Posted Image
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • After you succusfully install the recovery console, will see this window.
    Posted Image
    Please select Yes.
  • Combofix will then run, when combofix it finished, it will create a log for you. Please copy and paste that log in your next reply.
  • Please post that log on your next reply. (the log is located in C:\ComboFix.txt.)
Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 al's

al's
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 29 March 2009 - 01:41 PM

Hey i have run the combofix following is the log:


ComboFix 09-03-28.06 - Al 2009-03-29 23:52:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.277 [GMT 5.5:30]
Running from: c:\documents and settings\Al\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-6-1-83-100005582-100022117-100009788-8473.com
c:\windows\system32\drivers\gaopdxdixmforoecpsxpairsvjtgowkdjedoqv.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxptcpipytyspuhhmupmtmoujcxyhxopqj.dll
d:\recycler\S-6-1-83-100005582-100022117-100009788-8473.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-15 22:39 . 2009-03-15 22:39 <DIR> d-------- c:\windows\Sun
2009-03-15 15:15 . 2009-03-15 15:17 <DIR> d-------- C:\Sreng2
2009-03-09 09:03 . 2008-04-14 05:42 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-09 08:40 . 2009-03-09 08:40 <DIR> d-------- c:\windows\system32\scripting
2009-03-09 08:40 . 2009-03-09 08:40 <DIR> d-------- c:\windows\system32\en
2009-03-09 08:40 . 2009-03-09 08:40 <DIR> d-------- c:\windows\system32\bits
2009-03-09 08:40 . 2009-03-09 08:40 <DIR> d-------- c:\windows\l2schemas
2009-03-09 08:36 . 2009-03-09 08:41 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-09 08:27 . 2009-03-09 08:27 <DIR> d-------- c:\windows\EHome
2009-03-05 22:10 . 2009-03-05 22:10 <DIR> d-------- c:\documents and settings\Al\Application Data\dvdcss
2009-03-04 21:00 . 2008-12-21 04:45 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-04 21:00 . 2007-04-17 15:02 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-04 21:00 . 2007-03-08 10:40 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-04 21:00 . 2008-12-21 04:45 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-04 21:00 . 2008-12-21 04:45 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-04 21:00 . 2008-12-21 04:45 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-04 21:00 . 2008-12-21 04:45 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-04 21:00 . 2008-12-21 04:45 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-04 21:00 . 2008-12-19 14:40 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-04 05:59 . 2004-08-03 22:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2009-03-04 01:10 . 2009-03-04 01:10 <DIR> d-------- c:\program files\uTorrent
2009-03-04 01:10 . 2009-03-29 23:36 <DIR> d-------- c:\documents and settings\Al\Application Data\uTorrent
2009-03-04 00:57 . 2009-03-04 00:57 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-04 00:51 . 2008-06-13 16:35 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-03-04 00:51 . 2008-06-13 16:35 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-04 00:44 . 2008-09-15 17:42 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-03-04 00:43 . 2008-08-14 15:41 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-04 00:43 . 2008-08-14 15:39 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-04 00:43 . 2008-08-14 15:03 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-04 00:43 . 2008-08-14 15:03 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-04 00:37 . 2008-10-24 16:51 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-04 00:37 . 2008-05-08 19:32 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-03-04 00:36 . 2008-12-11 16:27 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-03-04 00:35 . 2008-04-12 00:34 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-03-04 00:35 . 2008-10-15 22:04 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-03-04 00:28 . 2009-03-09 20:52 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-04 00:28 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-03-04 00:06 . 2009-03-04 00:06 <DIR> d-------- c:\program files\Uniblue
2009-03-04 00:06 . 2009-03-04 00:06 <DIR> d-------- c:\documents and settings\Al\Application Data\Uniblue
2009-03-04 00:00 . 2009-03-04 00:06 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-03 18:40 . 2009-03-03 18:40 <DIR> d-------- c:\program files\Common Files\i4j_jres
2009-03-03 18:40 . 2009-03-03 18:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-03-03 18:40 . 2009-03-04 00:56 <DIR> d-------- c:\documents and settings\Al\Application Data\Azureus
2009-03-03 00:31 . 2009-03-03 00:31 <DIR> d-------- c:\documents and settings\Al\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 18:08 --------- d-----w c:\program files\ESET
2009-03-02 18:47 --------- d-----w c:\program files\Microsoft Works
2009-03-02 18:47 --------- d-----w c:\program files\Microsoft ActiveSync
2009-03-02 18:47 --------- d-----w c:\program files\Common Files\L&H
2009-03-02 18:38 512,096 ----a-w c:\windows\system32\drivers\amon.sys
2009-03-02 18:38 299,392 ----a-w c:\windows\system32\imon.dll
2009-03-02 18:38 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2009-03-02 18:37 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-02 18:36 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-02 18:33 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-03-02 18:32 --------- d-----w c:\program files\Common Files\Adobe
2009-03-02 18:30 --------- d-----w c:\program files\VideoLAN
2009-03-02 18:24 --------- d-----w c:\program files\Java
2009-03-02 18:23 --------- d-----w c:\program files\Common Files\Java
2009-03-02 18:23 --------- d-----w c:\program files\Apoint
2009-03-02 18:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 18:22 --------- d-----w c:\program files\Modem Helper
2009-03-02 18:20 --------- d-----w c:\program files\Dell
2009-03-02 18:18 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel
2009-03-02 18:18 --------- d-----w c:\documents and settings\Al\Application Data\Intel
2009-03-02 18:17 17,056 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-02 18:17 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2009-03-02 18:16 --------- d-----w c:\program files\Intel
2009-03-02 18:15 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-02 18:15 --------- d-----w c:\program files\Broadcom
2009-03-02 18:14 --------- d-----w c:\program files\CONEXANT
2009-03-02 18:12 --------- d-----w c:\program files\SigmaTel
2009-03-02 18:03 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-03-03 950664]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-03-10 21:16 133104 c:\documents and settings\Al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 22:18 2019624 c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-03-03 15424]
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1229272821-839522115-1004.job
- c:\documents and settings\Al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-10 21:16]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: orkut.com
TCP: {D5FDEC9D-59E9-403F-84B5-11CF71A3234C} = 203.94.227.70,203.94.243.70
FF - ProfilePath - c:\documents and settings\Al\Application Data\Mozilla\Firefox\Profiles\td8f7dru.default\
FF - plugin: c:\documents and settings\Al\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 23:53:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(1076)
c:\windows\system32\imon.dll
.
Completion time: 2009-03-29 23:54:51
ComboFix-quarantined-files.txt 2009-03-29 18:24:46

Pre-Run: 1,913,417,728 bytes free
Post-Run: 1,903,177,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

189 --- E O F --- 2009-03-09 15:31:57

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 29 March 2009 - 02:06 PM

Hello.

The Rootkit got removed :thumbup2:

However, you still should know about the nature of this infection.


Posted ImageBackdoor Threat

IMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you wish to continue, follow the steps below please.


Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes..
  • When it's done scanning, you may receive another notice. Click OK if prompted.
  • Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.
  • If you receive no notice, click on the Scan button near the bottom.
  • It will start scanning again like before.
  • When it is done, Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.If GMER doesn't work in Normal Mode try running it in Safe Mode
Note: Do Not run any program while GMER is running

Important!:Please do not select the Show all checkbox during the scan.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with:
-GMER log
-MBAM log
-New Hijackthis log

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 al's

al's
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 30 March 2009 - 11:36 AM

Hey thanks for the info on passwords etc....
But i dont use this PC for any financial transaction i use it for net browsing and making project reports and entertainment.......

i really don't wanna format the PC as i have done it 3 times last month as the same problem kept reoccuring....

Thanks for the help...

Disc Dfrag is working fine now...
But orkut site sometime loads and sometimes shows a blank....
All other issues are also resolved



THANKS

I have no clue how to interpret the following but let me know if i need to do anything else... for keeping this from happening again.....


I am posting the logs as asked by u:

GMER:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-03-30 21:22:13
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

---- EOF - GMER 1.0.15 ----






MBAM:

Malwarebytes' Anti-Malware 1.35
Database version: 1918
Windows 5.1.2600 Service Pack 3

3/30/2009 9:33:41 PM
mbam-log-2009-03-30 (21-33-41).txt

Scan type: Quick Scan
Objects scanned: 60313
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



DDS:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Al at 21:57:01.03 on Mon 03/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.223 [GMT 5.5:30]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Documents and Settings\Al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Al\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
Trusted Zone: orkut.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {D5FDEC9D-59E9-403F-84B5-11CF71A3234C} = 203.94.227.70,203.94.243.70
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\al\applic~1\mozilla\firefox\profiles\td8f7dru.default\
FF - plugin: c:\documents and settings\al\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-3-3 15424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-3-3 549256]

=============== Created Last 30 ================

2009-03-30 21:28 <DIR> --d----- c:\docume~1\al\applic~1\Malwarebytes
2009-03-30 21:28 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-30 21:28 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 21:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-30 21:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 23:47 <DIR> a-dshr-- C:\cmdcons
2009-03-29 23:43 161,792 a------- c:\windows\SWREG.exe
2009-03-29 23:43 98,816 a------- c:\windows\sed.exe
2009-03-29 23:43 <DIR> --d----- C:\ComboFix
2009-03-22 21:21 <DIR> --d----- c:\windows\pss
2009-03-15 15:15 <DIR> --d----- C:\Sreng2
2009-03-13 20:44 <DIR> a-dshr-- C:\autorun.inf
2009-03-09 09:03 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-09 08:40 <DIR> --d----- c:\windows\system32\scripting
2009-03-09 08:40 <DIR> --d----- c:\windows\l2schemas
2009-03-09 08:40 <DIR> --d----- c:\windows\system32\en
2009-03-09 08:40 <DIR> --d----- c:\windows\system32\bits
2009-03-09 08:36 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-09 08:27 <DIR> --d----- c:\windows\EHome
2009-03-04 20:56 <DIR> --d----- c:\windows\network diagnostic
2009-03-04 05:59 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-03-04 01:10 <DIR> --d----- c:\program files\uTorrent
2009-03-04 01:10 <DIR> --d----- c:\docume~1\al\applic~1\uTorrent
2009-03-04 00:57 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-04 00:51 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-04 00:51 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-03-04 00:44 1,846,784 -c------ c:\windows\system32\dllcache\win32k.sys
2009-03-04 00:43 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-04 00:43 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-04 00:43 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-04 00:43 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-04 00:37 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-03-04 00:37 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-04 00:36 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-04 00:35 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-04 00:35 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-04 00:28 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-04 00:28 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-03-04 00:28 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-04 00:06 <DIR> --d----- c:\docume~1\al\applic~1\Uniblue
2009-03-04 00:06 <DIR> --d----- c:\program files\Uniblue
2009-03-04 00:00 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-03 18:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-03-03 18:40 <DIR> --d----- c:\docume~1\al\applic~1\Azureus
2009-03-03 18:40 <DIR> --d----- c:\program files\common files\i4j_jres
2009-03-03 17:58 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-03 04:46 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-03-03 04:45 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-03-03 04:45 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-03-03 04:45 5,504 a------- c:\windows\system32\drivers\intelide.sys
2009-03-03 04:44 74,240 a------- c:\windows\system32\usbui.dll
2009-03-03 04:44 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-03-03 04:44 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-03-03 04:44 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2009-03-03 04:43 <DIR> --d----- c:\program files\common files\ODBC
2009-03-03 04:43 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-03-03 04:42 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-03-03 04:42 797,189 ac------ c:\windows\system32\dllcache\NT5IIS.CAT
2009-03-03 04:41 261 a------- c:\windows\system32\$winnt$.inf
2009-03-03 00:17 <DIR> --d----- c:\program files\common files\L&H
2009-03-03 00:17 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-03-03 00:08 <DIR> --d----- c:\program files\ESET
2009-03-03 00:06 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-03-03 00:00 <DIR> --d----- c:\program files\VideoLAN
2009-03-02 23:52 <DIR> --d----- c:\program files\Apoint
2009-03-02 23:52 <DIR> --d----- c:\program files\Modem Helper
2009-03-02 23:50 <DIR> --d----- c:\program files\Dell
2009-03-02 23:48 <DIR> --d----- c:\docume~1\al\applic~1\Intel
2009-03-02 23:45 <DIR> --d----- c:\program files\Broadcom
2009-03-02 23:44 <DIR> --d----- c:\program files\CONEXANT
2009-03-02 23:42 <DIR> --d----- c:\program files\SigmaTel
2009-03-02 23:32 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-02 23:32 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-03-02 23:31 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-02 23:29 <DIR> --d----- c:\program files\Online Services
2009-03-02 23:29 <DIR> --d----- c:\program files\Messenger
2009-03-02 23:29 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-02 23:28 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-03-09 08:42 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-03 00:08 512,096 a------- c:\windows\system32\drivers\amon.sys
2009-03-03 00:08 299,392 a------- c:\windows\system32\imon.dll
2009-03-03 00:08 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
2009-03-02 23:47 17,056 a------- c:\windows\system32\drivers\AegisP.sys
2009-03-02 23:30 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-09 16:43 1,846,784 a------- c:\windows\system32\win32k.sys

============= FINISH: 21:57:19.07 ===============

Attached Files



#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 30 March 2009 - 02:41 PM

Hello.

Looks a lot better :thumbup2:

O15 Entries Warning (Sites in your Trusted Zones)

The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in the Internet via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.


Update Java to Version 6 Update 12

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Post back with a new DDS log as well.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 al's

al's
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 31 March 2009 - 02:27 PM

Hey.....
I have done everything according to ur instructions... But after running all that stuff suddenly the computer has become slow and even the downloading speed has decreased........

While deleting DDS.scr it automatically was running and shift+del was not working on it so i had to delete it and than clear from recycle bin.....


Following are the reports u had asked for:


Kasper:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, April 1, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 31, 2009 17:57:04
Records in database: 1990025
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 29767
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:16:27


File name / Threat name / Threats count
D:\softwares\others\Uniblue_Registry_Booster_v2.0.1114.3657.rar Infected: Trojan-PSW.Win32.Agent.kkg 1
D:\softwares\sft\New Folder\regtools.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1

The selected area was scanned.



DDS:



DDS (Ver_09-03-16.01) - NTFSx86
Run by Al at 0:52:29.81 on Wed 04/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.290 [GMT 5.5:30]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Al\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {D5FDEC9D-59E9-403F-84B5-11CF71A3234C} = 203.94.227.70,203.94.243.70
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\al\applic~1\mozilla\firefox\profiles\td8f7dru.default\
FF - plugin: c:\documents and settings\al\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-3-3 15424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-3-3 549256]

=============== Created Last 30 ================

2009-03-31 22:16 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-31 22:16 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-30 21:28 <DIR> --d----- c:\docume~1\al\applic~1\Malwarebytes
2009-03-30 21:28 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-30 21:28 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 21:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-30 21:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 23:47 <DIR> a-dshr-- C:\cmdcons
2009-03-29 23:43 161,792 a------- c:\windows\SWREG.exe
2009-03-29 23:43 98,816 a------- c:\windows\sed.exe
2009-03-29 23:43 <DIR> --d----- C:\ComboFix
2009-03-22 21:21 <DIR> --d----- c:\windows\pss
2009-03-13 20:44 <DIR> a-dshr-- C:\autorun.inf
2009-03-09 09:03 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-09 08:40 <DIR> --d----- c:\windows\system32\scripting
2009-03-09 08:40 <DIR> --d----- c:\windows\l2schemas
2009-03-09 08:40 <DIR> --d----- c:\windows\system32\en
2009-03-09 08:40 <DIR> --d----- c:\windows\system32\bits
2009-03-09 08:36 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-09 08:27 <DIR> --d----- c:\windows\EHome
2009-03-04 20:56 <DIR> --d----- c:\windows\network diagnostic
2009-03-04 05:59 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-03-04 01:10 <DIR> --d----- c:\program files\uTorrent
2009-03-04 01:10 <DIR> --d----- c:\docume~1\al\applic~1\uTorrent
2009-03-04 00:57 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-04 00:51 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-04 00:51 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-03-04 00:44 1,846,784 -c------ c:\windows\system32\dllcache\win32k.sys
2009-03-04 00:43 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-04 00:43 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-04 00:43 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-04 00:43 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-04 00:37 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-03-04 00:37 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-04 00:36 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-04 00:35 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-04 00:35 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-04 00:28 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-04 00:28 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-03-04 00:28 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-04 00:06 <DIR> --d----- c:\docume~1\al\applic~1\Uniblue
2009-03-04 00:06 <DIR> --d----- c:\program files\Uniblue
2009-03-04 00:00 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-03 18:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-03-03 18:40 <DIR> --d----- c:\docume~1\al\applic~1\Azureus
2009-03-03 18:40 <DIR> --d----- c:\program files\common files\i4j_jres
2009-03-03 17:58 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-03 04:46 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-03-03 04:45 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-03-03 04:45 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-03-03 04:45 5,504 a------- c:\windows\system32\drivers\intelide.sys
2009-03-03 04:44 74,240 a------- c:\windows\system32\usbui.dll
2009-03-03 04:44 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-03-03 04:44 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-03-03 04:44 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2009-03-03 04:43 <DIR> --d----- c:\program files\common files\ODBC
2009-03-03 04:43 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-03-03 04:42 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-03-03 04:42 797,189 ac------ c:\windows\system32\dllcache\NT5IIS.CAT
2009-03-03 04:41 261 a------- c:\windows\system32\$winnt$.inf
2009-03-03 00:17 <DIR> --d----- c:\program files\common files\L&H
2009-03-03 00:17 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-03-03 00:08 <DIR> --d----- c:\program files\ESET
2009-03-03 00:00 <DIR> --d----- c:\program files\VideoLAN
2009-03-02 23:52 <DIR> --d----- c:\program files\Apoint
2009-03-02 23:52 <DIR> --d----- c:\program files\Modem Helper
2009-03-02 23:50 <DIR> --d----- c:\program files\Dell
2009-03-02 23:48 <DIR> --d----- c:\docume~1\al\applic~1\Intel
2009-03-02 23:45 <DIR> --d----- c:\program files\Broadcom
2009-03-02 23:44 <DIR> --d----- c:\program files\CONEXANT
2009-03-02 23:42 <DIR> --d----- c:\program files\SigmaTel
2009-03-02 23:32 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-02 23:32 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-03-02 23:31 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-02 23:29 <DIR> --d----- c:\program files\Online Services
2009-03-02 23:29 <DIR> --d----- c:\program files\Messenger
2009-03-02 23:29 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-02 23:28 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-03-09 08:42 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-03 00:08 512,096 a------- c:\windows\system32\drivers\amon.sys
2009-03-03 00:08 299,392 a------- c:\windows\system32\imon.dll
2009-03-03 00:08 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
2009-03-02 23:47 17,056 a------- c:\windows\system32\drivers\AegisP.sys
2009-03-02 23:30 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-09 16:43 1,846,784 a------- c:\windows\system32\win32k.sys

============= FINISH: 0:52:51.23 ===============

Attached Files



#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 31 March 2009 - 03:23 PM

Hello.

Two programs to be warned about and two files you should remove.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Registry Cleaner(s) Warning

The following is referring to Uniblue RegistryBooster 2009

Please be aware that Bleeping Computer staff do not recommend the usage of registry cleaners/tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System. This could include making your computer inoperatable.
  • These programs generally only delete "orphaned" or "dead" entries. This merely removes entries that point to files that no longer exist on your computer. Registry entries do not take up a significant amount of hardrive space. The program itself (and its own registry entries) likely occupy relatively more space.
  • The amount of improvement in performance you gain is minimal.
This is done, assuming that the major audience here at this board may be inexperienced users and thus a suggested safeguard from our side.
If you feel that your have sufficient knowledge to use such tools safely, then you are welcome to keep them.

These two files should be removed.

D:\softwares\sft\New Folder\regtools.vbs

D:\softwares\others\Uniblue_Registry_Booster_v2.0.1114.3657.rar


Other than that everything looks clean. Regarding Slowness, I am not sure but all I can say is the malware could have done some damage and/or it's some other windows problem or internet related issues. My browser (IE) was not working very well and slowed down when surfing and opening tabs but after 2 weeks of resisting it became back to normal for some strange reason..

Let's clean up now.

Please follow/read the steps below to remove the tools we used and for some more information. :step4:

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
  • When shown the disclaimer, Select "2"
This will remove files/folders assoicated with combofix and uninstall it.

Download and Run OTCleanIt

We will now remove the tools we used during this fix.
  • Download OTCleanIt by OldTimer to your desktop.
  • Double click OTCleanIt.exe to start the program.
  • Click the big CleanUp! button.
  • When asked if you want to proceed witht the cleanup process, click Yes. Restart your computer when prompted.


Congratulations! You now appear clean! :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

System a bit Slow? Try StartUpLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :thumbup2:


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :step1:

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 al's

al's
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 01 April 2009 - 01:38 PM

Hey Mate................ :step4:


Thanks for all the info......... gone through it.....


Thanks a lot....


You can go on with helping others..............

PC is working Great now :)



Will definitely market for Bleeping Computer in mY circle............

Cheers..........

:thumbup2:


#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 01 April 2009 - 02:46 PM

You're welcome. :)

Happy surfing again and good luck near the future!

Hope you stay "un-infected".. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 01 April 2009 - 02:51 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad I could help :thumbup2:
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users