Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    75% of Malware Uploaded on “No-Distribute” Scanners Is Unknown to Researchers

Featured Deal: Get 95% off The Complete Adobe CC Training Bundle Deal

Photo

Win32:AutoRun-ATQ [Wrm] found, it is and destroying data! It has blocked out all my virus scanners!

Started by Chloecatgirl , Mar 28 2009 05:52 AM

  • This topic is locked This topic is locked
9 replies to this topic

#1 Chloecatgirl

Chloecatgirl

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Forks WA
  • Local time:06:33 PM

Posted 28 March 2009 - 05:52 AM

:) Win32:AutoRun-ATQ [Wrm] found, it is and destroying data! It has blocked out all my virus scanners! Everytime that I attempt to remove it, it restarts my computer and blocks my avast scanner and virus chest :step5: I NEED URGENT HELP PLEASE! Aparently the virus is called something like msnmsngr.exe? Avast says it is still infected! HELP PLEASE! :step1:

Before my computer crashes, windows gives me a message about a security flaw, then it crashes. :) :step4:

I have a hijackthis log for more info:
-----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:33 PM, on 2009/03/28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hallmark\Hallmark Card Studio 2007\Planner\PLNRnote.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Security Task Manager\TaskMan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chloe\My Documents\HiJackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Planner Reminder.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O20 - AppInit_DLLs: ,
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Chloe/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 4799 bytes
---------------

thanks :thumbup2:

Attached Files


BC AdBot (Login to Remove)

 

#2 Chloecatgirl

Chloecatgirl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Forks WA
  • Local time:06:33 PM

Posted 28 March 2009 - 07:17 AM

please can somebody help me or give me some advice?? BTW, my Spybot SD told me that Trend Micro products are infected with malicious data? :thumbup2:

#3 Chloecatgirl

Chloecatgirl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Forks WA
  • Local time:06:33 PM

Posted 29 March 2009 - 08:32 AM

PLEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEASE!!?? SOMEONE PLEASE HELP!!?? :step5: :step4: :step1: :thumbup2: :)

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:33 AM

Posted 29 March 2009 - 03:36 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Chloecatgirl

Chloecatgirl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Forks WA
  • Local time:06:33 PM

Posted 03 April 2009 - 08:18 AM

Hi Sam, sorry for the delay of replying, my computer kept on restarting before i could click post. Thank you for helping me,

I installed OTListIt2 and here is the log:
OTListIt logfile created on: 2009/04/03 03:04:24 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.9.1 Folder = C:\Documents and Settings\Chloe\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

511.47 Mb Total Physical Memory | 98.35 Mb Available Physical Memory | 19.23% Memory free
1.60 Gb Paging File | 1.22 Gb Available in Paging File | 76.68% Paging File free
Paging file location(s): C:\pagefile.sys 1152 1152;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 26.05 Gb Free Space | 69.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 18.65 Gb Total Space | 10.05 Gb Free Space | 53.92% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHLOE-5DB1538EF
Current User Name: Chloe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2004/08/04 14:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/11/26 19:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/11/26 19:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2004/08/04 14:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/01/12 20:40:24 | 00,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
PRC - [2003/11/18 17:20:46 | 00,045,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
PRC - [2008/11/26 19:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2001/10/22 17:24:28 | 01,216,512 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\Mixer.exe
PRC - [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/11/21 21:20:06 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/09/05 18:33:32 | 00,072,192 | ---- | M] (TODO: <Company name>) -- C:\Program Files\Hallmark\Hallmark Card Studio 2007\Planner\PLNRnote.exe
PRC - [2008/12/15 10:33:35 | 02,527,280 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\setup\avast.setup
PRC - [2009/04/03 14:25:09 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chloe\Desktop\OTListIt2.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/11/26 19:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/11/26 19:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/11/26 19:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2008/11/26 19:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2008/11/26 19:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2008/11/26 19:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/28 18:14:10 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/11/26 19:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2008/11/26 19:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2008/11/26 19:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2008/11/26 19:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2008/11/26 19:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2008/11/26 19:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2001/10/30 20:01:50 | 00,280,782 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Running])
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2009/01/03 10:05:33 | 00,012,400 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-1606980848-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-1606980848-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1715567821-1606980848-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1715567821-1606980848-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-1606980848-854245398-1004\S-1-5-21-1715567821-1606980848-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (303844 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10468 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1715567821-1606980848-854245398-1004\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1715567821-1606980848-854245398-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-21-1715567821-1606980848-854245398-1004..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1715567821-1606980848-854245398-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1715567821-1606980848-854245398-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1715567821-1606980848-854245398-1004..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk = C:\WINDOWS\Installer\{B1C4042E-DDEE-487F-B56C-4E498E790B98}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1606980848-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1715567821-1606980848-854245398-1004\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Chloe/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/08 20:29:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/10 19:03:09 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d2cce200-b5a1-11dd-8081-00304f134aca}\Shell\AutoRun\command - "" = G:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O33 - MountPoints2\{d2cce200-b5a1-11dd-8081-00304f134aca}\Shell\open\command - "" = G:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/04/03 15:05:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chloe\Desktop\gmer
[2009/04/03 14:25:20 | 00,278,161 | ---- | C] () -- C:\Documents and Settings\Chloe\Desktop\gmer.zip
[2009/04/03 14:25:08 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chloe\Desktop\OTListIt2.exe
[2009/03/28 21:33:06 | 06,305,280 | ---- | C] () -- C:\Documents and Settings\Chloe\Desktop\MXitPC282125473161739.msi
[2009/03/28 13:44:04 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Chloe\Desktop\Spybot - Search & Destroy.lnk
[2009/03/28 13:36:29 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Chloe\Desktop\SpybotSD.exe
[2009/03/28 10:59:50 | 00,000,000 | ---D | C] -- C:\566aac3aee65e49d437c31316a57c4
[2009/03/28 10:59:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/03/28 10:59:08 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2009/03/28 10:59:01 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/28 10:58:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/03/28 10:47:01 | 00,000,000 | ---D | C] -- C:\ac7c59b6917c644a716cb111f0
[2009/03/27 18:48:16 | 00,009,216 | -HS- | C] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{218613AA-E964-4404-8301-0DD48639663A}_Large.jpg
[2009/03/27 18:48:16 | 00,002,325 | -HS- | C] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{218613AA-E964-4404-8301-0DD48639663A}_Small.jpg
[2009/03/27 18:43:31 | 02,878,577 | ---- | C] () -- C:\Documents and Settings\Chloe\My Documents\love story karaoke.wma
[2009/03/22 10:29:55 | 00,009,216 | -HS- | C] () -- C:\Documents and Settings\Chloe\My Documents\Folder.jpg
[2009/03/22 10:29:55 | 00,008,293 | -HS- | C] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{980A77D0-5D89-4CE3-B01C-67E8C6C2AA52}_Large.jpg
[2009/03/22 10:29:55 | 00,002,325 | -HS- | C] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArtSmall.jpg
[2009/03/22 10:29:55 | 00,002,223 | -HS- | C] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{980A77D0-5D89-4CE3-B01C-67E8C6C2AA52}_Small.jpg
[2009/03/21 18:42:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/03/21 14:39:15 | 00,011,190 | ---- | C] () -- C:\Documents and Settings\Chloe\My Documents\cat-mouse-bunny-dog-795816[1].jpg
[2009/03/21 13:45:45 | 00,101,667 | ---- | C] () -- C:\Documents and Settings\Chloe\My Documents\me2[1].jpg
[2009/03/21 13:05:35 | 00,182,022 | ---- | C] () -- C:\Documents and Settings\Chloe\My Documents\m.bmp
[2009/03/21 10:48:07 | 01,282,636 | ---- | C] () -- C:\Documents and Settings\Chloe\My Documents\Untitled-2.psd
[2009/03/09 23:25:15 | 00,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/03/09 23:23:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/03/09 23:23:27 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/03/09 23:20:07 | 00,000,000 | ---D | C] -- C:\Photoshop
[2009/03/06 13:53:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/03 15:06:11 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/03 15:04:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/03 15:03:41 | 00,002,479 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
[2009/04/03 15:03:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/03 15:03:16 | 53,638,3488 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/03 14:54:32 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/03 14:25:29 | 00,278,161 | ---- | M] () -- C:\Documents and Settings\Chloe\Desktop\gmer.zip
[2009/04/03 14:25:09 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chloe\Desktop\OTListIt2.exe
[2009/03/28 21:33:07 | 06,305,280 | ---- | M] () -- C:\Documents and Settings\Chloe\Desktop\MXitPC282125473161739.msi
[2009/03/28 13:54:27 | 00,303,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/28 13:53:46 | 00,303,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090328-135427.backup
[2009/03/28 13:53:16 | 00,303,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090328-135346.backup
[2009/03/28 13:44:04 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Chloe\Desktop\Spybot - Search & Destroy.lnk
[2009/03/28 13:36:29 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Chloe\Desktop\SpybotSD.exe
[2009/03/28 10:59:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/27 19:06:46 | 03,909,126 | -H-- | M] () -- C:\Documents and Settings\Chloe\Local Settings\Application Data\IconCache.db
[2009/03/27 18:48:16 | 00,009,216 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\Folder.jpg
[2009/03/27 18:48:16 | 00,009,216 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{218613AA-E964-4404-8301-0DD48639663A}_Large.jpg
[2009/03/27 18:48:16 | 00,000,290 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\desktop.ini
[2009/03/27 18:48:14 | 00,002,325 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArtSmall.jpg
[2009/03/27 18:48:14 | 00,002,325 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{218613AA-E964-4404-8301-0DD48639663A}_Small.jpg
[2009/03/27 18:43:33 | 02,878,577 | ---- | M] () -- C:\Documents and Settings\Chloe\My Documents\love story karaoke.wma
[2009/03/22 10:34:03 | 08,386,856 | ---- | M] () -- C:\Documents and Settings\Chloe\My Documents\decode paramore.mp3
[2009/03/22 10:29:55 | 00,008,293 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{980A77D0-5D89-4CE3-B01C-67E8C6C2AA52}_Large.jpg
[2009/03/22 10:29:53 | 00,002,223 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{980A77D0-5D89-4CE3-B01C-67E8C6C2AA52}_Small.jpg
[2009/03/22 09:54:57 | 00,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/21 15:12:41 | 00,036,864 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\Thumbs.db
[2009/03/21 14:39:04 | 00,011,190 | ---- | M] () -- C:\Documents and Settings\Chloe\My Documents\cat-mouse-bunny-dog-795816[1].jpg
[2009/03/21 13:45:34 | 00,101,667 | ---- | M] () -- C:\Documents and Settings\Chloe\My Documents\me2[1].jpg
[2009/03/21 13:05:35 | 00,182,022 | ---- | M] () -- C:\Documents and Settings\Chloe\My Documents\m.bmp
[2009/03/21 10:48:07 | 01,282,636 | ---- | M] () -- C:\Documents and Settings\Chloe\My Documents\Untitled-2.psd
[2009/03/09 23:25:15 | 00,000,986 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/03/09 23:04:43 | 00,010,836 | ---- | M] () -- C:\WINDOWS\ePrompter.ini
< End of report >

I will post the next log after this post before my computer restarts again

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:33 AM

Posted 03 April 2009 - 03:15 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O33 - MountPoints2\{d2cce200-b5a1-11dd-8081-00304f134aca}\Shell\AutoRun\command - "" = G:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O33 - MountPoints2\{d2cce200-b5a1-11dd-8081-00304f134aca}\Shell\open\command - "" = G:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

Do you have a log from Gmer yet?
If so, please post it also.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Chloecatgirl

Chloecatgirl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Forks WA
  • Local time:06:33 PM

Posted 04 April 2009 - 04:39 AM

Hi

Here is the log for OTListIt2 after the reboot and fix:


--------------------------------




========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2cce200-b5a1-11dd-8081-00304f134aca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2cce200-b5a1-11dd-8081-00304f134aca}\ not found.
File G:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2cce200-b5a1-11dd-8081-00304f134aca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2cce200-b5a1-11dd-8081-00304f134aca}\ not found.
File G:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Chloe\Local Settings\Temp\WERac06.dir00\msimn.exe.mdmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chloe\Local Settings\Temp\WERa664.dir00\msimn.exe.mdmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chloe\Local Settings\Temp\WER95af.dir00\msimn.exe.mdmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chloe\Local Settings\Temp\WER1830.dir00\msimn.exe.mdmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chloe\Local Settings\Temp\WER154e.dir00\IEXPLORE.EXE.mdmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chloe\Local Settings\Temp\WER01a7.dir00\msimn.exe.mdmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Chloe\Local Settings\Temporary Internet Files\Content.IE5\OY9DIDMR\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chloe\Local Settings\Temporary Internet Files\Content.IE5\49WOPEX3\topic214624[2].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chloe\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4ec.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.9.1 log created on 04042009_105156

Files moved on Reboot...
C:\Documents and Settings\Chloe\Local Settings\Temp\WERac06.dir00\msimn.exe.mdmp moved successfully.
C:\Documents and Settings\Chloe\Local Settings\Temp\WERa664.dir00\msimn.exe.mdmp moved successfully.
C:\Documents and Settings\Chloe\Local Settings\Temp\WER95af.dir00\msimn.exe.mdmp moved successfully.
C:\Documents and Settings\Chloe\Local Settings\Temp\WER1830.dir00\msimn.exe.mdmp moved successfully.
C:\Documents and Settings\Chloe\Local Settings\Temp\WER154e.dir00\IEXPLORE.EXE.mdmp moved successfully.
C:\Documents and Settings\Chloe\Local Settings\Temp\WER01a7.dir00\msimn.exe.mdmp moved successfully.
C:\Documents and Settings\Chloe\Local Settings\Temporary Internet Files\Content.IE5\OY9DIDMR\iframe[1].htm moved successfully.
C:\Documents and Settings\Chloe\Local Settings\Temporary Internet Files\Content.IE5\49WOPEX3\topic214624[2].html moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_4ec.dat moved successfully.

Registry entries deleted on Reboot...





------------------------------------------






OTListIt logfile created on: 2009/04/04 11:32:30 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.9.1 Folder = C:\Documents and Settings\Chloe\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

511.47 Mb Total Physical Memory | 222.50 Mb Available Physical Memory | 43.50% Memory free
1.60 Gb Paging File | 1.34 Gb Available in Paging File | 84.22% Paging File free
Paging file location(s): C:\pagefile.sys 1152 1152;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 26.42 Gb Free Space | 70.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 18.65 Gb Total Space | 10.05 Gb Free Space | 53.92% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHLOE-5DB1538EF
Current User Name: Chloe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/11/26 19:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2004/08/04 14:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/01/12 20:40:24 | 00,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
PRC - [2003/11/18 17:20:46 | 00,045,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
PRC - [2008/11/26 19:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2001/10/22 17:24:28 | 01,216,512 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\Mixer.exe
PRC - [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/11/21 21:20:06 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/09/05 18:33:32 | 00,072,192 | ---- | M] (TODO: <Company name>) -- C:\Program Files\Hallmark\Hallmark Card Studio 2007\Planner\PLNRnote.exe
PRC - [2004/08/04 14:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009/04/03 14:25:09 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chloe\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/11/26 19:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2008/11/26 19:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Stopped])
SRV - [2008/11/26 19:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2008/11/26 19:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/28 18:14:10 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/11/26 19:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2008/11/26 19:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2008/11/26 19:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2008/11/26 19:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])
DRV - [2008/11/26 19:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2008/11/26 19:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2001/10/30 20:01:50 | 00,280,782 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Running])
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Stopped])
DRV - [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2009/01/03 10:05:33 | 00,012,400 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (303844 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10468 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk = C:\WINDOWS\Installer\{B1C4042E-DDEE-487F-B56C-4E498E790B98}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Chloe/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/08 20:29:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/10 19:03:09 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/04/04 10:51:56 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/03 17:15:21 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Chloe\Desktop\virusss.rtf
[2009/04/03 17:12:59 | 00,000,000 | ---D | C] -- C:\spoolerlogs
[2009/04/03 15:05:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chloe\Desktop\gmer
[2009/04/03 14:25:20 | 00,278,161 | ---- | C] () -- C:\Documents and Settings\Chloe\Desktop\gmer.zip
[2009/04/03 14:25:08 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chloe\Desktop\OTListIt2.exe
[2009/03/28 21:33:06 | 06,305,280 | ---- | C] () -- C:\Documents and Settings\Chloe\Desktop\MXitPC282125473161739.msi
[2009/03/28 13:44:04 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Chloe\Desktop\Spybot - Search & Destroy.lnk
[2009/03/28 13:36:29 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Chloe\Desktop\SpybotSD.exe
[2009/03/28 10:59:50 | 00,000,000 | ---D | C] -- C:\566aac3aee65e49d437c31316a57c4
[2009/03/28 10:59:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/03/28 10:59:08 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2009/03/28 10:59:01 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/28 10:58:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/03/28 10:47:01 | 00,000,000 | ---D | C] -- C:\ac7c59b6917c644a716cb111f0
[2009/03/27 18:48:16 | 00,009,216 | -HS- | C] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{218613AA-E964-4404-8301-0DD48639663A}_Large.jpg
[2009/03/27 18:48:16 | 00,002,325 | -HS- | C] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{218613AA-E964-4404-8301-0DD48639663A}_Small.jpg
[2009/03/27 18:43:31 | 02,878,577 | ---- | C] () -- C:\Documents and Settings\Chloe\My Documents\love story karaoke.wma
[2009/03/22 10:29:55 | 00,009,216 | -HS- | C] () -- C:\Documents and Settings\Chloe\My Documents\Folder.jpg
[2009/03/22 10:29:55 | 00,008,293 | -HS- | C] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{980A77D0-5D89-4CE3-B01C-67E8C6C2AA52}_Large.jpg
[2009/03/22 10:29:55 | 00,002,325 | -HS- | C] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArtSmall.jpg
[2009/03/22 10:29:55 | 00,002,223 | -HS- | C] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{980A77D0-5D89-4CE3-B01C-67E8C6C2AA52}_Small.jpg
[2009/03/21 18:42:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/03/21 14:39:15 | 00,011,190 | ---- | C] () -- C:\Documents and Settings\Chloe\My Documents\cat-mouse-bunny-dog-795816[1].jpg
[2009/03/21 13:45:45 | 00,101,667 | ---- | C] () -- C:\Documents and Settings\Chloe\My Documents\me2[1].jpg
[2009/03/21 13:05:35 | 00,182,022 | ---- | C] () -- C:\Documents and Settings\Chloe\My Documents\m.bmp
[2009/03/21 10:48:07 | 01,282,636 | ---- | C] () -- C:\Documents and Settings\Chloe\My Documents\Untitled-2.psd
[2009/03/09 23:25:15 | 00,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/03/09 23:23:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/03/09 23:23:27 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/03/09 23:20:07 | 00,000,000 | ---D | C] -- C:\Photoshop
[2009/03/06 13:53:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/04 11:04:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/04 10:59:36 | 00,002,479 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
[2009/04/04 10:59:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/04 10:59:01 | 53,638,3488 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/04 10:54:01 | 04,460,474 | -H-- | M] () -- C:\Documents and Settings\Chloe\Local Settings\Application Data\IconCache.db
[2009/04/04 07:11:31 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/03 17:18:28 | 00,012,358 | ---- | M] () -- C:\Documents and Settings\Chloe\Desktop\virusss.rtf
[2009/04/03 14:54:32 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/03 14:25:29 | 00,278,161 | ---- | M] () -- C:\Documents and Settings\Chloe\Desktop\gmer.zip
[2009/04/03 14:25:09 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chloe\Desktop\OTListIt2.exe
[2009/03/28 21:33:07 | 06,305,280 | ---- | M] () -- C:\Documents and Settings\Chloe\Desktop\MXitPC282125473161739.msi
[2009/03/28 13:54:27 | 00,303,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/28 13:53:46 | 00,303,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090328-135427.backup
[2009/03/28 13:53:16 | 00,303,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090328-135346.backup
[2009/03/28 13:44:04 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Chloe\Desktop\Spybot - Search & Destroy.lnk
[2009/03/28 13:36:29 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Chloe\Desktop\SpybotSD.exe
[2009/03/28 10:59:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/27 18:48:16 | 00,009,216 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\Folder.jpg
[2009/03/27 18:48:16 | 00,009,216 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{218613AA-E964-4404-8301-0DD48639663A}_Large.jpg
[2009/03/27 18:48:16 | 00,000,290 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\desktop.ini
[2009/03/27 18:48:14 | 00,002,325 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArtSmall.jpg
[2009/03/27 18:48:14 | 00,002,325 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{218613AA-E964-4404-8301-0DD48639663A}_Small.jpg
[2009/03/27 18:43:33 | 02,878,577 | ---- | M] () -- C:\Documents and Settings\Chloe\My Documents\love story karaoke.wma
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/22 10:34:03 | 08,386,856 | ---- | M] () -- C:\Documents and Settings\Chloe\My Documents\decode paramore.mp3
[2009/03/22 10:29:55 | 00,008,293 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{980A77D0-5D89-4CE3-B01C-67E8C6C2AA52}_Large.jpg
[2009/03/22 10:29:53 | 00,002,223 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\AlbumArt_{980A77D0-5D89-4CE3-B01C-67E8C6C2AA52}_Small.jpg
[2009/03/22 09:54:57 | 00,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/21 15:12:41 | 00,036,864 | -HS- | M] () -- C:\Documents and Settings\Chloe\My Documents\Thumbs.db
[2009/03/21 14:39:04 | 00,011,190 | ---- | M] () -- C:\Documents and Settings\Chloe\My Documents\cat-mouse-bunny-dog-795816[1].jpg
[2009/03/21 13:45:34 | 00,101,667 | ---- | M] () -- C:\Documents and Settings\Chloe\My Documents\me2[1].jpg
[2009/03/21 13:05:35 | 00,182,022 | ---- | M] () -- C:\Documents and Settings\Chloe\My Documents\m.bmp
[2009/03/21 10:48:07 | 01,282,636 | ---- | M] () -- C:\Documents and Settings\Chloe\My Documents\Untitled-2.psd
[2009/03/09 23:25:15 | 00,000,986 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/03/09 23:04:43 | 00,010,836 | ---- | M] () -- C:\WINDOWS\ePrompter.ini
< End of report >
-----------------------------------------------------------------------------------------------------



And here is the most information I could save from GMERT before my computer restarts again, NOTE: it is incomplete:

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-03 17:18:22
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF68F4576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF68F4432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF68F4910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF68F400A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF68F450C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF68F3F4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF68F3FAE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF68F462C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF68F45EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF68F476C]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[548] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[548] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Antivirus@Sources avast!?Antivirus?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Antivirus@File %SystemRoot%\system32\config\Antivirus.Evt
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Antivirus@PrimaryModule Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Antivirus@MaxSize 10485760
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Antivirus@RestrictGuestAccess 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Antivirus@Retention 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.info\www@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hq-codec.net@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcboo.com\@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nmextensions.com@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tizscali.it@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tizscali.it\www
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tizscali.it\www@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unto.it
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unto.it@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unto.it\www
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unto.it\www@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\asntivir.de@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\asntivir.de\www
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\asntivir.de\www@* 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.93_x-ww_0eeb39a3\downlevel_manifest.8.0.50727.93@
Reg HKLM\SOFTWARE\Classes\CLSID\@ DAO.User
Reg HKLM\SOFTWARE\Classes\CLSID\
Reg HKLM\SOFTWARE\Classes\CLSID\@ C:\WINDOWS\SYSTEM\DAO2516.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\
Reg HKLM\SOFTWARE\Classes\CLSID\@ DAO.User
Reg HKLM\SOFTWARE\Classes\CLSID\{CDC70043-D56B-3799-B7BD-6113BBCA160A}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\CLSID\{CDC70043-D56B-3799-B7BD-6113BBCA160A}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\CLSID\{CDC70043-D56B-3799-B7BD-6113BBCA160A}\InprocServer32\2.0.0.0@Assembly mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{CDC70043-D56B-3799-B7BD-6113BBCA160A}\InprocServer32\2.0.0.0@Class System.MissingMemberException
Reg HKLM\SOFTWARE\Classes\Installer\Assemblies\@LU1AS09_002L2,Version="1.0.2518.21301",Culture="neutral",ProcessorArchitecture="MSIL" B@d^@s)Kz@XqXQI&qdtU>C01FNW~FlAF1fUt6EIAN?
----------------------------------------------------------------------------------------------



Thanks :thumbup2:

#8 Chloecatgirl

Chloecatgirl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Forks WA
  • Local time:06:33 PM

Posted 04 April 2009 - 05:11 AM

My computer crashed and each time I tried to turn it on it gave me the BSOD with the following message:

-----------------------------------------
***STOP: 0x00000024, (0X001902FE, 0XF7BE7BO8, 0XF7BE7804, 0XF83F274F)

Ntfs.sys address F83F274F base at F83CA000

DATESTAMP: 41107eea

-------------------------------------

I am now running my pc in safe mode with networking, I cant run it normally because it will give me the msg above.


:thumbup2: :)

help!

thanks

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:33 AM

Posted 04 April 2009 - 11:21 AM

Here's the good news. I don't think that you have a malware problem. Bad news is, you may have a hard drive problem.

From safe mode, click Start -> Run -> chkdsk /r

Let me know how it goes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:33 AM

Posted 28 April 2009 - 05:00 PM

Unfortunately there has been no response. :thumbup2:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================
Back to Virus, Trojan, Spyware, and Malware Removal Assistance


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Assistance
  4. Privacy Policy
  5. Rules ·