Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just a small question


  • This topic is locked This topic is locked
4 replies to this topic

#1 WolfBlitzer0908

WolfBlitzer0908

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 01 April 2009 - 12:33 AM

Hi techies,

I have a question about my HJT log. I don't appear to have any malware; I have just done a fresh install of my OS, and I have plenty of anti-malware programs on my PC that I run weekly, if not more. But in my HJT logs, under services, there are a few entries that have an UNKNOWN USER appendage, and I've tried deleting those entries via HJT, but they come back after every reboot. I've looked for these files on my HDD, but they aren't there. I've also looked through SERVICES.MSC, and haven't found anything. Here is my HJT Log,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:44 AM, on 4/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\mdm.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/betaactivesca...s/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DUUUYESO - Unknown owner - C:\Users\PENGUI~1\AppData\Local\Temp\DUUUYESO.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HWVKO - Unknown owner - C:\Users\PENGUI~1\AppData\Local\Temp\HWVKO.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LQM - Unknown owner - C:\Users\PENGUI~1\AppData\Local\Temp\LQM.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SODTCZBDRSZ - Unknown owner - C:\Users\PENGUI~1\AppData\Local\Temp\SODTCZBDRSZ.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8358 bytes


These random number/letter services kind of alarm me, I've searched them up on Google and Yahoo, but found nothing, so these are obviously randomized names. Again, I delete them via HJT, but they come back after each reboot. But they always come back with the same names. Any help is appreciated.

Thanks in advance,
Tony G

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:20 PM

Posted 08 April 2009 - 05:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 WolfBlitzer0908

WolfBlitzer0908
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 11 April 2009 - 01:49 AM

Thanks for responding. Here is my DDS log...


DDS (Ver_09-03-16.01) - NTFSx86
Run by Penguinitos at 2:31:36.07 on Sat 04/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3454.2450 [GMT -4:00]

FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\bgsvcgen.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\hp\kbd\kbd.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Users\Penguinitos\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/betaactivescan/cabs/as2stubie.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238224881635&h=30f48c3495704170763536e5f6818afc/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\pengui~1\appdata\roaming\mozilla\firefox\profiles\54jnevpb.default\
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-26 28544]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-25 108560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-25 28688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S4 DUUUYESO;DUUUYESO;c:\users\pengui~1\appdata\local\temp\duuuyeso.exe --> c:\users\pengui~1\appdata\local\temp\DUUUYESO.exe [?]
S4 HWVKO;HWVKO;c:\users\pengui~1\appdata\local\temp\hwvko.exe --> c:\users\pengui~1\appdata\local\temp\HWVKO.exe [?]
S4 LQM;LQM;c:\users\pengui~1\appdata\local\temp\lqm.exe --> c:\users\pengui~1\appdata\local\temp\LQM.exe [?]
S4 SODTCZBDRSZ;SODTCZBDRSZ;c:\users\pengui~1\appdata\local\temp\sodtczbdrsz.exe --> c:\users\pengui~1\appdata\local\temp\SODTCZBDRSZ.exe [?]

=============== Created Last 30 ================

2009-04-04 21:21 <DIR> --d----- c:\program files\Virtual Earth 3D
2009-04-04 20:29 <DIR> --d----- c:\program files\Neo's SafeKeys
2009-04-04 20:28 73,216 a------- c:\windows\ST6UNST.EXE
2009-04-04 20:28 286,720 -------- c:\windows\Setup1.exe
2009-04-02 10:58 331 a------- c:\windows\doom3.ini
2009-04-02 10:55 <DIR> --d----- c:\program files\Doom 3
2009-04-02 00:30 <DIR> --d----- c:\program files\UnrealTournament
2009-04-01 14:35 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-01 05:28 <DIR> --d----- c:\program files\Ares
2009-03-30 05:24 <DIR> --d----- c:\program files\VideoLAN
2009-03-30 03:40 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-03-30 03:25 <DIR> --d----- c:\program files\Pismo File Mount Audit Package
2009-03-28 09:43 4,546 a------- c:\users\penguinitos\3.reg
2009-03-28 05:25 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-28 03:22 <DIR> --d----- c:\users\penguinitos\.housecall6.6
2009-03-28 03:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-27 05:52 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-27 05:51 <DIR> --d----- c:\users\pengui~1\appdata\roaming\HouseCall 6.6
2009-03-27 05:51 <DIR> --d----- c:\windows\system32\HouseCall 6.6
2009-03-27 03:55 <DIR> --d----- c:\program files\Return Fire
2009-03-27 00:45 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-03-26 20:28 553 a------- c:\windows\USetup.iss
2009-03-26 20:26 4,874,240 a------- c:\windows\RtHDVCpl.exe
2009-03-26 20:26 2,047,576 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-03-26 20:26 1,191,936 a------- c:\windows\RtlUpd.exe
2009-03-26 20:26 636,416 a------- c:\windows\system32\RtkPgExt.dll
2009-03-26 20:26 532,480 a------- c:\windows\system32\RTSndMgr.cpl
2009-03-26 20:26 315,392 a------- c:\windows\HideWin.exe
2009-03-26 20:23 <DIR> --d----- c:\users\pengui~1\appdata\roaming\WinBatch
2009-03-26 20:03 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-03-26 20:03 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-03-26 20:03 <DIR> --d----- c:\users\pengui~1\appdata\roaming\SUPERAntiSpyware.com
2009-03-26 20:03 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-26 20:02 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-26 19:54 <DIR> --d----- C:\fsaua.data
2009-03-26 19:48 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-03-26 19:48 <DIR> --d----- c:\program files\Panda Security
2009-03-26 19:22 61,541,673 a------- c:\windows\system32\ERVJS
2009-03-26 19:10 0 a------- c:\windows\system32\AWZB
2009-03-26 05:36 <DIR> --d----- c:\program files\MSECACHE
2009-03-26 05:30 <DIR> --d----- c:\users\pengui~1\appdata\roaming\MiniDm
2009-03-26 04:32 <DIR> --d----- c:\program files\Microsoft Research
2009-03-26 04:16 <DIR> --d----- c:\program files\Canon
2009-03-26 04:15 <DIR> --d----- c:\program files\common files\Canon
2009-03-26 03:02 <DIR> --d----- c:\users\pengui~1\appdata\roaming\CoreFTP
2009-03-26 03:00 <DIR> --d----- c:\program files\CoreFTP
2009-03-26 02:59 <DIR> --d----- c:\users\pengui~1\appdata\roaming\Any Video Converter
2009-03-26 02:59 <DIR> --d----- c:\program files\Any Video Converter
2009-03-26 02:28 126 a------- c:\windows\mdm.ini
2009-03-26 02:28 535 a------- c:\windows\ODBCINST.INI
2009-03-26 02:28 288 a------- c:\windows\ODBC.INI
2009-03-26 02:27 62 a------- c:\windows\VBAddin.INI
2009-03-26 02:27 1,273 a------- c:\windows\VB.INI
2009-03-26 02:26 <DIR> --d----- c:\program files\Web Publish
2009-03-26 02:26 <DIR> --d----- c:\windows\msapps
2009-03-26 01:18 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-03-26 01:01 22,132 a------- c:\users\penguinitos\2.reg
2009-03-26 00:43 32,592 a------- c:\windows\system32\msonpmon.dll
2009-03-26 00:40 <DIR> --d----- c:\windows\PCHEALTH
2009-03-26 00:38 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-03-26 00:34 <DIR> --d----- c:\programdata\Microsoft Help
2009-03-26 00:11 <DIR> --d----- c:\users\pengui~1\appdata\roaming\LEAPS
2009-03-26 00:05 <DIR> --d----- c:\users\pengui~1\appdata\roaming\Pegasys Inc
2009-03-26 00:01 145,504 a------- c:\windows\system32\bgsvcgen.exe
2009-03-26 00:01 59,488 a------- c:\windows\system32\GenSvcInst.exe
2009-03-26 00:01 33,408 a------- c:\windows\system32\drivers\CDRBSDRV.SYS
2009-03-26 00:00 <DIR> --d----- c:\program files\Pegasys Inc
2009-03-25 23:51 <DIR> --d----- c:\users\pengui~1\appdata\roaming\Nik Software
2009-03-25 21:38 34,364 a------- c:\users\penguinitos\cc1.reg
2009-03-25 21:36 <DIR> --d----- c:\windows\pss
2009-03-25 21:28 <DIR> --d----- c:\program files\PhotomatixPro3
2009-03-25 21:21 90,112 a------- c:\windows\unvise32.exe
2009-03-25 21:17 <DIR> --d----- c:\program files\DFT Licenses
2009-03-25 20:56 <DIR> --d----- c:\users\pengui~1\appdata\roaming\Mask Pro 4.0
2009-03-25 20:55 <DIR> --d----- c:\programdata\onOne Software
2009-03-25 20:55 <DIR> --d----- c:\progra~2\onOne Software
2009-03-25 20:54 <DIR> --d----- c:\users\pengui~1\appdata\roaming\onOne Software
2009-03-25 20:52 227,840 a------- c:\windows\system32\Deco_32.dll
2009-03-25 20:52 <DIR> --d----- c:\program files\onOne Software
2009-03-25 20:45 <DIR> --d----- c:\windows\MSSecurityNS
2009-03-25 20:45 <DIR> --d----- c:\windows\MSSecurityNi
2009-03-25 20:31 <DIR> --d----- c:\programdata\VertusTech
2009-03-25 20:31 <DIR> --d----- c:\progra~2\VertusTech
2009-03-25 20:31 <DIR> --d----- c:\program files\Vertus Fluid Mask 3
2009-03-25 20:23 <DIR> --d----- c:\program files\Alien Skin
2009-03-25 19:41 <DIR> --d----- c:\programdata\FLEXnet
2009-03-25 19:23 <DIR> --d----- c:\programdata\ALM
2009-03-25 19:23 <DIR> --d----- c:\progra~2\ALM
2009-03-25 19:15 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-03-25 18:53 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-03-25 13:54 <DIR> --d-h--- c:\windows\system32\Microsoft_
2009-03-25 13:36 <DIR> --d--r-- c:\users\penguinitos\Projects
2009-03-25 13:29 <DIR> --d----- c:\program files\CCleaner
2009-03-25 13:17 <DIR> --d----- c:\program files\TabIt
2009-03-25 13:08 <DIR> --d----- c:\program files\Trend Micro
2009-03-25 12:59 <DIR> --d----- c:\programdata\DVD Shrink
2009-03-25 12:59 <DIR> --d----- c:\program files\DVD Shrink
2009-03-25 12:56 <DIR> --d----- c:\users\pengui~1\appdata\roaming\Malwarebytes
2009-03-25 12:56 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-25 12:56 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 12:56 <DIR> --d----- c:\programdata\Malwarebytes
2009-03-25 12:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 12:56 <DIR> --d----- c:\progra~2\Malwarebytes
2009-03-25 12:52 <DIR> --d----- C:\Sandbox
2009-03-25 12:29 <DIR> --d----- c:\program files\PowerISO
2009-03-25 12:29 2,002 a------- c:\windows\Sandboxie.ini
2009-03-25 12:29 <DIR> --d----- c:\program files\Sandboxie
2009-03-25 11:13 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-03-25 11:13 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-25 11:13 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-03-25 10:03 <DIR> --d----- c:\program files\uTorrent
2009-03-25 10:03 <DIR> --d----- c:\users\pengui~1\appdata\roaming\uTorrent
2009-03-25 09:56 155,384 a------- c:\windows\system32\guard32.dll
2009-03-25 09:56 108,560 a------- c:\windows\system32\drivers\cmdguard.sys
2009-03-25 09:56 28,688 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-03-25 09:56 <DIR> --d----- c:\programdata\Comodo
2009-03-25 09:56 <DIR> --d----- c:\progra~2\Comodo
2009-03-25 09:56 <DIR> --d----- c:\program files\COMODO
2009-03-25 09:55 6,895 a------- c:\windows\system32\Config.MPF
2009-03-25 09:55 143,360 a------- c:\windows\system32\dunzip32.dll
2009-03-25 09:53 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 09:53 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 09:53 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 09:53 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 09:53 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-25 09:53 125,728 a------- c:\windows\system32\drivers\Mpfp.sys
2009-03-25 09:53 <DIR> --d----- c:\program files\McAfee.com
2009-03-25 09:53 <DIR> --d----- c:\program files\common files\McAfee
2009-03-25 09:53 <DIR> --d----- c:\program files\McAfee
2009-03-25 09:50 <DIR> --d----- c:\programdata\McAfee
2009-03-25 04:42 <DIR> --d----- c:\windows\system32\oem
2009-03-25 03:10 <DIR> --d----- c:\programdata\NVIDIA
2009-03-25 02:33 1,732 a------- c:\windows\system32\drivers\nvphy.bin
2009-03-25 02:24 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-25 02:24 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-25 02:24 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-25 02:24 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-25 02:24 11,264 a------- c:\windows\system32\icardres.dll
2009-03-25 02:24 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-25 02:24 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-25 02:24 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-25 02:19 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-25 02:19 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-25 02:19 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-25 02:19 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-25 02:19 83,968 a------- c:\windows\system32\mscories.dll
2009-03-25 02:18 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-25 02:16 147,456 a------- c:\windows\system32\Faultrep.dll
2009-03-25 02:16 125,952 a------- c:\windows\system32\wersvc.dll
2009-03-25 02:16 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-03-25 02:15 296,960 a------- c:\windows\system32\gdi32.dll
2009-03-25 02:15 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-03-25 02:15 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-03-25 02:15 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-03-25 02:15 428,544 a------- c:\windows\system32\EncDec.dll
2009-03-25 02:15 217,088 a------- c:\windows\system32\psisrndr.ax
2009-03-25 02:15 293,376 a------- c:\windows\system32\psisdecd.dll
2009-03-25 02:15 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-03-25 02:15 80,896 a------- c:\windows\system32\MSNP.ax
2009-03-25 02:15 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-03-25 02:15 1,695,744 a------- c:\windows\system32\gameux.dll
2009-03-25 02:15 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-03-25 02:13 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-25 02:13 1,645,568 a------- c:\windows\system32\connect.dll
2009-03-25 02:12 2,868,736 a------- c:\windows\system32\mf.dll
2009-03-25 02:12 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-03-25 02:12 94,720 a------- c:\windows\system32\logagent.exe
2009-03-25 02:12 1,314,816 a------- c:\windows\system32\quartz.dll
2009-03-25 02:12 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-25 02:12 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2009-03-25 02:07 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-25 02:00 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-03-25 02:00 83,456 a------- c:\windows\system32\wudriver.dll
2009-03-25 02:00 162,064 a------- c:\windows\system32\wuwebv.dll
2009-03-25 02:00 31,232 a------- c:\windows\system32\wuapp.exe
2009-03-25 01:58 1,829 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_RK573AA-ABA a1710n_YC_0Pavi_QCNH706_E71NAv3PrA3_49_INODUSM3_SASUSTek Computer INC._V1.05_B5.04_T061215_WUH1_L409_M3454_J320_7AMD_8Athlon 64 X2 Dual Core_92.2_#070417_N10DE0269_Z14F12F20_G10DE0241.MRK
2009-03-25 01:49 <DIR> --d----- C:\PerfLogs
2009-03-25 01:24 152,576 a------- c:\windows\system32\SPWizUI.dll
2009-03-25 01:24 47,560 a------- c:\windows\system32\SPReview.exe
2009-03-25 01:17 193,024 a------- c:\windows\system32\recdisc.exe
2009-03-25 01:17 6,656 a------- c:\windows\system32\sdspres.dll
2009-03-25 01:15 4,595,712 a------- c:\windows\system32\AuthFWSnapin.dll
2009-03-25 01:13 44,032 a------- c:\windows\system32\cbsra.exe
2009-03-25 01:12 196,608 a------- c:\windows\SPInstall.etl
2009-03-25 00:58 44 a------- c:\windows\system\hpsysdrv.dat
2009-03-25 00:54 <DIR> --d----- c:\users\Penguinitos
2009-03-25 00:51 <DIR> --dsh--- c:\programdata\Documents
2009-03-25 00:51 <DIR> --dsh--- C:\Documents and Settings

==================== Find3M ====================

2009-03-28 03:00 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-28 03:00 51,200 a------- c:\windows\inf\infpub.dat
2009-03-26 20:26 86,016 a------- c:\windows\inf\infstor.dat
2009-03-26 20:26 319,456 a------- c:\windows\DIFxAPI.dll
2009-03-25 03:05 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-25 01:58 174 a--sh--- c:\program files\desktop.ini
2009-03-25 01:30 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-03-25 01:30 82,432 a------- c:\windows\system32\axaltocm.dll
2009-03-08 07:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 07:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 07:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 07:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 07:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 07:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 07:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 07:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 07:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 07:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 07:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 07:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 07:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 07:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 07:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 07:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 07:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 07:22 156,160 a------- c:\windows\system32\msls31.dll
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 2:32:43.54 ===============


Again, all of my scanners (McAfee, Spybot, Malwarebyte's, SuperAntiSpyware all show nothing.

#4 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:03:20 AM

Posted 11 April 2009 - 09:27 AM

Hello, WolfBlitzer0908

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.


You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



You have got a couple of bad drivers on board but they are not running. Let's do this:

Run Batch

Open Notepad and copy and paste the following:

@echo off
sc delete DUUUYESO
sc delete HWVKO
sc delete LQM
sc delete SODTCZBDRSZ
del "c:\users\penguinitos\application data\local\temp\DUUUYESO.exe"
del "c:\users\penguinitos\application data\local\temp\hwvko.exe"
del "c:\users\penguinitos\application data\local\temp\lqm.exe"
del "c:\users\penguinitos\application data\local\temp\sodtczbdrsz.exe"\temp\SODTCZBDRSZ.exe"
del %0

Then click File, then Save. In the box type fix.bat and save it to your Desktop.
Double click fix.bat
A log will pop up, paste the contents of that in your next reply.
The file will delete itself.

ATF Cleaner

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

ReScan

Please rescan with DDS and post DDS.txt
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#5 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:03:20 AM

Posted 15 April 2009 - 05:02 AM

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please send me a message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users