Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


System Freeze after few minutes, never shutdown on shutdown sequence.

  • This topic is locked This topic is locked
4 replies to this topic

#1 NextTag


  • Members
  • 2 posts
  • Local time:12:49 AM

Posted 05 June 2009 - 10:47 AM

Hello Experts

I have been facing a peculiar problem with Windows XP SP-3 install on my computer.

1. System freeze after few minutes of normal working.
2. Cannot shutdown the windows, always need to pull out battery these days.

What i have done so far
1. No manual changes done, no deletions.
2. RUN the trend micro online scan for few hours. Posting the housecall log in attachments.
3. Run the HijackThis and GMER, no changes made as per suggestion.

###=========================changes made manually==============================

4. Few changes made in the following registry path:
HKLM\System\CurrentControlSet\Services\*****\Start value changed to HexaDecimal 4.
Above changes done to following drivers.

i Changer
ii i2omgmt
iii lbrtfdc
iv PCIDump

###=====================End of changes made manually==============================

Some files have been located in the location C:\Windows\system32\drivers\ with no signature certificates...

ativmc20.cod size 64,352 bytes
cxthsfs2.cty size 129,045 bytes
devcon.exe size 98,304 bytes
usbser_lowerflt.sys size 8,064 bytes
tiscfw.deb size 17,120 bytes
U3sHlpDr.sys size 7,423 bytes
SetupNetWorkService.exe size 20,480 bytes
Msft_Kernel_ccdcmb_01007.Wdf size 0 bytes
Msft_Kernel_ggsemc_01005.Wdf size 0 bytes
Msft_Kernel_HpqKbFiltr_01005.Wdf size 0 bytes

MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf size 0 btyes
MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf size 0 bytes

klopp.dat size 23,604 bytes
klin.dat size 91,700 bytes
klif.sys size 195,344 bytes
klick.dat size 85,860 bytes

There are following attachments
1. HijackThis Log
2. Process Mon Startup List Log
3. Housecall AU_Log->TmuSump.txt
4. Housecall Log (Please add extension .rar and extract.) Apologies in advance in case this is not permitted.
5. GMER logs rlog.log rootkit.log

What are my options, any suggestions and please guide me to deal with these bad codes.

Thank you.

Edited by NextTag, 06 June 2009 - 03:48 AM.

BC AdBot (Login to Remove)



#2 myrti



  • Malware Study Hall Admin
  • 33,681 posts
  • Gender:Female
  • Location:At home
  • Local time:08:19 PM

Posted 15 June 2009 - 04:05 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards _temp_
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 NextTag

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:49 AM

Posted 16 June 2009 - 12:29 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Ajay at 22:21:48.75 on Tue 06/16/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.183 [GMT -7:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4KC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\W-ibeda\HYFWClient\scheduler.exe
C:\Program Files\W-ibeda\HYFWClient\FCDBLog.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\W-ibeda\HYFWClient\FortiTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Documents and Settings\Ajay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer =
uInternet Settings,ProxyOverride = 10.*.*.*;*.bte.com;192.168.*.*;<local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: WebCallHelper Class: {4c54a71f-e05c-4d0a-8b24-7a823dc0f99e} - c:\windows\system32\WebCall.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SnapFlash Class: {a44cbb0b-c77d-4bf5-87cc-b4ee79ad1b7e} - c:\program files\common files\justdo\Jd2002.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: SYSTRAN Toolbar: {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ekeyMonitor] c:\program files\unitrust\bte ca\UniAgent.exe
uRun: [msnmsgr] "c:\progra~1\window~4\messen~1\msnmsgr.exe" /background
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [HYFWTray] "c:\program files\w-ibeda\hyfwclient\FortiTray.exe"
mRun: [Flashget] c:\program files\flashget\flashget.exe /min
mRun: [IPManager(ICEDOT STUDIO)] c:\program files\ipmanager\IPManager1.exe -hide
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\ajay\startm~1\programs\startup\btekil~1.lnk - c:\program files\unitrust\bte ca\BTEKillCert.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download Flash with Flash &Grabber - c:\progra~1\flashg~1\swfgrab.dll/iesave
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Save Flash with Flash Catcher - c:\program files\common files\justdo\IECatcher.DLL/FlashCatcher.htm
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: SYSTRAN Lookup - c:\program files\systran\6\\GUIres.dll/lookup.js
IE: SYSTRAN Translate - c:\program files\systran\6\\GUIres.dll/translate.js
IE: {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\common files\justdo\IECatcher.DLL/FlashCatcher.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: BTE IM - c:\program files\bte im\IMHelper.dll
AppInit_DLLs: TknManHK.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ajay\applic~1\mozilla\firefox\profiles\ssha9upt.default\
FF - component: c:\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-10-31 110096]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-12-28 195344]
R1 Tcpip2;TCP/IP Protocol Driver;c:\windows\system32\drivers\tcpip.sys [2004-8-4 361344]
R2 AVP;Kaspersky Anti-Virus 7.0;c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe [2008-2-8 227856]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-10 328992]
R2 U3sHlpDr;U3sHlpDr;c:\windows\system32\drivers\U3sHlpDr.sys [2009-5-31 7423]
R3 Fortidrv2;W-ibeda HYFWdrv Service;c:\windows\system32\drivers\fortidrv.sys [2007-8-23 22176]
R3 ft_vnic;W-ibeda network virtual adapter;c:\windows\system32\drivers\ftvnic.sys [2007-8-23 14496]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2009-2-22 88192]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
R3 Ma730VaA;MA730 Bluetooth Advanced Audio;c:\windows\system32\drivers\Ma730VaA.sys [2009-3-10 21851]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [2009-3-10 50522]
S2 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys [2007-8-23 96928]
S2 SystemLoader;System Loader;c:\windows\system32\SysLoader.exe [2009-2-22 172032]
S3 KAEGWTP;KAEGWTP;c:\docume~1\admini~1\locals~1\temp\KAEGWTP.exe [2009-6-5 371584]
S3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730Pt.sys [2009-3-10 103680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-3 19096]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PORTMON;PORTMON;\??\c:\documents and settings\ajay\desktop\sysinternalssuite\portmsys.sys --> c:\documents and settings\ajay\desktop\sysinternalssuite\PORTMSYS.SYS [?]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2009-4-22 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2009-4-22 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2009-4-22 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2009-4-22 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2009-4-22 98696]
S3 UsbKDev;USB eKey;c:\windows\system32\drivers\UsbKDev.sys [2009-4-19 26496]
S3 XLHASP;XLHASP;c:\windows\system32\drivers\XLHASP.sys [2009-4-6 3035136]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-3 194832]

=============== Created Last 30 ================

2009-06-14 21:40 1,936 a------- c:\windows\system32\drivers\PAGEDFRG.SYS
2009-06-14 21:40 12,568 a------- c:\windows\system32\drivers\PROCEXP113.SYS
2009-06-14 21:39 47,944 -------- c:\windows\system32\drivers\PROCMON20.SYS
2009-06-14 02:24 <DIR> --d----- c:\docume~1\ajay\applic~1\tor
2009-06-10 17:18 112,126 a------- C:\paper.dat
2009-06-10 17:17 12,036 a------- C:\~temp.dat
2009-06-10 00:06 <DIR> --d----- c:\program files\XP TCPIP Repair
2009-06-09 04:22 186,185 a------- C:\Oam2009_05_06_16_14_19.tra
2009-06-09 04:22 24,969 a------- C:\Oam2009_05_06_16_14_19.idx
2009-06-06 18:05 69,120 ac------ c:\windows\system32\dllcache\notepad.exe.orig
2009-06-06 15:03 3,254 a------- c:\windows\Notepad.ini
2009-06-05 07:43 5,445,920 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-05 07:43 85,400 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-05 07:43 61,216 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-06-05 07:43 9,872 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-06-03 23:56 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-06-03 23:55 <DIR> --d----- c:\documents and settings\ajay\.housecall6.6
2009-06-03 02:41 2 a------- C:\ajay.net
2009-06-03 02:30 <DIR> --d----- c:\program files\GNS3
2009-06-03 01:13 <DIR> --d----- c:\docume~1\ajay\applic~1\Malwarebytes
2009-06-03 01:13 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 01:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-03 01:13 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-03 01:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 00:31 <DIR> --d----- C:\DriveKey
2009-06-01 00:16 <DIR> --d----- c:\program files\LSoft Technologies
2009-05-31 23:26 <DIR> --d----- C:\Recover
2009-05-31 23:21 765 a------- c:\windows\ONFORMAT.INI
2009-05-31 23:21 341 a------- c:\windows\RECMGRUN.INI
2009-05-31 23:21 <DIR> --d----- c:\program files\RecvMngr
2009-05-31 23:20 3,455 a------- c:\windows\RECVCALL.INI
2009-05-31 22:39 7,423 a------- c:\windows\system32\drivers\U3sHlpDr.sys
2009-05-31 22:03 <DIR> --d----- c:\program files\Netac
2009-05-31 20:42 <DIR> --d----- c:\program files\Runtime Software
2009-05-31 13:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SWiSHMax2WorkFolder
2009-05-31 13:27 10 a------- c:\windows\system32\kr_done1
2009-05-31 13:10 90,112 a------- c:\windows\unvise32.exe
2009-05-31 13:10 <DIR> --d----- c:\program files\common files\SWiSHzone.com
2009-05-31 13:09 <DIR> --d----- c:\program files\SWiSH Max2
2009-05-30 23:05 <DIR> --d----- C:\runme
2009-05-30 23:03 0 a---h--- c:\windows\one.ini
2009-05-29 23:42 <DIR> --d----- c:\documents and settings\ajay\DoctorWeb
2009-05-29 00:01 <DIR> --d----- C:\conf-5
2009-05-25 12:18 <DIR> --d----- c:\documents and settings\ajay\dwhelper
2009-05-25 12:06 673,610 a------- c:\windows\unins000.exe
2009-05-25 12:06 2,177 a------- c:\windows\unins000.dat
2009-05-25 12:06 <DIR> --d----- c:\program files\common files\SourceTec
2009-05-25 11:52 <DIR> --d----- c:\windows\system32\Adobe
2009-05-25 11:49 <DIR> --d----- c:\program files\Wondershare
2009-05-25 11:43 <DIR> --d----- c:\program files\Flash Grabber
2009-05-25 11:06 <DIR> --d----- c:\program files\Neoretix
2009-05-24 03:51 295 a------- c:\windows\tcpseek.ini
2009-05-24 00:39 <DIR> --d----- C:\radio_Mohali3
2009-05-23 23:26 <DIR> --d----- c:\docume~1\ajay\applic~1\GetRightToGo
2009-05-21 10:57 5,120 a------- C:\Document Shortcut.shb
2009-05-20 03:03 86,016 a------- C:\printdsp-???v1.9.exe

==================== Find3M ====================

2009-05-11 00:48 61,044 a---h--- c:\windows\system32\mlfcache.dat
2009-04-28 23:05 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-28 23:05 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-28 10:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-27 08:04 57,344 a------- c:\windows\system32\devcon0.exe
2009-04-15 17:47 197 a------- C:\license.dat
2009-04-12 15:34 32,768 a------- c:\windows\system32\asteriskie.exe
2009-04-12 15:34 397,379 a------- c:\windows\system32\paqbonus.exe
2009-04-12 15:34 237,568 a------- c:\windows\system32\winping.exe

============= FINISH: 22:22:21.14 ===============

#4 Jat90


  • Members
  • 1,515 posts
  • Gender:Male
  • Location:United Kingdom
  • Local time:08:19 PM

Posted 18 June 2009 - 11:23 AM

Hello, NextTag

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.

Let's begin with ComboFix:


Please download ComboFix from one of these locations (If you already have it, delete it and download again):

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Note** ComboFix was designed only to be used under the supervision of a helper, not for general use.

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#5 Jat90


  • Members
  • 1,515 posts
  • Gender:Male
  • Location:United Kingdom
  • Local time:08:19 PM

Posted 24 June 2009 - 02:13 PM

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please send me a message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users