Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NTOSKRNL-HOOK Trojan Complete Removal!


  • This topic is locked This topic is locked
2 replies to this topic

#1 krsk

krsk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 11 June 2009 - 12:54 PM

Hi all,

I used ComboFix (CF) to remove this terrible trojans ntoskrnl-hook, kungsfictjlqjk.dll, and others that have given me problems for the last days till today when i landed on a forum that recommend CF. I have Mcafee AV and i have been going through all that which was post on the internet that i don't want to re-write here because it will not help.

After using CF which successfull maybe removed that malware, the log notepad file popup and after a few minutes, i got the Blue Screen Of Death (BSOD) as before and hard booted the machine again. It is likely that i have infections left over which i would need assistance on how to remove. The machine has not brought the BSOD for the last 2 hours. I was advised to post my log here so that i can be advise if i still have the trojans and on how to remove them.
Please help because i have really suffered with this trojan.

Below is the Log

ComboFix 09-06-10.02 - JHIT 06/11/2009 17:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.185 [GMT 3:00]
Running from: d:\private\Software\name.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\imquac.exe
c:\recycle\D-0-060-0000000000-1111111-2222222
c:\recycler\k-1-3542-4232123213-7676767-8888886
c:\documents and settings\JHIT\Application Data\wiaservg.log
c:\documents and settings\JHIT\Desktop\msg.txt
c:\recycle\D-0-060-0000000000-1111111-2222222\Desktop.ini
c:\recycler\k-1-3542-4232123213-7676767-8888886\Desktop.ini
c:\windows\system32\kungsfdlsbiwjc.dat
c:\windows\system32\kungsfictjlqjk.dll
c:\windows\system32\mdm.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsfckaorgrq


((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-11 10:13 . 2009-06-11 10:13 -------- d-----w- c:\windows\system32\scripting
2009-06-11 10:13 . 2009-06-11 10:13 -------- d-----w- c:\windows\l2schemas
2009-06-11 10:13 . 2009-06-11 10:13 -------- d-----w- c:\windows\system32\en
2009-06-11 10:13 . 2009-06-11 10:13 -------- d-----w- c:\windows\system32\bits
2009-06-11 10:11 . 2009-06-11 10:14 -------- d-----w- c:\windows\ServicePackFiles
2009-06-11 10:03 . 2009-06-11 10:03 -------- d-----w- c:\windows\EHome
2009-06-11 07:15 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 07:15 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 10:42 . 2009-06-09 10:46 87742 ----a-w- c:\windows\system32\drivers\c8559a1f.sys
2009-06-09 10:22 . 2009-06-10 21:21 70769 ----a-w- c:\windows\system32\SKYNETlog.dat
2009-06-09 09:49 . 2009-06-09 09:49 3371383 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-09 06:12 . 2009-06-09 06:12 -------- d-sh--w- c:\documents and settings\JHIT\IECompatCache
2009-06-08 23:51 . 2009-06-08 23:51 0 ----a-w- c:\windows\system32\drivers\5d4784d3.sys
2009-06-08 23:50 . 2009-06-08 23:50 69632 ----a-w- C:\jwrk.exe
2009-06-08 23:50 . 2009-06-08 23:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-08 23:49 . 2009-06-08 23:49 10240 ----a-w- C:\hrvxlvvf.exe
2009-06-08 23:48 . 2009-06-08 23:48 11264 --sha-w- c:\windows\283D6.exe
2009-06-08 22:23 . 2009-06-08 22:39 -------- d-----w- c:\program files\MagicISO
2009-06-08 08:08 . 2009-06-08 23:41 -------- d-----w- c:\documents and settings\JHIT\Application Data\BitTorrent
2009-06-08 08:08 . 2009-06-08 08:08 -------- d-----w- c:\documents and settings\JHIT\Local Settings\Application Data\DNA
2009-06-08 08:08 . 2009-06-08 08:08 -------- d-----w- c:\program files\DNA
2009-06-08 08:08 . 2009-06-11 14:09 -------- d-----w- c:\documents and settings\JHIT\Application Data\DNA
2009-06-08 08:08 . 2009-06-08 08:08 -------- d-----w- c:\program files\BitTorrent
2009-06-05 18:12 . 2009-06-05 18:12 -------- d-----w- c:\program files\Aimersoft
2009-05-29 16:56 . 2003-09-15 22:19 10240 ----a-w- c:\windows\system32\virport.dll
2009-05-28 07:05 . 2009-05-28 07:05 83456 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedBit\DAP\SDCondition.dll
2009-05-28 06:45 . 2009-05-28 06:45 3530776 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedBit\DAP\Offers\VA23_DAPSO.exe
2009-05-28 06:36 . 2009-05-28 06:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedBit
2009-05-28 06:36 . 2009-05-28 06:36 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-05-28 06:36 . 2009-05-28 06:45 -------- d-----w- c:\program files\DAP
2009-05-27 21:14 . 2009-06-03 19:49 164880 ---ha-w- c:\documents and settings\JHIT\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2009-05-27 21:09 . 2009-05-27 21:09 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-05-24 04:52 . 2009-05-24 04:52 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-05-15 05:38 . 2009-05-15 05:39 -------- d-----w- c:\program files\Total Video Converter
2009-05-13 15:45 . 2009-05-13 15:45 -------- d-----r- c:\program files\TypingMaster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 14:12 . 2009-06-11 12:15 117760 ----a-w- c:\documents and settings\JHIT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-11 13:40 . 2008-10-10 16:31 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-06-11 11:52 . 2009-06-11 11:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-06-11 11:52 . 2009-06-11 11:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-11 11:52 . 2009-06-11 11:52 -------- d-----w- c:\documents and settings\JHIT\Application Data\SUPERAntiSpyware.com
2009-06-11 11:51 . 2007-12-04 12:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-11 10:16 . 2007-09-26 11:39 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-11 09:20 . 2009-04-22 19:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-06-10 17:23 . 2007-11-30 09:51 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-09 10:47 . 2007-09-26 14:04 90112 ----a-w- c:\windows\DUMP733c.tmp
2009-06-09 09:50 . 2009-05-04 04:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-07 21:58 . 2008-08-12 12:19 -------- d-----w- c:\program files\TESTOUT
2009-05-26 10:20 . 2009-05-04 04:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 10:19 . 2009-05-04 04:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-24 04:51 . 2009-04-22 19:22 -------- d-----w- c:\program files\Google
2009-05-23 08:52 . 2009-04-18 10:21 -------- d-----w- c:\documents and settings\JHIT\Application Data\Skype
2009-05-18 18:05 . 2009-04-23 09:11 -------- d-----w- c:\documents and settings\JHIT\Application Data\MyPhoneExplorer
2009-05-15 15:28 . 2008-05-28 03:32 -------- d-----w- c:\program files\FinePixViewer
2009-05-13 05:15 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 17:50 . 2009-05-10 17:55 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-05-10 17:48 . 2006-10-19 00:04 -------- d-----w- c:\program files\Java
2009-05-07 15:32 . 2004-08-04 10:00 345600 ------w- c:\windows\system32\localspl.dll
2009-05-05 14:33 . 2009-05-05 12:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-05 14:17 . 2009-05-05 12:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-05-04 04:48 . 2009-05-04 04:48 -------- d-----w- c:\documents and settings\JHIT\Application Data\Malwarebytes
2009-05-04 04:48 . 2009-05-04 04:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-05-02 17:25 . 2009-05-02 17:24 -------- d-----w- c:\program files\MagicDisc
2009-04-29 19:08 . 2006-10-19 00:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-27 12:23 . 2007-09-26 11:47 65728 ----a-w- c:\documents and settings\JHIT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 10:39 . 2009-04-18 10:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-04-18 10:23 . 2009-04-18 10:23 -------- d-----w- c:\program files\Yahoo!
2009-04-18 10:20 . 2009-04-18 10:20 -------- d-----r- c:\program files\Skype
2009-04-18 10:20 . 2009-04-18 10:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-04-17 18:29 . 2009-04-17 18:23 -------- d-----w- c:\program files\Recovery for Exchange OST
2009-04-17 16:51 . 2006-10-19 00:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-17 12:26 . 2004-08-04 10:00 1847168 ------w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-18 14:55 . 2009-04-18 10:23 607472 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!\YUpdater\yupdater.exe
2001-05-24 09:59 . 2007-12-04 12:07 162304 ----a-w- c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"TypingSatellite"="c:\program files\TypingMaster\KBOOST.EXE" [2005-01-11 761856]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-05-28 2811392]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-09 289088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-11-08 528384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\JHIT\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-5-2 575488]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-2 113664]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2008-5-28 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\PROGRA~1\\TESTOUT\\Cmi\\Navigator.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S1 5d4784d3;5d4784d3;c:\windows\system32\drivers\5d4784d3.sys [6/9/2009 2:51 AM 0]
S2 gupdate1c9c381c33043cc;Google Update Service (gupdate1c9c381c33043cc);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 10:37 PM 133104]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 4:53 PM 55664]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qqengrxk

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0922162D-E289-17F9-6283-EAE70BDE63D2}]
c:\windows\system32:vcrt80.exe
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 19:22]

2009-06-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 19:36]

2009-06-11 c:\windows\Tasks\User_Feed_Synchronization-{10763856-7758-4295-8183-5108074FCDC1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: {9849ECE4-D56E-426E-86D6-725E31494CFF} = 212.88.97.67 212.88.97.20
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 17:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1352)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\JHIT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'explorer.exe'(2056)
c:\windows\system32\WININET.dll
c:\program files\TypingMaster\KBSatellite.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CF18557.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\progra~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
c:\progra~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
c:\progra~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
.
**************************************************************************
.
Completion time: 2009-06-11 17:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-11 14:32

Pre-Run: 14,101,876,736 bytes free
Post-Run: 14,020,780,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

242 --- E O F --- 2009-06-11 10:21

I will be very grateful for you kind help.

Cheers

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:38 AM

Posted 20 June 2009 - 05:30 PM

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are always
very busy and we do are best to keep up. If you no longer require any help could you let me no
please, so this topic can be closed.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


I would like to see another log.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:38 AM

Posted 24 June 2009 - 06:18 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users