Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hotmail and few other websites shows blank page !!!, Certain websites do not load !!!


  • This topic is locked This topic is locked
6 replies to this topic

#1 chins.coolstuff

chins.coolstuff

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 06 July 2009 - 07:33 PM

Hi guys,

I have a problem with my Win XP SP2 which seems to be very common as I have come across a lot of searches on the same. My issue is that sites like Hotmail, Orkut and some others open up buty when I enter the credentials, I end up getting a blank page may it be with IE or firefox. I have also used the latest IE 8 but no use. I have run the latest Spybot Search and Destroy 1.6.6 and removed the detections in safe mode but still the same issue. I am using the latest BitDefender and have scanned the whole machine and removed infections but still no use. I ran the latest HijackThis version 2.0.2 and have generated a log file which I wanted to post here so that I can get some help.

Below is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:33 PM, on 06/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bhatt\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O1 - Hosts: 64.4.20.174 hotmail.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [lphc1l0j0e7cr] C:\WINDOWS\system32\lphc1l0j0e7cr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [A00F26C500F.exe] C:\DOCUME~1\Bhatt\LOCALS~1\Temp\_A00F26C500F.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Shortcut to hariprasad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.hrms.cadilapharma.co.in
O15 - Trusted Zone: www.hotmail.com
O15 - Trusted Zone: http://mail.live.com
O15 - Trusted Zone: http://www.wfg-online.com
O15 - Trusted IP range: http://192.168.1.1
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/29a9813428b9d9...ip/RdxIE601.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.carpages.ca/js/aurigma/resource...geUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181510345386
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab?
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{F51972E6-CB47-4ABB-AB24-9D76030E7337}: NameServer = 206.248.154.22,206.248.154.170
O21 - SSODL: SrvGen - {1F21957C-4D5A-3B5A-80A3-090AF0D9C993} - (no file)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: (no name) - http://gfx2.hotmail.com/bgcolor.gif
O24 - Desktop Component 1: (no name) - http://l.yimg.com/a/i/ca/sp/purple/fp_spt_1px_0.0.3.png

--
End of file - 8526 bytes

Below is the ComboFix log:

ComboFix 09-07-06.02 - Bhatt 06/07/2009 20:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.335 [GMT -4:00]
Running from: c:\documents and settings\Bhatt\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT
c:\windows\Installer\222e02.msi
c:\windows\system32\img_utils.dll
c:\windows\system32\imgscaler.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\Sysvxd.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-06 22:34 . 2009-07-06 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 22:34 . 2009-07-06 22:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-06 21:33 . 2009-07-06 21:36 -------- dc-h--w- c:\windows\ie8
2009-07-06 18:07 . 2009-07-06 18:07 -------- d-----w- c:\program files\Zealot Software
2009-07-06 18:07 . 2003-05-22 17:27 620094 ----a-w- c:\windows\system32\divx.dll
2009-07-04 13:50 . 2009-07-04 16:05 152576 ----a-w- c:\documents and settings\Bhatt\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-03 23:57 . 2009-07-03 23:57 -------- d-----w- c:\documents and settings\Administrator.MAINPC\Application Data\BitDefender
2009-07-01 22:14 . 2009-07-06 04:29 -------- d-----w- c:\temp\msn
2009-07-01 22:13 . 2009-07-01 22:13 -------- d-----w- c:\documents and settings\Bhatt\Application Data\BitDefender
2009-07-01 22:12 . 2009-07-01 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-07-01 22:12 . 2009-07-01 22:12 -------- d-----w- c:\program files\BitDefender
2009-07-01 22:10 . 2009-07-01 22:12 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-30 20:19 . 2009-06-30 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-06-30 12:06 . 2001-08-17 17:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-06-30 00:47 . 2004-08-04 04:56 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-24 17:39 . 2009-06-24 17:39 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-24 17:35 . 2009-06-24 17:36 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-24 17:35 . 2009-06-24 17:35 -------- d-----w- c:\windows\system32\LogFiles
2009-06-14 03:31 . 2009-06-14 03:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-13 16:39 . 2009-06-13 16:39 -------- d-sh--w- c:\documents and settings\Bhatt\IECompatCache
2009-06-13 16:39 . 2009-06-13 16:39 -------- d-----w- C:\Online serials
2009-06-13 16:39 . 2009-06-13 16:39 -------- d-----w- C:\BAPS
2009-06-13 16:38 . 2009-06-13 16:38 -------- d-sh--w- c:\documents and settings\Bhatt\PrivacIE
2009-06-13 16:35 . 2009-06-13 16:35 -------- d-sh--w- c:\documents and settings\Bhatt\IETldCache
2009-06-12 22:31 . 2009-06-14 00:35 -------- d-----w- c:\documents and settings\Bhatt\Application Data\MSN6
2009-06-12 22:31 . 2009-06-12 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 21:16 . 2006-09-02 23:48 -------- d-----w- c:\documents and settings\Bhatt\Application Data\Azureus
2009-07-04 20:25 . 2006-05-22 16:59 26672 -c--a-w- c:\documents and settings\Bhatt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 19:49 . 2006-05-22 16:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-04 16:07 . 2006-09-02 23:37 -------- d-----w- c:\program files\Java
2009-07-02 19:32 . 2008-02-20 17:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-02 18:52 . 2008-02-20 17:36 -------- d-----w- c:\program files\Spyware Doctor
2009-07-02 10:48 . 2007-05-06 01:52 -------- d-----w- c:\program files\LogMeIn
2009-07-01 12:58 . 2009-04-13 23:29 -------- d-----w- c:\program files\Vuze
2009-06-30 20:20 . 2008-10-10 22:24 -------- d-----w- c:\program files\HP
2009-05-21 15:33 . 2009-04-15 00:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-07 15:44 . 2008-10-03 14:31 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 09:58 . 2008-10-03 14:30 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-04 04:56 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 00:30 . 2009-04-15 00:30 152576 -c--a-w- c:\documents and settings\Bhatt\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2004-03-11 17:27 . 2006-05-22 16:59 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2008-05-23 18:10 . 2008-05-23 18:10 34816 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[-] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe
[-] 2004-08-04 04:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[-] 2004-08-04 04:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2004-08-04 04:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll

[-] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ws2_32.dll
[-] 2004-08-04 04:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[-] 2004-08-04 04:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2004-08-04 03:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe
[-] 2004-08-04 04:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[-] 2004-08-04 04:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe

[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
[-] 2004-08-04 03:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-04 03:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys
[-] 2004-08-04 03:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-04 03:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-04 04:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\explorer.exe

[-] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe
[-] 2004-08-04 04:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[-] 2004-08-04 04:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe

[-] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe
[-] 2004-08-04 04:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[-] 2004-08-04 04:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-04 04:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\spoolsv.exe

[-] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe
[-] 2004-08-04 04:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[-] 2004-08-04 04:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe

[-] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\termsrv.dll
[-] 2004-08-04 04:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[-] 2004-08-04 04:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll

[-] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\powrprof.dll
[-] 2004-08-04 04:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[-] 2004-08-04 04:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll

[-] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\imm32.dll
[-] 2004-08-04 04:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[-] 2004-08-04 04:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll

[-] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sfcfiles.dll
[-] 2004-08-04 04:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 04:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\dllcache\sfcfiles.dll

[-] 2004-08-04 07:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\appmgmts.dll
[-] 2004-08-04 04:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll
[-] 2004-08-04 04:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\dllcache\appmgmts.dll

[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\kbdclass.sys
[-] 2004-08-04 02:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-05-23 622592]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-05-23 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 22:47 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardDrv"=3 (0x3)
"RSVP"=3 (0x3)
"ose"=3 (0x3)
"dmadmin"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitDefender\\BitDefender 2009\\seccenter.exe"=

R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [15/05/2008 2:19 PM 80392]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [21/06/2007 7:36 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [21/06/2007 7:36 PM 47640]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [22/05/2008 11:17 AM 113288]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [22/05/2008 8:49 PM 100616]
S1 mchInjDrv;madCodeHook DLL injection driver;\??\c:\windows\system32\Drivers\mchInjDrv.sys --> c:\windows\system32\Drivers\mchInjDrv.sys [?]
S2 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [23/05/2008 12:48 PM 118784]
S2 copylock;Copylock NT Driver;\??\c:\windows\System32\copylock.sys --> c:\windows\System32\copylock.sys [?]
S3 ati2mpaa;ati2mpaa;c:\windows\system32\drivers\ati2mpaa.sys [22/05/2006 8:25 AM 281856]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [20/02/2008 1:36 PM 747912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-07-06 19:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-lphc1l0j0e7cr - c:\windows\system32\lphc1l0j0e7cr.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
SSODL-SrvGen-{1F21957C-4D5A-3B5A-80A3-090AF0D9C993} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cadilapharma.co.in\www.hrms
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\mail
Trusted Zone: wfg-online.com\www
TCP: {F51972E6-CB47-4ABB-AB24-9D76030E7337} = 206.248.154.22,206.248.154.170
FF - ProfilePath - c:\documents and settings\Bhatt\Application Data\Mozilla\Firefox\Profiles\07wuwq91.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 20:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-07-07 20:20
ComboFix-quarantined-files.txt 2009-07-07 00:20

Pre-Run: 17,809,920,000 bytes free
Post-Run: 17,859,338,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

304 --- E O F --- 2009-07-06 22:01


One more info, when I try to open any microsoft sites like "http://go.microsoft.com/fwlink/?LinkId=69157" which may have some solution in the log, it redirects to www.msn.com.

I would appreciate if someone can help me on this.

Regards.

Edited by Orange Blossom, 08 July 2009 - 11:22 PM.
Fix BB code. ~ OB


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:06 AM

Posted 14 July 2009 - 12:02 PM

Hello chins.coolstuff,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 chins.coolstuff

chins.coolstuff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 21 July 2009 - 01:02 AM

Actually I removed BitDefender AV suite and the sites started working again. Thanks for the help anyways.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,903 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:06 AM

Posted 21 July 2009 - 10:24 PM

Hello chins.coolstuff,

Please be aware that malware causes many issues and that just because symptoms disappear does not mean that the infection is gone.

I see that you have posted a topic here: http://www.bleepingcomputer.com/forums/t/243198/task-manager-has-been-disabled/ Does that topic concern the same computer?

Regardless, I would strongly suggest following teacup's instructions, particularly since I see that you have run Combofix.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 chins.coolstuff

chins.coolstuff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 21 July 2009 - 11:13 PM

Hi,

Actually I won't have access to that computer for a few days. I would let you know once I do and would like to make sure that the system is completely clean.

Thanks once again.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,903 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:06 AM

Posted 21 July 2009 - 11:17 PM

You didn't answer my question. Does the other topic concern the same computer? Please answer yes or no.

Orange Blossom ~ forum moderator
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:06 AM

Posted 24 July 2009 - 10:27 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users