Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootKit problem


  • This topic is locked This topic is locked
3 replies to this topic

#1 Azulen

Azulen

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 07 September 2009 - 03:59 AM

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-09-06 21:46:11
Windows 6.0.6001 Service Pack 3


---- System - GMER 1.0.15 ----

INT 0x51 ? 855AABF8
INT 0x51 ? 855AABF8
INT 0x51 ? 855AABF8
INT 0x51 ? 855AABF8
INT 0x51 ? 86C23BF8
INT 0x51 ? 855AABF8
INT 0x72 ? 86C23BF8
INT 0x82 ? 86C23BF8
INT 0x92 ? 86C23BF8
INT 0xB2 ? 855A9D98
INT 0xB2 ? 86C23BF8
INT 0xB2 ? 86C23BF8
INT 0xB2 ? 855A9D98

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spkw.sys Systemet finner ikke angitt bane. !
.text USBPORT.SYS!DllUnload 90A0846F 5 Bytes JMP 86C231D8
.text afgeacww.SYS 8B313000 22 Bytes [26, 32, 3B, 82, 10, 31, 3B, ...]
.text afgeacww.SYS 8B313017 135 Bytes [00, 32, 07, B4, 82, 3D, 05, ...]
.text afgeacww.SYS 8B31309F 45 Bytes [82, E0, BC, 06, 82, 48, 73, ...]
.text afgeacww.SYS 8B3130CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text afgeacww.SYS 8B3130DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 855A9478
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [82A67C4C] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [82A67CA0] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82A376D2] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82A37040] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82A377FC] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82A370BE] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82A3713C] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 855AA2D8
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86C232D8
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[NTOSKRNL.exe!KeTickCount] FFFFF104
IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 86C222D8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[640] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00710002
IAT C:\Windows\system32\services.exe[640] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00710000
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74047BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740898C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7404D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7403F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74047599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7403E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7407B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7404D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7404012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74040095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740371F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [740CD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740675E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7403DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7403668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740366BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74041E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855B21F8
Device \Driver\volmgr \Device\VolMgrControl 855AC1F8
Device \Driver\usbuhci \Device\USBPDO-0 86A6D1F8
Device \Driver\usbuhci \Device\USBPDO-1 86A6D1F8
Device \Driver\usbehci \Device\USBPDO-2 869021F8
Device \Driver\usbuhci \Device\USBPDO-3 86A6D1F8
Device \Driver\PCI_PNP3924 \Device\00000055 spkw.sys
Device \Driver\usbuhci \Device\USBPDO-4 86A6D1F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-5 86A6D1F8
Device \Driver\usbuhci \Device\USBPDO-6 86A6D1F8
Device \Driver\volmgr \Device\HarddiskVolume1 855AC1F8
Device \Driver\usbehci \Device\USBPDO-7 869021F8
Device \Driver\USBSTOR \Device\00000071 8811A500
Device \Driver\volmgr \Device\HarddiskVolume2 855AC1F8
Device \Driver\cdrom \Device\CdRom0 86AF31F8
Device \Driver\USBSTOR \Device\00000072 8811A500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 855AE1F8
Device \Driver\atapi \Device\Ide\IdePort0 855AE1F8
Device \Driver\atapi \Device\Ide\IdePort1 855AE1F8
Device \Driver\atapi \Device\Ide\IdePort2 855AE1F8
Device \Driver\atapi \Device\Ide\IdePort3 855AE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 855AE1F8
Device \Driver\cdrom \Device\CdRom1 86AF31F8
Device \Driver\netbt \Device\NetBt_Wins_Export 873F9500
Device \Driver\Smb \Device\NetbiosSmb 86AFA500
Device \Driver\sptd \Device\128066424 spkw.sys
Device \Driver\iScsiPrt \Device\RaidPort0 86C281F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\netbt \Device\NetBT_Tcpip_{F0757D4A-1B87-465E-AFE8-58995F2E921B} 873F9500
Device \Driver\usbuhci \Device\USBFDO-0 86A6D1F8
Device \Driver\usbuhci \Device\USBFDO-1 86A6D1F8
Device \Driver\usbehci \Device\USBFDO-2 869021F8
Device \Driver\usbuhci \Device\USBFDO-3 86A6D1F8
Device \Driver\usbuhci \Device\USBFDO-4 86A6D1F8
Device \Driver\usbuhci \Device\USBFDO-5 86A6D1F8
Device \Driver\usbuhci \Device\USBFDO-6 86A6D1F8
Device \Driver\usbehci \Device\USBFDO-7 869021F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1 855AF1F8
Device \Driver\afgeacww \Device\Scsi\afgeacww1Port6Path0Target0Lun0 86BB11F8
Device \Driver\afgeacww \Device\Scsi\afgeacww1 86BB11F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target19Lun0 855AF1F8
Device \FileSystem\cdfs \Cdfs 850621F8

---- Services - GMER 1.0.15 ----

Service system32\drivers\kbiwkmhprixrfi.sys (*** hidden *** ) [SYSTEM] kbiwkmnvwkonqb <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb@imagepath \systemroot\system32\drivers\kbiwkmhprixrfi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main@aid 10003
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmhprixrfi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmyxpnerbi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmvbwcuyog.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmspdxsrtm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\modules@kbiwkm.dat \systemroot\system32\kbiwkmjkqcptry.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x1B 0xAB 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0xC4 0x54 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9B 0x75 0x61 0xE1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb@imagepath \systemroot\system32\drivers\kbiwkmhprixrfi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main@aid 10003
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmhprixrfi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmyxpnerbi.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmvbwcuyog.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmspdxsrtm.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\modules@kbiwkm.dat \systemroot\system32\kbiwkmjkqcptry.dat
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x1B 0xAB 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0xC4 0x54 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9B 0x75 0x61 0xE1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.mrle msrle32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.msvc msvidc32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.imaadpcm imaadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg711 msg711.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msgsm610 msgsm32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msadpcm msadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midimapper midimap.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wavemapper msacm32.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.uyvy msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yuy2 msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yvyu msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iyuv iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.i420 iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yvu9 tsbyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.l3acm C:\Windows\System32\l3codeca.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.cvid iccvid.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.siren sirenacm.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.HFYU huffyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.VIFP VFCodec.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.dvsd mcdvd_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.DIVX DivX.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yv12 DivX.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.VP60 C:\Windows\system32\vp6vfw.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.VP61 C:\Windows\system32\vp6vfw.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@IconServiceLib IconCodecService.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DdeSendTimeout 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ShutdownWarningDialogTimeout -1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERPostMessageLimit 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ mnmsrvc
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\EA GAMES\The Sims 2 IKEA\xae INTERIØRPAKKE Stæsj\Sims2SP8_Uninst.exe 1

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Azulen

Azulen
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 09 September 2009 - 09:40 AM

I also ran the malwarebytes Anti-malware and it found: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmnvwkonqb (Rootkit.TDSS)
but each time i delete it, its there again when i restart pc :(


Please help me :(

here is my processes:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:10, on 09.09.2009
Platform: Windows Vista SP3 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AceGain\LiveUpdate\aceagent.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer levert av Komplett
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Hypersight] C:\Program Files\Hypersight\hypersight.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 (User 'Default user')
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Alexander\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: HP Smart valgmetode - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: YUDJLAF - Sysinternals - www.sysinternals.com - C:\Users\ALEXAN~1\AppData\Local\Temp\YUDJLAF.exe

--
End of file - 11032 bytes

Edited by Azulen, 09 September 2009 - 09:45 AM.


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 10 September 2009 - 12:06 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 15 September 2009 - 12:07 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users