Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot access Windows Update. Screen is blank


  • This topic is locked This topic is locked
2 replies to this topic

#1 wagstallion

wagstallion

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 03 October 2009 - 01:35 PM

Hi,

I am running Windows Vista Home Premium
Service Pack 2
32-bit operating system
Protected by Norton 360

Problem:
When i click on Windows update all i get is a screen that displays
nothing but a red shield with a white 'X' in it, also a '?' mark
top left. But nothing happens when i click them.
Also, i have the red shield in mt icons tray for the windows
security alerts. When i click on this it brings me to the windows
security center, Automatic updating is switched off. If i click on
'change setting' button and then choose 'install updates
automatically' it says security center can't change your automatic
update settings so i select 'change settings manually' and a
completely blank screen opens.

I have downloaded,installed, ran, updated and perform a full scan (separately) with the
following two applications:
SuperAntiSpyware & MalwareBytes
I have also downloaded and ran the MSRT manually:
I have also reset Windows Update components?

It found nothing unusual & nothing has changed.
I have been told there is a very good chance that i am seeing the effects of a hijackware
infection!

I have now ran David Lipman's Multi AV software which again found nothing.

I then prepared my Computer to run HijackThis!

Im not convinced i have a virus after all this, but im not the expert.
Could someone please have a look at the below logs to see if i have a problem? :

DDS:


DDS (Ver_09-09-29.01) - NTFSx86
Run by janet at 21:27:35.31 on 02/10/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1014.251 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\janet\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie8
mDefault_Page_URL = hxxp://www.thetechguys.com/welcome
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [UpdateP2GShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" update "software\cyberlink\power2go\5.0"
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\users\janet\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - hxxps://register.btinternet.com/templates/btwebcontrol028.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys [2009-9-9 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2009-9-9 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys [2009-9-9 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090916.003\IDSvix86.sys [2009-9-18 342576]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.2.11\ccSvcHst.exe [2009-9-9 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0305020.00b\symndisv.sys [2009-9-9 48688]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-16 31592]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]

=============== Created Last 30 ================

2009-10-02 18:48 <DIR> --d----- c:\program files\Trend Micro
2009-10-02 03:16 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-02 03:16 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-02 03:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 00:34 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-01 21:54 2,577 a------- c:\windows\system32\config.bak
2009-10-01 21:54 1,688 a------- c:\windows\system32\autoexec.bak
2009-10-01 20:21 <DIR> --d----- C:\AV-CLS
2009-10-01 20:21 901,363 a------- C:\Multi_AV.exe
2009-10-01 18:57 <DIR> --d----- c:\program files\CCleaner
2009-10-01 07:14 <DIR> --d----- c:\windows\system32\catroot2
2009-09-30 19:07 <DIR> --d----- c:\users\janet\appdata\roaming\SUPERAntiSpyware.com
2009-09-30 18:02 172,032 a------- c:\windows\system32\igfxres.dll
2009-09-27 23:45 <DIR> --d----- c:\program files\QUAD Utilities
2009-09-27 23:13 0 a---h--- C:\ProgramData.LOG2
2009-09-27 23:13 0 a---h--- C:\ProgramData.LOG1
2009-09-27 22:13 <DIR> --d----- c:\program files\MSSOAP
2009-09-27 22:13 <DIR> --d----- c:\program files\common files\MSSoap
2009-09-27 22:12 <DIR> --d----- c:\program files\Webroot
2009-09-27 22:11 164 a------- c:\windows\install.dat
2009-09-25 20:25 <DIR> --d----- c:\program files\iPod
2009-09-25 20:25 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-25 20:25 <DIR> --d----- c:\program files\iTunes
2009-09-25 20:25 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-25 20:04 <DIR> --d----- c:\program files\iPhone Configuration Utility
2009-09-24 01:59 83,456 a------- c:\windows\system32\wudriver - Copy.dll
2009-09-24 01:59 34,328 a------- c:\windows\system32\wups - Copy.dll
2009-09-23 21:42 <DIR> --d----- c:\windows\system32\catroot2.bak
2009-09-23 21:40 <DIR> --d----- c:\users\janet\appdata\roaming\Malwarebytes
2009-09-23 21:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-23 21:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-22 22:19 <DIR> --d----- c:\windows\system32\eu-ES
2009-09-22 22:19 <DIR> --d----- c:\windows\system32\ca-ES
2009-09-22 22:19 <DIR> --d----- c:\windows\system32\vi-VN
2009-09-22 21:45 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-22 21:40 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-09-22 20:10 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-09-22 20:10 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-22 20:10 218,624 a------- c:\windows\system32\msv1_0.dll
2009-09-22 20:10 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-22 20:09 270,848 a------- c:\windows\system32\schannel.dll
2009-09-22 20:09 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-22 20:09 72,704 a------- c:\windows\system32\secur32.dll
2009-09-22 20:09 9,728 a------- c:\windows\system32\lsass.exe
2009-09-09 23:53 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 23:53 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-09 23:53 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 23:53 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 23:53 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 23:53 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 23:53 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 23:53 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 23:53 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 23:53 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 23:53 17,920 a------- c:\windows\system32\netevent.dll
2009-09-09 23:52 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-09 23:52 513,536 a------- c:\windows\system32\wlansvc.dll
2009-09-09 23:52 68,096 a------- c:\windows\system32\wlanhlp.dll
2009-09-09 23:52 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-09 23:52 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-09 23:52 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-09 23:52 65,024 a------- c:\windows\system32\wlanapi.dll
2009-09-09 23:51 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-09 23:51 98,816 a------- c:\windows\system32\mfps.dll
2009-09-09 23:51 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-09-09 23:51 24,576 a------- c:\windows\system32\mfpmp.exe
2009-09-09 23:51 2,048 a------- c:\windows\system32\mferror.dll
2009-09-05 16:31 <DIR> --d----- c:\programdata\MumboJumbo
2009-09-05 16:31 <DIR> --d----- c:\progra~2\MumboJumbo
2009-09-05 16:31 <DIR> --d----- c:\program files\Luxor 2
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-02 22:40 <DIR> --d----- c:\users\janet\appdata\roaming\AVS4YOU
2009-09-02 22:40 <DIR> --d----- c:\programdata\AVS4YOU
2009-09-02 22:40 <DIR> --d----- c:\progra~2\AVS4YOU
2009-09-02 22:39 974,848 a------- c:\windows\system32\mfc70.dll
2009-09-02 22:39 <DIR> --d----- c:\program files\common files\AVSMedia

==================== Find3M ====================

2009-09-27 23:56 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-27 23:56 143,360 a------- c:\windows\inf\infstor.dat
2009-09-27 23:56 51,200 a------- c:\windows\inf\infpub.dat
2009-09-22 22:18 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-29 03:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 03:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 03:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 03:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-29 01:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 01:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-21 14:45 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-21 14:45 7,456 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-21 14:45 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-21 14:44 26,600 a----r-- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-21 14:44 107,368 a----r-- c:\windows\system32\GEARAspi.dll
2009-08-18 20:20 25,648 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-29 18:11 1,340 a------- c:\users\janet\appdata\roaming\wklnhst.dat
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 14:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 13:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 13:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 13:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 13:39 7,680 a------- c:\windows\system32\spwmp.dll
2008-08-01 16:29 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-15 23:24 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-15 23:24 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-15 23:24 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-15 23:24 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-07-13 11:29 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:30:20.72 ===============


RootRepeal:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/02 23:05
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8DAA6000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8DA9B000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB1DD4000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings
Status: Locked to the Windows API!

Path: C:\ProgramData\Application Data
Status: Locked to the Windows API!

Path: C:\ProgramData\Desktop
Status: Locked to the Windows API!

Path: C:\ProgramData\Documents
Status: Locked to the Windows API!

Path: C:\ProgramData\Favorites
Status: Locked to the Windows API!

Path: C:\ProgramData\Start Menu
Status: Locked to the Windows API!

Path: C:\ProgramData\Templates
Status: Locked to the Windows API!

Path: C:\System Volume Information\{07af4ca7-a856-11de-8677-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0b7167c8-abab-11de-ad27-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0b7167cc-abab-11de-ad27-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1ebc4733-ade6-11de-8468-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1eee3ca5-aee3-11de-ac9b-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2e144cb7-aa02-11de-ae30-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2e144cbb-aa02-11de-ae30-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{35dc2737-ac76-11de-9f25-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{42e6f3b7-aa87-11de-aa89-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5046189d-aea1-11de-ae5e-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{59f3601d-ae50-11de-95d3-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6a0bae42-a858-11de-8113-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a1013743-adf7-11de-8663-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b816659d-af6e-11de-aa53-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e476411d-aa97-11de-87c3-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fb31c7ad-ad25-11de-8380-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fb31c7b1-ad25-11de-8380-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fcdb7e27-abb3-11de-89a2-00030d7b3a88}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Users\All Users
Status: Locked to the Windows API!

Path: C:\Users\Default User
Status: Locked to the Windows API!

Path: C:\Users\Default\Application Data
Status: Locked to the Windows API!

Path: C:\Users\Default\Cookies
Status: Locked to the Windows API!

Path: C:\Users\Default\Local Settings
Status: Locked to the Windows API!

Path: C:\Users\Default\My Documents
Status: Locked to the Windows API!

Path: C:\Users\Default\NetHood
Status: Locked to the Windows API!

Path: C:\Users\Default\PrintHood
Status: Locked to the Windows API!

Path: C:\Users\Default\Recent
Status: Locked to the Windows API!

Path: C:\Users\Default\SendTo
Status: Locked to the Windows API!

Path: C:\Users\Default\Start Menu
Status: Locked to the Windows API!

Path: C:\Users\Default\Templates
Status: Locked to the Windows API!

Path: C:\Users\janet\My Documents
Status: Locked to the Windows API!

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1236 Status: Locked to the Windows API!

SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8cfe89a8

#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8cff5120

#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x864511d8

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "<unknown>" at address 0x8625bc40

#: 042 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x8d0a3008

#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8cffe738

#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x8d0a3110

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x86350190

#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x864527c8

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8cde7eb8

#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8cdde2e8

#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x86341428

#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8cff5490

#: 165 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x86297d60

#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8cde27f0

#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8cdf7068

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8cde0068

#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8632b108

#: 197 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8cddf118

#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8cddecd8

#: 210 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x8d0a3d00

#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x86377888

#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x863d9e28

#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8cde9260

#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x8644fe60

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8644f3f0

#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8cdf3110

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x8c1130b0

#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x863234e0

#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x867b9c98

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8cde4d28

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0x8d0a35a0

Shadow SSDT
-------------------
#: 317 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x8f62f4b0

#: 397 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x8d98d410

#: 428 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x8d98d350

#: 430 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x8d98d4d0

#: 442 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x8d9c3158

#: 479 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x8d98d0e0

#: 497 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x8d98d280

#: 498 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x8d98d1b0

#: 573 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x8d9c14e8

#: 576 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x8d9933c0

==EOF==

HijackThis!:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:17, on 02/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe"
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" update "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\windows sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol028.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe

--
End of file - 7693 bytes

Regards
Natahn

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:50 AM

Posted 21 October 2009 - 12:52 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:50 AM

Posted 26 October 2009 - 02:37 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users