Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Security Tool


  • This topic is locked This topic is locked
33 replies to this topic

#1 TheLadyIsMad

TheLadyIsMad

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 09 October 2009 - 01:18 PM

Hello.

I found this site weeks ago when I was going crazy trying to remove Total Security. Using the information, I think I successfully removed it (for the most part), though I do worry that I might have a backdoor or something still. I was annoyed and surprised to have another problem appear recently. I hadn't had any trouble in weeks. So now I have Security Tool on my computer. I'm writing this in Safe Mode, since every time I try to get onto the computer in normal mode, Security Tool pops up. Trying to close it seems to freeze my computer, or at least, hide any feature I can use to turn it off, ect. I read through the preparation thread, so everything should be ready to go.

I am using Windows XP service pack 3
IBM compatible (as far as I can tell)

here is my dds file:


DDS (Ver_09-09-29.01) - NTFSx86 NETWORK
Run by Family at 10:04:54.34 on Fri 10/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.653 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 091007-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.himura-kaoru.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5c59bec9-d6b1-4dad-a58c-52beb789ce88} - vufiyodi.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ABIT uGuruIII] c:\program files\u-abit\abiteq\abiteq.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Mouse Suite 98 Daemon] PELMICED.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [05666023] c:\documents and settings\all users\application data\05666023\05666023.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185870642593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\family\applic~1\mozilla\firefox\profiles\2oeh9pwe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.himura-kaoru.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-11 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-11 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-11 138680]
S3 ABIT-IO;ABIT-IO;c:\program files\u-abit\abiteq\ABIT-IO.sys [2007-7-31 4608]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-11 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-11 352920]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2007-10-2 27088]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2007-10-2 12816]

=============== Created Last 30 ================

2009-10-09 08:53 4,045,544 a------- C:\mbam-setup.exe
2009-10-08 03:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\05666023
2009-10-06 15:58 <DIR> --d----- C:\myapp19313m
2009-10-06 15:57 <DIR> --d----- C:\myapp
2009-09-19 21:19 497,664 a------- c:\windows\system32\ac3filter.acm
2009-09-19 21:19 <DIR> --d----- c:\program files\AC3Filter
2009-09-19 21:19 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-09-19 21:19 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-09-19 21:19 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-09-19 21:19 <DIR> --d----- c:\program files\Haali
2009-09-19 21:18 <DIR> --d----- c:\program files\Real Alternative
2009-09-19 21:17 765,952 a------- c:\windows\system32\xvidcore.dll
2009-09-19 21:17 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-09-19 21:17 77,824 a------- c:\windows\system32\xvid.ax
2009-09-19 21:17 <DIR> --d----- c:\program files\Xvid
2009-09-11 15:48 201,050 a------- c:\windows\system32\nvapps.nvb
2009-09-11 15:48 <DIR> --d----- c:\windows\NV40164064.TMP
2009-09-11 15:26 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-11 14:51 50,176 a------- c:\windows\system32\proquota.exe

==================== Find3M ====================

2009-09-14 02:12 229,888 a------- c:\windows\PEV.exe
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-01 21:22 714,528 a------- C:\JavaSetup6u16.exe
2009-09-01 03:56 366,120 a------- C:\Download_6.1.0.447f-sdregnow-setup.exe
2009-09-01 00:46 28,736,281 a------- C:\clamwin-0.95.2-setup.exe
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2008-04-27 21:49 304,957 a------- c:\program files\hjsplit.zip
2009-07-08 03:39 51,200 a--sh--- c:\windows\system32\guvegavu.dll
2009-07-08 03:39 51,200 a--sh--- c:\windows\system32\neresazi.dll
2009-07-08 03:39 1,050,147 a--sh--- c:\windows\system32\panasoba.exe
2009-07-08 03:40 51,200 a--sh--- c:\windows\system32\vufiyodi.dll
2008-10-29 19:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102920081030\index.dat

============= FINISH: 10:05:22.59 ===============

Any help you can give would be appreciated.

Thank you,
Lady

Attached Files



BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 25 October 2009 - 02:31 AM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications.
In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.

2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.

3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.

4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied

The topics you are tracking are shown Here.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


Posted Image
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:(

#3 TheLadyIsMad

TheLadyIsMad
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 25 October 2009 - 11:28 PM

I did as told, here's the report. No, I haven't tried to fix the problem.


DDS (Ver_09-09-29.01) - NTFSx86 NETWORK
Run by Family at 21:20:24.35 on Sun 10/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.675 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 091007-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.himura-kaoru.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5c59bec9-d6b1-4dad-a58c-52beb789ce88} - vufiyodi.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ABIT uGuruIII] c:\program files\u-abit\abiteq\abiteq.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Mouse Suite 98 Daemon] PELMICED.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [05666023] c:\documents and settings\all users\application data\05666023\05666023.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185870642593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-11 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-11 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-11 138680]
S3 ABIT-IO;ABIT-IO;c:\program files\u-abit\abiteq\ABIT-IO.sys [2007-7-31 4608]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-11 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-11 352920]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2007-10-2 27088]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2007-10-2 12816]

=============== Created Last 30 ================

2009-10-09 08:53 4,045,544 a------- C:\mbam-setup.exe
2009-10-08 03:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\05666023
2009-10-06 15:58 <DIR> --d----- C:\myapp19313m
2009-10-06 15:57 <DIR> --d----- C:\myapp

==================== Find3M ====================

2009-09-14 02:12 229,888 a------- c:\windows\PEV.exe
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-01 21:22 714,528 a------- C:\JavaSetup6u16.exe
2009-09-01 03:56 366,120 a------- C:\Download_6.1.0.447f-sdregnow-setup.exe
2009-09-01 00:46 28,736,281 a------- C:\clamwin-0.95.2-setup.exe
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2008-04-27 21:49 304,957 a------- c:\program files\hjsplit.zip
2009-07-08 03:39 51,200 a--sh--- c:\windows\system32\guvegavu.dll
2009-07-08 03:39 51,200 a--sh--- c:\windows\system32\neresazi.dll
2009-07-08 03:39 1,050,147 a--sh--- c:\windows\system32\panasoba.exe
2009-07-08 03:40 51,200 a--sh--- c:\windows\system32\vufiyodi.dll
2008-10-29 19:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102920081030\index.dat

============= FINISH: 21:21:04.28 ===============

Attached Files



#4 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 26 October 2009 - 08:27 AM

Hello TheLadyIsMad, and :) to Bleeping Computer Malware Removal Forum, My Nick is Net_Surfer I'll be glad to help you with your computer problems.

I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.

Sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.


*If you have not done the following please do so now:
You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications.
In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.

2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.

3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.

4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied

The topics you are tracking are shown Here.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

-----------------------------------------------------------

Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. DDS, RSIT, Win32Diag and Combofix logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. :(

1. Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic.
2. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
3. All of my posts need to be checked by my coach before they are posted here your benefit will be "four eyes and two brains" looking into your problem, but my responses may be somewhat delayed so please be patient while I attempt to remove your malware.
4. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You Still Infected!!!

I proposed a fix and it will be a few hours for my coach to approve it.

In the meantime Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
.

In your DDS log I see evidence Combofix was run. We need to retrieve the log. It should be located at C:\combofix.txt

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

I will be back with the steps necessary for you to follow to get your machine back in working order clean and free of malware. :(

Thanks and again sorry for the delay
.

Kind regards
Net_Surfer

:)

Edited by Net_Surfer, 26 October 2009 - 08:31 AM.


#5 TheLadyIsMad

TheLadyIsMad
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 26 October 2009 - 01:41 PM

Yes, that was after I was infected with Total Security awhile back, when I think I removed it. Since then, I have been infected by Security Tool. The Combofix report will not reflect the current problems I am having. Would you like me to use it again? If not, I understand. I have attached the old file, but please remember, it does not reflect current conditions on my computer. I have had concerns that Total Security may have left some remnants behind, or even created a backdoor. I really don't know a great deal about these sorts of things. All I know is after I tried some things recommended to another user for removal of Total Security, it seemed to have disappeared. But, as I said sometime later, I got a Security Tool infection. I hope this doesn't confuse things. Anyway, please let me know.

I understand the need for caution, and will comply with requirements. Don't worry, I looked at a few threads to see what might be the average time it would take for a response, so I know 16 days isn't bad. :( If patience will help my computer, then I'm glad to wait.

Attached Files



#6 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 26 October 2009 - 06:56 PM

Hello TheLadyIsMad,:(

Nope, do not run combofix again. Wait for my instructions.

I needed to see that log so we can study what combofix is reporting back to us.

Combofix is a very complex and dangerous tool. It is not a one size fit all tool and it is not automatically removing what it needs to be removed by itself. It is like a scalpel in the hands of a surgeon. A surgeon can remove exactly what is need and no more while an untrained person would either cut too much or not enough.
:(

Posted ImageCombofix is powerful enough to be able to render your computer unbootable if used wrongly or to leave your computer infected if you do not know what you are doing..
You should NOT use Combofix unless you have been instructed. It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please read Combofix's Disclaimer.

I will be back shortly with more instructions. Thanks again for waiting.

Regards
Net_Surfer


#7 TheLadyIsMad

TheLadyIsMad
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 October 2009 - 03:34 PM

The only problem is that I think that was done before I was infected with Security Tool. That's why I was asking about doing it again. It may not reflect the current problem at all. I don't recall actually doing that after getting infected with Security Tool, though the time is close. If I did, then it could only have been from Safe Mode. I do know after I think I'd gotten rid of Total Security, I did Combofix several times. I wanted to be sure the computer was safe. I hope this doesn't confuse things.

#8 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 28 October 2009 - 02:34 PM



Hello again TheLadyIsMad, :step1:

Sorry for the delay.

Please observe these rules while we work
:
  • Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
  • In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please continue to review my answers until I tell you that your machine is clean and free of malware. (Remember absence of symptoms does not mean that everything is clear).
Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly. :(

---------------------------*------------------------

The computer is infected with a Backdoor Trojan Rootkit.

A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still try to clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to remove the infection please follow the next set of steps:


-------------------------*-------------------------

Before we start fixing anything you should write/print out these instructions or copy/paste them to a NotePad file.

**Note: In the event you already have old versions of Combofix I need you to delete them, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".
  • For Internet Explorer:
    o Choose to save, not open the file
    o When prompted - save the file to your desktop.
:) Please download ComboFix from Here or Here to your Desktop.
(Please, never rename Combofix unless instructed. This tool is not a toy and not for everyday use).

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    :) Please insert your flash drive and all usb-drives before running Combofix
  • Close any open browsers.
    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
  • Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

    -----------------------------------------------------------

    :) Double click Posted Image on your desktop & follow the prompts.
  • If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.

    NOTE: If you have Windows XP: Combofix may ask you to install the Recovery Console, please allow it to do so.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


*** When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

If you are unsure how to run ComboFix tool, please visit this webpage for instructions: How-to-use-combofix

A word of warning if you are a lurker: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

:) I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either avast! Antivirus or ClamWin Free Antivirus 0.95.2.
Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.

:step1: We need to see more information about what is happening in your machine. Please perform the following scan:

Run random's system information tool (RSIT)

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Please note that it is important that RSIT be run and a log created while in normal mode. *If you run it and create your log while in safe mode, you will be asked to redo it again properly.
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
Copy/Paste the contents of both log.txt and info.txt into your next post please.

( Default location for both files is C:\rsit\ )

Summary of the logs I will need in your next reply:
  • The report log of Combofix located at: "C:\ComboFix.txt"
  • The Two logs of RSIT.
And a description of any remaining problems in your next post.

How are things your end TheLadyIsMad???.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Kind regards
Net_Surfer

:(

#9 TheLadyIsMad

TheLadyIsMad
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 29 October 2009 - 12:51 AM

Just to let you know:
One problem I've been having is that my Avast antivirus refuses to work! It claims it has a
problem with the skin. I tried downloading more skins from the official site, but the program
won't accept them, and says it "has" to close. So that's why I had two antivirus programs. I
don't think it even let me try to uninstall it. I don't see it on my taskbar icons, so I can't
tell if it'll complain, and I can't turn it off if it's there somewhere, but it didn't interfere
last time I used Combofix.

Here's another oddity: one of my anti-malware programs, Spybot, won't let me fully uninstall it.
I think I may have deleted something which could've let me, and the official site doesn't have
that version so I can't reinstall then uninstall. It also interferes with my getting a better
version, and it's a good anti-malware.

I uninstalled ClamWin, but I still have the setup so I can reinstall, at the moment anyway.

I tried to do as you told me to, and thankfully, Combofix worked fine. I attached the log to this post.

The problem lies, however, in trying to do the rest of what you wanted me to do. When I restarted the computer into regular mode, I was immediately shown Security Tool's fake antivirus window. I clicked on the x on the upper right to close it, and
it was unhappy, of course, it asked if I really wanted to go unprotected? I chose the option to go "unprotected". It's the only way to close it. Then, when I clicked on RSIT, nothing happens. I wondered if I'd made a mistake somewhere, so I tried to open my notepad file for the how-to, but notepad immediately closed. Cute. I tried to open RSIT again, but still there isn't a response. Security Tool has installed an icon on my taskbar, so I found myself staring at a bubble from it, complaining that RSIT was bad.

Quote:
Security Tool Warning
RSIT.exe is infected with worm Lsas.Blaster.Keyloger. This worm is trying to send your credit card details using RSIT.exe to connect to remote host.

Oh wait, you did say to unplug the internet first. But I have a DSL, and it's an old modem. I'll try it, but don't be surprised if it takes awhile to hear from me. My modem likes to take anywhere from 15 minutes to 2+ hours to reconnect. I really wish we had a better one, but there you go.

Attached Files



#10 TheLadyIsMad

TheLadyIsMad
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 29 October 2009 - 01:04 AM

Ok, so I tried it without internet, and Security Tool still won't let me use it! It could be my fault, since I didn't unplug the modem the first time, and now it's alerted to that program. Even changing the name will not help, though I didn't reinstall it and have the name different from the outset. This is frustrating. :( It's not your fault. At any rate, you have the Combofix log. Hopefully that'll help solve this? Thank you for your help and patience with me. :(

#11 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 29 October 2009 - 07:14 AM



Hello again TheLadyIsMad,:step1:

It seems that the infection is putting a fight but we got rid of some bad files with the run of combofix. :(

At the end of the fix I before I declare your computer clean I will give you an advise how to get rid of spybot.


Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

Please carefully follow the next set of steps:



:) Rerun ComboFix with some additional directives.

A word of advise: Complex Malware removal is to be performed by trained personnel, as they’re capable of doing a surgical cleanup without affecting other components of the Operating System.
:
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Go to Start -> Run... and in the "Open:" box that opens type Notepad and press Enter (alternatively, navigate to Start -> Accessories -> Notepad).
  • Copy the entire contents inside the CODE box below into Notepad (do NOT copy the word "CODE"!) - don't use any other text editor than Notepad or the script will fail.
    KillAll::
    
    DirLook::
    C:\myapp19313m
    C:\myapp
    
    Driver::
    zccohmsc
    
    File::
    c:\documents and settings\All Users\Application Data\05666023\05666023.exe
    
    Folder::
    c:\documents and settings\All Users\Application Data\05666023
    
    NetSvc::
    zccohmsc
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "05666023"=-
    WARNING: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Go to File -> Save and save as CFScript.txt in the same location as ComboFix.exe.
    Posted Image
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Drag CFScript.txt on top of ComboFix.exe. This will start ComboFix again. Please follow the prompts.
    NOTE: Do NOT mouseclick ComboFix's window whilst it's running. That may cause your system to hang!
  • When finished, ComboFix shall produce a log for you at C:\ComboFix.txt. Please post the entire contents of that report in your next reply for further review.
Next...

:) Posted Image Your Java program is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
Download and Run JavaRA

Please download JavaRa and save the file to your desktop.
  • Right click and Extract All and a new folder called "JavaRa" will be extracted
  • Once extracted, open that folder and run JavaRa.exe with the picture.
  • Select your Language which is probably English
  • Click Search For Updates
  • Select Update Using jucheck.exe
  • Click Search
  • If a newer version is found, allow it to be installed
  • Uncheck the Google Toolbar option. (if you don't want the Google tool bar)
  • When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
  • When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
  • It will now begin to remove older versions. Please be paitent while it does the removal process.
  • Exit the tool when complete.

:) Malwarebytes' Anti-Malware

Because some malware can be easily removed, we recommend Malwarebytes Anti-Malware be run. It's an advanced piece of software which should get a lot of what's on this machine. These guys are so on top of the latest infections it's amazing.

It's important to let me know however, if you experience any trouble getting to the site or updating it or opening it to run. Some rootkits target MBAM and those indicators are the 'tell', if you will. We have another method of double-checking for this rootkit, which if present, will require another special tool.


* MBAM
You already have Posted ImageMalwarebytes' Anti-Malware installed.
  • Open MBAM
  • Go to the updates tab, and click Update to update to the latest version
  • Once the program has updated, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: if you can not run a full system scan then retry with a quick scan.
    * Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
***NOTE: If MBAM will not install, try renaming it this way.
  • Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.
  • Double-click on mysetup.exe to start the installation.
  • If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extension
  • Right-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.
  • Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.
**If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe, rename it to myscan.exe.
  • Double-click on myscan.exe to launch the program.
  • If that did not work, then try renaming and change the .exe extension in the same way as noted above.
  • Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.
If using Windows Vista, refer to How to Change a File Extension in Windows Vista.

MBAM Tutorial if needed

:) Rerun a scan with RSIT

Copy/Paste the contents of both log.txt and info.txt into your next post please.

( Default location for both files is C:\rsit\ )
:step1:

Summary of the logs I will need in your next reply:
  • The report log of Combofix located at: "C:\ComboFix.txt"
  • The report log of MBAM
  • The two logs of RSIT.
And a description of any remaining problems in your next post.

How are things your end TheLadyIsMad???.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Kind regards
Net_Surfer

:(

#12 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 30 October 2009 - 11:37 PM

Hello TheLadyIsMad,Posted Image

:( Bump :)

Are you still there???

Please reply to this post so I know you are there. :(

If you are please follow the instructions in my previous post.

Please continue to review my answers until I tell you your machine appears to be clear. Remember absence of symptoms does not mean that everything is clear.

I have not had a reply from you for 2 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

The forum is busy and we need to have replies as soon as possible. Unfortunately, if I do not hear back from you within 2 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided by replying back and let us know the reason of your delay.

If you like you can PM me.

Thanks,

Kind regards
Net_Surfer

Posted Image

#13 TheLadyIsMad

TheLadyIsMad
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 31 October 2009 - 04:39 AM

I'm so sorry! I had to help out with some things for the family, so I was away. When I tried to get back on there was a maintanence
issue, so I was waiting till now. I'll do what you said, but I just wanted to let you know, as you asked, that yes, I'm still here. :(

#14 TheLadyIsMad

TheLadyIsMad
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 31 October 2009 - 05:18 AM

Just clarifying. You want this done in normal mode? Using Notepad in Safe Mode isn't a problem. It also looks like my Malwarebytes is lost or the computer seemed to think so. Safe Mode can be pretty weird about some things it seems. I also fixed the issue with Avast. Turns out there was some info in an FAQ and it works now, but it already had protections disabled. I'm writing this down, since Safe Mode doesn't recognize I have a printer, and last time I tried to print something when I had Total Security, it wouldn't let me either. Security Tool doesn't seem to like Notepad, so, writing by hand, at least I know it'll be on hand. Sorry if this is taking longer than you'd hoped, but I wanted to be sure.

#15 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 31 October 2009 - 12:53 PM

Hello there..


Yes. Please do those steps in normal mode.

Let me know if you have any problems.

Regards
Net_Surfer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users