Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screen and website re-direct backdoor.bot


  • This topic is locked This topic is locked
6 replies to this topic

#1 xxjhoxx1

xxjhoxx1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 09 October 2009 - 08:49 PM

Here is my problem. I have been trying to get rid of my spyware to get rid of some trojan's that cropped up. One named backdoor.bot. Also I have windows police pro and fake system scans like free online scan popping up in my webbrowser which I kill immediately, and I have removed Windows police pro. Also getting the google re-direct link. And firfox and ie crashes.

Now another issue is I was getting blue screened to death for about 4-5 days. Always doing something different when I get blue screened here are the two error messages I received.

One begain with irql more or less not equal the other message was error code 0x0000008ec0xc0000005, 0xBF83D763, 0xADC425F8 . If a driver is identified in the stop message, siable the driver or check w/ manufacturer for driver updates.

I ran debugger and found kmixer might be interfering and I disable the sound mixing device? I had 15 blue screens with about 2-3 different messages, 5 yesterday and only 1 today. Also my mom was talking to dell support and they interepreted this message as a driver issue also and then proceeded to try and sell my mom a new cd rom device. lol. That was before I found the ! symbol by the kmixer device and now with debugger readout. Also about the same time I started blue screening my mom had updated mcafeee virus and now we get all kinds of error messages from them. DO you think mcafee could be blue screening me?

I removed most trojan's and viruses I saw with mcafee and malwares anti-malware, I found 2 instances of a backdoor.bot (registery corruption?)with it. Removed and quarantined then restored for some dumb reason a guy said it was a fp malware(and it couldn't find them when I ran again).

Please read my diagnosistic reports and help me defeat the blue screens. Thanks. Any other info needed will be replied to quickly(unless I am rebooting:).



-----------------------Running Process-----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:54 PM, on 10/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jordan Hope\My Documents\Downloads\HijackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.220 intsecure.microsoft.com
O1 - Hosts: 91.212.127.220 intsecure-2009.com
O1 - Hosts: 91.212.127.220 www.intsecure-2009.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [bakizolat] Rundll32.exe "c:\windows\system32\fulefoze.dll",a
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKUS\S-1-5-21-2052111302-115176313-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Robert Hopeq')
O4 - HKUS\S-1-5-21-2052111302-115176313-839522115-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Robert Hopeq')
O4 - HKUS\S-1-5-21-2052111302-115176313-839522115-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Robert Hopeq')
O4 - HKUS\S-1-5-21-2052111302-115176313-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Miriam Hope')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jordan Hope\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Chessmaster Challenge\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.27.0.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\fulefoze.dll,rahobofo.dll
O21 - SSODL: bawugifaw - {4ad456fa-3503-435f-aca7-73d31dad4bd1} - c:\windows\system32\fulefoze.dll
O22 - SharedTaskScheduler: tokatiluy - {4ad456fa-3503-435f-aca7-73d31dad4bd1} - c:\windows\system32\fulefoze.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: IPSEC Services PolicyAgentShellHWDetection (PolicyAgentShellHWDetection) - Unknown owner - C:\WINDOWS\system32\A9.tmp.exe (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

------------------============== Pseudo HJT Report ===============

DDS (Ver_09-09-29.01) - NTFSx86
Run by Jordan Hope at 17:39:35.93 on Fri 10/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2392 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe "C:\WINDOWS\system32\A9.tmp"
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Jordan Hope\My Documents\Downloads\HijackThis(2).exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jordan Hope\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gmail.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Windows Internet Explorer provided by Comcast
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
mRun: [bakizolat] Rundll32.exe "c:\windows\system32\fulefoze.dll",a
mExplorerRun: [isamonitor.exe] c:\program files\video activex object\isamonitor.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\jordan hope\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\chessmaster challenge\images\stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\chessmaster challenge\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\fulefoze.dll,rahobofo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: bawugifaw - {4ad456fa-3503-435f-aca7-73d31dad4bd1} - c:\windows\system32\fulefoze.dll
STS: tokatiluy: {4ad456fa-3503-435f-aca7-73d31dad4bd1} - c:\windows\system32\fulefoze.dll
LSA: Notification Packages = scecli fikuyelu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jordan~1\applic~1\mozilla\firefox\profiles\i6ubcxao.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\components\SABFF15.DLL
FF - plugin: c:\documents and settings\jordan hope\application data\mozilla\firefox\profiles\i6ubcxao.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\jordan hope\application data\mozilla\firefox\profiles\i6ubcxao.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-18 214024]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-18 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-18 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-18 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-18 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-18 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-18 40552]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
S2 PolicyAgentShellHWDetection;IPSEC Services PolicyAgentShellHWDetection;c:\windows\system32\a9.tmp srv --> c:\windows\system32\A9.tmp srv [?]
S3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [2009-5-22 2560]
S4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-18 359952]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-6-4 1251720]

=============== Created Last 30 ================

2009-10-09 17:10 <DIR> --d----- c:\program files\Debugging Tools for Windows (x86)
2009-10-09 16:27 <DIR> --d----- c:\docume~1\jordan~1\applic~1\McAfee
2009-10-09 16:03 <DIR> --d----- c:\program files\Trend Micro
2009-10-08 17:45 70,144 a------- c:\windows\system32\drivers\gasfkypeslkrno.sys
2009-10-08 17:45 2,198 a------- C:\tTcL.bat
2009-10-06 13:56 <DIR> --d----- c:\program files\Advanced Spyware Remover
2009-09-28 23:51 32 a--s---- c:\windows\system32\3654546761.dat
2009-09-28 23:51 82,432 ac------ c:\windows\system32\dllcache\ws2_32.dll
2009-09-28 23:51 51,712 a------- c:\windows\system32\A9.tmp
2009-09-26 14:38 <DIR> --d----- c:\docume~1\jordan~1\applic~1\AdobeAUM
2009-09-24 12:15 <DIR> --d----- c:\docume~1\jordan~1\applic~1\Elluminate
2009-09-15 10:41 <DIR> --d----- c:\program files\APSW

==================== Find3M ====================

2009-09-09 16:21 139,016 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-09 16:21 189,488 a------- c:\windows\system32\PnkBstrB.exe
2009-08-29 23:16 139,152 a------- c:\docume~1\jordan~1\applic~1\PnkBstrK.sys
2009-08-29 23:16 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-08-29 23:16 794,408 a------- c:\windows\system32\pbsvc.exe
2009-08-25 09:57 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-08-24 15:32 249,856 -------- c:\windows\Setup1.exe
2009-08-24 15:32 73,216 a------- c:\windows\ST6UNST.EXE
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-09 15:09 88,576 a--sh--- c:\windows\system32\burolage.dll
2009-07-09 15:09 51,200 a--sh--- c:\windows\system32\fikuyelu.dll
2009-07-09 15:09 51,200 a--sh--- c:\windows\system32\fokitape.dll
2009-07-09 15:09 172,544 a--sh--- c:\windows\system32\fulefoze.dll
2009-07-08 18:28 60,928 a--sh--- c:\windows\system32\futoweni.dll
2009-07-09 15:09 51,200 a--sh--- c:\windows\system32\jubetufa.dll
2009-07-08 18:28 167,424 a--sh--- c:\windows\system32\litikusi.dll
2009-07-08 18:28 1,011,226 a--sh--- c:\windows\system32\moriyava.exe
2009-07-09 15:09 51,200 a--sh--- c:\windows\system32\rahobofo.dll
2009-07-08 18:28 83,968 a--sh--- c:\windows\system32\tilerove.dll

============= FINISH: 17:40:56.29 ===============
Root files


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/09 17:48
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xADA20000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7995000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP4630
Image Path: \Driver\PCI_PNP4630
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAE04E000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spno.sys
Image Path: spno.sys
Address: 0xF74D6000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\temp\mcafee_ydgkz0ycgziob98
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_a0zhlx3cn5wncah
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_wusizpcmmz5udbg
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Program Files\Yahoo! Games\GAME OF LIFE by Hasbro\THE GAME OF LIFE by Hasbro.exe:{E57D4F7A-0CF7-1D80-62C8-F55B288D823E}
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\jordan hope\local settings\temp\~dfbf00.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\jordan hope\local settings\temp\~dffb3e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\Jordan Hope\Application Data\Mozilla\Firefox\Profiles\i6ubcxao.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spno.sys" at address 0xf74d70e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spno.sys" at address 0xf74f5ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spno.sys" at address 0xf74f6030

#: 119 Function Name: NtOpenKey
Status: Hooked by "spno.sys" at address 0xf74d70c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spno.sys" at address 0xf74f6108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spno.sys" at address 0xf74f5f88

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spno.sys" at address 0xf74f619a

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8abd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x8a302500 Size: 121

Object: Hidden Code [Driver: aaunp6b7؅獕浴ꮘ桀, IRP_MJ_CREATE]
Process: System Address: 0x8a920500 Size: 121

Object: Hidden Code [Driver: aaunp6b7؅獕浴ꮘ桀, IRP_MJ_CLOSE]
Process: System Address: 0x8a920500 Size: 121

Object: Hidden Code [Driver: aaunp6b7؅獕浴ꮘ桀, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a920500 Size: 121

Object: Hidden Code [Driver: aaunp6b7؅獕浴ꮘ桀, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a920500 Size: 121

Object: Hidden Code [Driver: aaunp6b7؅獕浴ꮘ桀, IRP_MJ_POWER]
Process: System Address: 0x8a920500 Size: 121

Object: Hidden Code [Driver: aaunp6b7؅獕浴ꮘ桀, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a920500 Size: 121

Object: Hidden Code [Driver: aaunp6b7؅獕浴ꮘ桀, IRP_MJ_PNP]
Process: System Address: 0x8a920500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a91d430 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a91d430 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a91d430 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a91d430 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a91d430 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a91d430 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a91d430 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a91d430 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a91d430 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a91d430 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a91d430 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8ac471f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8ac471f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8ac471f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8ac471f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ac471f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac471f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac471f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ac471f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8ac471f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac471f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8ac471f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8aa441f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8aa441f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aa441f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aa441f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8aa441f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aa441f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8aa441f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8abd91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8abd91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8abd91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8abd91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8abd91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8abd91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8abd91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8abd91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8abd91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8abd91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8abd91f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8a5e7500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8a5e7500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5e7500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5e7500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8a5e7500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8a5e7500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a97a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a97a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a97a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a97a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a97a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a97a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a97a1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8a62b1f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఇ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0x8a8cd500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఇ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0x8a8cd500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఇ䵃慖, IRP_MJ_READ]
Process: System Address: 0x8a8cd500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఇ䵃慖, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a8cd500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఇ䵃慖, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a8cd500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఇ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a8cd500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఇ䵃慖, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a8cd500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఇ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8cd500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఇ䵃慖, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a8cd500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఇ䵃慖, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a8cd500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఇ䵃慖, IRP_MJ_CLEANUP]
Process: System Address: 0x8a8cd500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఇ䵃慖, IRP_MJ_PNP]
Process: System Address: 0x8a8cd500 Size: 121

==EOF==

let me know my exact solution to get back to 100% lol thanks. :(

BC AdBot (Login to Remove)

 


#2 xxjhoxx1

xxjhoxx1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 13 October 2009 - 04:54 PM

update i have stopped the blue screens so that is good, now I am just taking care of adware popups and google redirect link problems.

Also mcaffee popped up with 3 found trojans. vundogen.bv and vundogen.ab with files neumododi.dll in sysyem32 dir and garowori.dll in system32 dir. I can't find those files and think I may have killed them with registery mechanic by pc tools. Would they show up in a search I mean mcaffee said those files were in those locations but couldn't locate them after running reg mechanic.

Also found artemis.!cF35lE80EDe1 in file ravufuge.dll. I 'm hoping with my hijack logs and the expert advisors on this forum I can get some concrete answers about how to elminate these 3 trojans before they keep crashing my ie and browsers. Also how to stop the link redirect problem cuz that is really annoying. Any other scans or logs I need to do, please let me know.

#3 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 25 October 2009 - 02:51 AM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications.
In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.

2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.

3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.

4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied

The topics you are tracking are shown Here.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


Posted Image
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:(

#4 xxjhoxx1

xxjhoxx1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 28 October 2009 - 01:25 AM

My computer is just a mess. I have been trying to fix it using regcure and regedit. I initially had trojans running that I got rid of with lots of system scans and mccaffee, and was using regedit b/c I was blue screening. I stopped blue screening now, fixed a sound driver. But of course I know I am in for more problems with errors like these. I also did a system restore to fix some windows components I had removed. and it worked :(

Now what is happening is my computer is really unstable. In the last hour I think without actually wanting to my computer has restarted 10 times :(
Also mccaffee is being a serious nuisance as you can see. I am planning on dealing with that when I can talk to comcast or mcaffee directly. Also my internet explorer and mozilla have been giving me don't send errors. Like I'm browsing and firefox will just give up and quit. I updated ie8 with my computer restarting twice b4 I got to a correct updated installation so at least the ieframe.dll error isn't coming up. But even now I don't know if my comp will restart. I would be running mozilla and close it and then my whole computer restart(without a blue screen).

I think this may have to do with a regedit issue which deleted a whole bunch of dlls. I think it was even to much of a just gut out my core system that I re-inserted them with a feature to allow me to restore some core dll files.

Oh and final issue I cannot access regedit. I have attempted to fix this issue b/c I really need to see whats going on with my registry but nothing happens. I tried some regedit fixes but they didn't work. Any good suggestions. The most drastic fix I haven't tried b/c they said things might go wrong.

Also I cannot change my startup program list. says i'm not administrator but I am on admin account. I know the fix for this it is b/c of my hp printer drivers pro l7500 model(thats my hardware not the drivers) and I could fix this problem but I cannot get in to regedit.

Overall I just need some support b/c right now i am just running on pure will power and my system management is extremely frustrating. I just want a workable computer but always with these kind of issues. It really needs a whole system reset and I can't wait for the day I accomplish that. But when these kind of issues come up i'll know how to better handle it and already do. Thanks in advance if I think of any more issues(and I guarantee there will be) i'll let you know. Here are the dds logs you wanted I thought i had posted them but here ya go.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Jordan Hope at 23:08:42.71 on Tue 10/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2583 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe "C:\WINDOWS\system32\A9.tmp"
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jordan Hope\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Comcast
uDefault_Page_URL = hxxp://www.msn.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {2b98916a-508d-4dbe-92db-23289d75b228} - bohumoye.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\chessmaster challenge\images\stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\chessmaster challenge\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\nemudodi.dll ravufuge.dll c:\windows\system32\pupamawe.dll c:\windows\system32\vulagidi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: muramorin - {742835c6-284a-4de6-a7ea-0215226600a8} - No File
SSODL: yiyutaber - {a3e60492-2a6c-4ace-a7a0-1b4d3695800e} -
SSODL: mopineget - {078ec648-5a4a-4a9f-8aeb-560f90b1c25d} -
SSODL: dodizeyil - {f71175e5-825a-4349-b3b1-c9dc9ed14e1a} -
SSODL: balinizer - {470ec599-8203-454b-9152-74ef5aa47c31} - No File
STS: {742835c6-284a-4de6-a7ea-0215226600a8} - No File
STS: {a3e60492-2a6c-4ace-a7a0-1b4d3695800e}: gahurihor
STS: {078ec648-5a4a-4a9f-8aeb-560f90b1c25d}: jugezatag
STS: {f71175e5-825a-4349-b3b1-c9dc9ed14e1a}: jugezatag
STS: {470ec599-8203-454b-9152-74ef5aa47c31} - No File
LSA: Notification Packages = scecli jevaziji.dll ravufuge.dll
IFEO: a2service.exe - ntsd -d
IFEO: ArcaCheck.exe - ntsd -d
IFEO: arcavir.exe - ntsd -d
IFEO: ashDisp.exe - ntsd -d
IFEO: ashEnhcd.exe - ntsd -d

Note: multiple IFEO entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jordan~1\applic~1\mozilla\firefox\profiles\i6ubcxao.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\components\SABFF15.DLL
FF - plugin: c:\documents and settings\jordan hope\application data\mozilla\firefox\profiles\i6ubcxao.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
S2 PolicyAgentShellHWDetection;IPSEC Services PolicyAgentShellHWDetection;c:\windows\system32\a9.tmp srv --> c:\windows\system32\A9.tmp srv [?]
S3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [2009-5-22 2560]

=============== Created Last 30 ================

2009-10-28 06:01:10 0 d--h--w- c:\windows\msdownld.tmp
2009-10-28 05:13:40 0 d-----w- C:\8eab70bbae39bcd55eafdd6d9f8859
2009-10-28 05:05:31 0 dc-h--w- c:\windows\ie8
2009-10-28 05:04:45 0 d-----w- C:\43001bd014884768ce98eb42
2009-10-27 22:50:25 0 d-----w- C:\swsetup
2009-10-27 17:24:02 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap
2009-10-24 03:12:11 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-24 03:11:52 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-24 03:11:50 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-24 03:11:50 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-10-23 03:26:30 0 d-----w- c:\docume~1\alluse~1\applic~1\NeoEdge Networks
2009-10-15 03:15:36 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-10-15 03:15:36 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf
2009-10-15 01:56:37 402 --sha-r- c:\documents and settings\jordan hope\ntuser.pol
2009-10-15 01:54:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-15 01:54:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-15 01:54:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 06:56:05 389120 ----a-w- c:\windows\system32\CF4659.exe
2009-10-14 06:27:25 0 d--h--w- c:\windows\system32\GroupPolicy
2009-10-14 05:52:54 0 d-----w- c:\windows\system32\FxsTmp
2009-10-14 05:45:16 535 ----a-w- c:\windows\system32\mapisvc.inf
2009-10-14 05:45:15 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll
2009-10-14 05:45:15 31744 ----a-w- c:\windows\system32\fxsroute.dll
2009-10-14 05:45:15 1793 ----a-w- c:\windows\system32\fxsperf.ini
2009-10-14 05:45:15 1361 ----a-w- c:\windows\system32\fxscount.h
2009-10-14 05:45:15 132608 -c--a-w- c:\windows\system32\dllcache\fxsclntr.dll
2009-10-14 05:45:15 132608 ----a-w- c:\windows\system32\fxsclntR.dll
2009-10-14 05:45:15 11264 -c--a-w- c:\windows\system32\dllcache\fxssend.exe
2009-10-14 05:45:15 11264 ----a-w- c:\windows\system32\fxssend.exe
2009-10-14 05:45:14 111104 -c--a-w- c:\windows\system32\dllcache\fxscfgwz.dll
2009-10-14 05:45:14 111104 ----a-w- c:\windows\system32\fxscfgwz.dll
2009-10-14 03:30:25 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2009-10-14 02:55:02 0 d-----w- c:\windows\system32\Cache
2009-10-14 02:54:26 0 d-----w- c:\program files\MSN Gaming Zone
2009-10-14 00:31:28 0 d-----w- c:\windows\system32\wbem\Repository
2009-10-14 00:27:29 8002 ----a-w- c:\windows\system32\smtpctrs.h
2009-10-14 00:27:28 773 ----a-w- c:\windows\system32\ntfsdrct.h
2009-10-14 00:19:31 5379 ----a-w- c:\windows\system32\w3ctrs.h
2009-10-14 00:16:24 0 d-----w- c:\windows\LastGood(2)
2009-10-14 00:16:18 0 d-----w- c:\windows\system32\msmq
2009-10-13 23:21:04 4597 ----a-w- c:\windows\system32\dhcp.mib
2009-10-13 23:21:04 16617 ----a-w- c:\windows\system32\authserv.mib
2009-10-13 23:21:03 15597 ----a-w- c:\windows\system32\accserv.mib
2009-10-13 22:35:30 0 d-----w- C:\Inetpub
2009-10-13 21:58:41 4337664 ----a-w- c:\documents and settings\jordan hope\s-1-5-21-2052111302-115176313-839522115-1006.rrr
2009-10-10 01:24:11 0 d-----w- C:\websymbols
2009-10-10 00:10:49 0 d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-10-09 23:27:46 0 d-----w- c:\docume~1\jordan~1\applic~1\McAfee
2009-10-09 23:03:24 0 d-----w- c:\program files\Trend Micro
2009-10-06 20:56:34 0 d-----w- c:\program files\Advanced Spyware Remover
2009-09-29 06:51:27 32 --s-a-w- c:\windows\system32\3654546761.dat
2009-09-29 06:51:26 82432 -c--a-w- c:\windows\system32\dllcache\ws2_32.dll
2009-09-29 06:51:26 51712 ----a-w- c:\windows\system32\A9.tmp

==================== Find3M ====================

2009-10-24 20:54:31 138056 ----a-w- c:\docume~1\jordan~1\applic~1\PnkBstrK.sys
2009-09-16 17:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 17:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 17:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 17:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 17:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-24 22:32:49 249856 ------w- c:\windows\Setup1.exe
2009-08-24 22:32:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-09 01:28:52 60928 --sha-w- c:\windows\system32\futoweni.dll
2009-07-09 01:28:52 83968 --sha-w- c:\windows\system32\tilerove.dll

============= FINISH: 23:09:25.29 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/3/2006 2:40:16 PM
System Uptime: 10/27/2009 11:01:41 PM (0 hours ago)

Motherboard: Dell Inc. | | 0J3492
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 81.569 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1066: 7/29/2009 7:20:04 PM - System Checkpoint
RP1067: 7/31/2009 9:25:12 AM - System Checkpoint
RP1068: 7/31/2009 1:08:09 PM - Installed Full Tilt Poker
RP1069: 8/1/2009 1:51:09 PM - System Checkpoint
RP1070: 8/2/2009 2:21:07 PM - System Checkpoint
RP1071: 8/3/2009 3:48:15 PM - System Checkpoint
RP1072: 8/4/2009 5:21:47 PM - System Checkpoint
RP1073: 8/4/2009 8:46:56 PM - Installed Java™ 6 Update 15
RP1074: 8/4/2009 8:47:38 PM - Installed Java Runtime Environment
RP1075: 8/6/2009 7:57:17 AM - System Checkpoint
RP1076: 8/7/2009 10:15:43 AM - System Checkpoint
RP1077: 8/8/2009 11:35:19 AM - System Checkpoint
RP1078: 8/9/2009 12:22:39 PM - System Checkpoint
RP1079: 8/11/2009 7:04:00 PM - System Checkpoint
RP1080: 8/12/2009 10:09:29 PM - Software Distribution Service 3.0
RP1081: 8/14/2009 11:59:15 AM - System Checkpoint
RP1082: 8/15/2009 1:05:29 PM - System Checkpoint
RP1083: 8/16/2009 2:47:38 PM - System Checkpoint
RP1084: 8/17/2009 7:24:23 PM - System Checkpoint
RP1085: 8/19/2009 9:32:53 AM - System Checkpoint
RP1086: 8/20/2009 10:02:52 AM - System Checkpoint
RP1087: 8/21/2009 11:09:30 AM - System Checkpoint
RP1088: 8/23/2009 2:23:29 PM - System Checkpoint
RP1089: 8/24/2009 9:09:59 AM - Removed Full Tilt Poker
RP1090: 8/25/2009 1:38:22 PM - System Checkpoint
RP1091: 8/26/2009 11:15:41 PM - Software Distribution Service 3.0
RP1092: 8/28/2009 9:18:55 AM - System Checkpoint
RP1093: 8/30/2009 3:19:51 PM - System Checkpoint
RP1094: 8/31/2009 6:45:30 PM - System Checkpoint
RP1095: 9/3/2009 10:07:12 AM - System Checkpoint
RP1096: 9/4/2009 6:23:50 PM - System Checkpoint
RP1097: 9/6/2009 1:59:37 PM - System Checkpoint
RP1098: 9/7/2009 2:32:21 PM - System Checkpoint
RP1099: 9/8/2009 12:03:26 PM - Software Distribution Service 3.0
RP1100: 9/10/2009 10:53:01 AM - System Checkpoint
RP1101: 9/11/2009 11:47:52 AM - System Checkpoint
RP1102: 9/12/2009 1:41:24 PM - System Checkpoint
RP1103: 9/13/2009 1:58:17 PM - System Checkpoint
RP1104: 9/13/2009 10:31:48 PM - Software Distribution Service 3.0
RP1105: 9/15/2009 10:41:40 AM - Installed Watt U Use
RP1106: 9/17/2009 6:11:49 PM - System Checkpoint
RP1107: 9/18/2009 8:01:55 PM - System Checkpoint
RP1108: 9/20/2009 2:21:32 PM - System Checkpoint
RP1109: 9/22/2009 8:20:12 AM - System Checkpoint
RP1110: 9/23/2009 8:50:36 AM - System Checkpoint
RP1111: 9/24/2009 11:25:33 AM - System Checkpoint
RP1112: 9/25/2009 6:03:07 PM - System Checkpoint
RP1113: 9/26/2009 9:09:18 PM - System Checkpoint
RP1114: 9/27/2009 10:32:11 PM - System Checkpoint
RP1115: 9/29/2009 3:10:41 PM - System Checkpoint
RP1116: 10/1/2009 11:17:49 AM - System Checkpoint
RP1117: 10/2/2009 12:08:32 PM - System Checkpoint
RP1118: 10/3/2009 8:30:29 PM - Installed Dell Driver Reset Tool
RP1119: 10/6/2009 4:51:28 PM - Restore Operation
RP1120: 10/6/2009 4:54:48 PM - Installed Microsoft .NET Framework 1.1
RP1121: 10/6/2009 10:27:42 PM - Restore Operation
RP1122: 10/6/2009 10:30:39 PM - Restore Operation
RP1123: 10/8/2009 1:13:45 AM - Software Distribution Service 3.0
RP1124: 10/8/2009 6:12:55 AM - Software Distribution Service 3.0
RP1125: 10/9/2009 4:27:29 PM - Installed McAfee Virtual Technician
RP1126: 10/9/2009 5:10:44 PM - Installed Debugging Tools for Windows (x86)
RP1127: 10/10/2009 9:45:48 PM - System Checkpoint
RP1128: 10/12/2009 7:57:10 AM - System Checkpoint
RP1129: 10/13/2009 9:04:16 AM - System Checkpoint
RP1130: 10/13/2009 5:30:36 PM - Restore Operation
RP1131: 10/13/2009 7:10:18 PM - Restore Operation
RP1132: 10/13/2009 7:56:23 PM - Restore Operation
RP1133: 10/13/2009 11:30:52 PM - good2go
RP1134: 10/15/2009 1:45:37 PM - System Checkpoint
RP1135: 10/18/2009 2:15:59 PM - System Checkpoint
RP1136: 10/19/2009 2:58:00 PM - System Checkpoint
RP1137: 10/20/2009 5:41:07 PM - System Checkpoint
RP1138: 10/22/2009 11:55:48 AM - System Checkpoint
RP1139: 10/23/2009 1:45:24 PM - System Checkpoint
RP1140: 10/23/2009 7:45:46 PM - Removed Watt U Use
RP1141: 10/25/2009 2:28:31 PM - System Checkpoint
RP1142: 10/26/2009 6:20:55 PM - System Checkpoint
RP1143: 10/27/2009 11:02:45 PM - Restore Operation

==== Image File Execution Options ============

IFEO: a2service.exe - ntsd -d
IFEO: ArcaCheck.exe - ntsd -d
IFEO: arcavir.exe - ntsd -d
IFEO: ashDisp.exe - ntsd -d
IFEO: ashEnhcd.exe - ntsd -d
IFEO: ashServ.exe - ntsd -d
IFEO: ashUpd.exe - ntsd -d
IFEO: aswUpdSv.exe - ntsd -d
IFEO: autoruns.exe - ntsd -d
IFEO: avadmin.exe - ntsd -d
IFEO: avcenter.exe - ntsd -d
IFEO: avcls.exe - ntsd -d
IFEO: avconfig.exe - ntsd -d
IFEO: avconsol.exe - ntsd -d
IFEO: avgnt.exe - ntsd -d
IFEO: avgrssvc.exe - ntsd -d
IFEO: avguard.exe - ntsd -d
IFEO: AvMonitor.exe - ntsd -d
IFEO: avp.com - ntsd -d
IFEO: avp.exe - ntsd -d
IFEO: AVP32.EXE - ntsd -d
IFEO: avscan.exe - ntsd -d
IFEO: avz.exe - ntsd -d
IFEO: avz4.exe - ntsd -d
IFEO: avz_se.exe - ntsd -d
IFEO: bdagent.exe - ntsd -d
IFEO: bdinit.exe - ntsd -d
IFEO: caav.exe - ntsd -d
IFEO: caavguiscan.exe - ntsd -d
IFEO: casecuritycenter.exe - ntsd -d
IFEO: CCenter.exe - ntsd -d
IFEO: ccupdate.exe - ntsd -d
IFEO: cfp.exe - ntsd -d
IFEO: cfpupdat.exe - ntsd -d
IFEO: cmdagent.exe - ntsd -d
IFEO: drwadins.exe - ntsd -d
IFEO: DRWEB32.EXE - ntsd -d
IFEO: drwebupw.exe - ntsd -d
IFEO: ekrn.exe - ntsd -d
IFEO: FAMEH32.EXE - ntsd -d
IFEO: filemon.exe - ntsd -d
IFEO: FPAVServer.exe - ntsd -d
IFEO: fpscan.exe - ntsd -d
IFEO: FPWin.exe - ntsd -d
IFEO: fsav32.exe - ntsd -d
IFEO: fsgk32st.exe - ntsd -d
IFEO: FSMA32.EXE - ntsd -d
IFEO: GFRing3.exe - ntsd -d
IFEO: guardgui.exe - ntsd -d
IFEO: guardxservice.exe - ntsd -d
IFEO: guardxup.exe - ntsd -d
IFEO: HijackThis.exe - ntsd -d
IFEO: KASMain.exe - ntsd -d
IFEO: KASTask.exe - ntsd -d
IFEO: KAV32.exe - ntsd -d
IFEO: KAVDX.exe - ntsd -d
IFEO: KAVPF.exe - ntsd -d
IFEO: KAVPFW.exe - ntsd -d
IFEO: KAVStart.exe - ntsd -d
IFEO: KPFW32.exe - ntsd -d
IFEO: KPFW32X.exe - ntsd -d
IFEO: Navapsvc.exe - ntsd -d
IFEO: Navapw32.exe - ntsd -d
IFEO: navigator.exe - ntsd -d
IFEO: NAVNT.EXE - ntsd -d
IFEO: NAVSTUB.EXE - ntsd -d
IFEO: NAVW32.EXE - ntsd -d
IFEO: NAVWNT.EXE - ntsd -d
IFEO: niu.exe - ntsd -d
IFEO: nod32.exe - ntsd -d
IFEO: nod32krn.exe - ntsd -d
IFEO: Nvcc.exe - ntsd -d
IFEO: OllyDBG.EXE - ntsd -d
IFEO: outpost.exe - ntsd -d
IFEO: preupd.exe - ntsd -d
IFEO: procexp.exe - ntsd -d
IFEO: pskdr.exe - ntsd -d
IFEO: regedit.exe - ntsd -d
IFEO: regmon.exe - ntsd -d
IFEO: RegTool.exe - ntsd -d
IFEO: scan32.exe - ntsd -d
IFEO: SfFnUp.exe - ntsd -d
IFEO: Vba32arkit.exe - ntsd -d
IFEO: vba32ldr.exe - ntsd -d
IFEO: vsserv.exe - ntsd -d
IFEO: Zanda.exe - ntsd -d
IFEO: zapro.exe - ntsd -d
IFEO: Zlh.exe - ntsd -d
IFEO: zonealarm.exe - ntsd -d
IFEO: zoneband.dll - ntsd -d

==== Installed Programs ======================

1 Click UnZip
3D Studio MAX R3.1
7-Zip 4.65
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.2 Professional
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator 8.0
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.0
AHV content for Acrobat and Flash
AOL Uninstaller (Choose which Products to Remove)
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BitTorrent
C-evo
Chessmaster Challenge
CleanDisk v3.0
Comcast High-Speed Internet Install Wizard
Critical Update for Windows Media Player 11 (KB959772)
Debugging Tools for Windows (x86)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell ResourceCD
Desktop Doctor
Dev-C++ 5 beta 9 release (4.9.9.2)
DNA
DriverAgent by eSupport.com
EclipseCrossword
FileStream Magic Cube
Free RAR Extract Frog 1.00
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Heroes of Might and Magic II
Heroes of Might and Magic V
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel® 537EP V9x DF PCI Modem
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java™ 6 Update 15
Java™ 6 Update 7
LimeWire 4.12.11
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Flash MX 2004
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.5.3)
MSN Toolbar
MUSICMATCH® Jukebox
My Tribe
Now Boarding
Painter 6
PDF Settings
Poker Superstars III
Poker Superstars III (remove only)
PowerDVD 5.1
PunkBuster Services
QuickTime
RegCure 1.6.0.0
Registry Mechanic 8.0
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sentinel System Driver
Sid Meier's Civilization 4
Skype web features
Skype™ 4.1
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Sword of The New World
Symantec KB-DocID:2003093015493306
The Unzip Wizard
TurboZIP
TurboZIP Express
Tweak UI
Uniblue DriverScanner 2009
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6f
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/27/2009 9:57:51 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8055196d, parameter3 f78d27e4, parameter4 00000000.
10/27/2009 9:48:55 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
10/27/2009 9:19:13 PM, error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
10/27/2009 9:05:54 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80551ae2, parameter3 af40983c, parameter4 00000000.
10/27/2009 9:03:00 PM, error: System Error [1003] - Error code 10000050, parameter1 e400eff8, parameter2 00000000, parameter3 bf85b6b7, parameter4 00000001.
10/27/2009 9:00:04 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
10/27/2009 10:56:46 PM, error: System Error [1003] - Error code 10000050, parameter1 c1f8bf1c, parameter2 00000000, parameter3 804e8da4, parameter4 00000000.
10/27/2009 10:56:43 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000010, parameter2 00000002, parameter3 00000001, parameter4 804f88b8.
10/27/2009 10:56:40 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 805519e9, parameter3 afc11ac8, parameter4 00000000.
10/27/2009 10:56:37 PM, error: System Error [1003] - Error code 10000050, parameter1 8cd34000, parameter2 00000001, parameter3 f7b74fb8, parameter4 00000000.
10/27/2009 10:39:07 AM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 f78ba850, parameter3 f78ba54c, parameter4 805519e9.
10/27/2009 10:29:12 AM, error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).
10/27/2009 10:28:12 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
10/27/2009 10:25:58 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/27/2009 10:22:45 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/27/2009 10:16:53 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 afb280e0, parameter3 afb27ddc, parameter4 805515a1.
10/27/2009 10:15:05 AM, error: Service Control Manager [7023] - The McAfee SystemGuards service terminated with the following error: Unspecified error
10/27/2009 10:10:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
10/27/2009 10:10:02 PM, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/27/2009 10:07:45 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80551ae2, parameter3 af71ce14, parameter4 00000000.
10/27/2009 10:02:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
10/24/2009 9:50:49 AM, error: System Error [1003] - Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3 00020606, parameter4 e512fae8.
10/24/2009 9:09:07 PM, error: System Error [1003] - Error code 000000ea, parameter1 8aaf0350, parameter2 89beaca8, parameter3 89fdd3d8, parameter4 00000001.
10/24/2009 3:17:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL sptd
10/24/2009 3:17:08 PM, error: Service Control Manager [7023] - The Simple Mail Transfer Protocol (SMTP) service terminated with the following error: The system cannot find the path specified.
10/24/2009 3:17:08 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
10/24/2009 3:16:32 PM, error: SMTPSVC [116] - The service metabase path '/LM/SMTPSVC/' could not be opened. The data is the error code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
10/24/2009 11:42:04 AM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
10/24/2009 11:15:07 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/24/2009 11:00:19 AM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
10/24/2009 10:00:01 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
10/24/2009 10:00:01 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL. Reference error message: The operation completed successfully. .
10/24/2009 10:00:01 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
10/23/2009 9:35:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
10/23/2009 9:22:52 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/23/2009 8:01:42 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/23/2009 7:33:13 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
10/21/2009 7:15:10 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/21/2009 7:13:37 PM, error: System Error [1003] - Error code 000000ea, parameter1 89bc39d8, parameter2 8a28ed88, parameter3 89ce28a8, parameter4 00000001.
10/21/2009 11:40:01 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 af726d54, parameter3 af726a50, parameter4 805515a1.
10/21/2009 11:30:33 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:46 PM

Posted 28 October 2009 - 08:07 AM

Hello xxjhoxx1 my name is Sempai and welcome to Bleeping Computer.

*We apologize for the delay. Forum have been busy.

*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.

*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.

*You must reply within 5 days otherwise this topic will be closed.




1. Please do not manipulate your registry by any means if you're not familiar on how to do it properly and carefully.

Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

*Registry tools can cause irreparable damage to your Operating System
*Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.

Cleaning the registry won't really improve system performance, even though there a lot of orphaned keys.
IMHO, if registry cleaning was required, then Microsoft would have added this option. So you use registry at you own risk. After all, a corrupted registry is a corrupted Windows.

Registry Cleaners and System Tweaking Tools



2. Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent / LimeWire).

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."



3. Please download RKill by Grinler.

Link 1
Link 2

  • Save it to your desktop.
  • Close/disable your anti virus program so they do not interfere with RKill. (Tutorials on how to disable your anti virus program can be found HERE.)
  • Double click the RKILL icon to start the program. (For Windows VISTA, right click the icon and run as administrator)
  • A window will appear and close automatically once completed. This indicates a successful run.


4. We need to download and run ComboFix (by sUBs)

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2

  • Temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note**:

*If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


Warning!

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper, *** If your are not the topic starter DO NOT run this tool as it could cause irreversible damage to your computer.


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix




5. Please create a fresh DDS log and post it together with the ComboFix.txt when you reply.


~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:46 PM

Posted 31 October 2009 - 09:13 AM

Hi,

Do you still need our help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:46 AM

Posted 04 November 2009 - 01:19 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users