Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Delf-HPR Trj


  • This topic is locked This topic is locked
20 replies to this topic

#1 Abhilasha

Abhilasha

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 27 November 2009 - 11:50 AM

Hi,
I had a problem a few days back where this laptop was infected by malware-gen, wali and injector.
I used TFC, MBAM and Root Repeal as directed. The Trojans were deleted but avast detected another virus in the system32 folder called Delf-HPR.
I was redirected to this forum for help :(

Attached is the dds log and the root repeal log and attached is the attachment:

DDS LOG:
_________________________________________________________________________________

DDS (Ver_09-11-24.02) - NTFSx86
Run by Election at 21:34:02.50 on Fri 11/27/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.655 [GMT 5.5:30]

AV: avast! antivirus 4.8.1356 [VPS 091127-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Huawei\MT882\dslagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Documents and Settings\Election\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {cad18e3b-24ad-4b27-9b68-6740a690c07b} - c:\windows\system32\bwwdgcl.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [DSLAGENTEXE] c:\program files\huawei\mt882\dslagent.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [HPWRTOOLBOX] c:\program files\hewlett-packard\hp deskjet 460 series\toolbox\HPWRTBX.exe "-i"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [AsusUpd.exe] AsusUpd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {29E9644B-E42A-44B0-8EB0-C484CC4223BB} = 164.100.3.1,164.100.17.3
TCP: {A4280699-0393-40DA-B8BC-2B25A2331D67} = 218.248.255.161 218.248.240.180
Notify: pvlyurfc - bwwdgcl.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-24 20560]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870UVCx86.sys [2009-10-12 70144]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2009-10-12 37040]
S2 axbacvww;Microcode Update Controller;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

=============== Created Last 30 ================

2009-11-25 05:17:43 16 ----a-w- c:\windows\system32\api.dat
2009-11-25 05:17:39 18944 ----a-w- c:\windows\system32\AsusUpd.exe
2009-11-25 05:12:22 0 d-----w- c:\docume~1\election\applic~1\Malwarebytes
2009-11-25 05:12:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-25 05:12:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 05:12:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 05:12:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-01 03:56:04 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-01 03:56:04 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-01 03:55:03 37376 ----a-w- c:\windows\system32\hpz3l3xt.dll
2009-11-01 03:54:49 443 ----a-r- c:\windows\hpw0460k.ini
2009-11-01 03:54:49 102400 ----a-r- c:\windows\scrub2k.exe
2009-11-01 03:53:42 92 ----a-w- c:\windows\hpdj460.ini
2009-11-01 03:53:42 79 ----a-w- c:\windows\hpdj460.his
2009-11-01 03:53:24 2702 ----a-w- c:\windows\mariner.his
2009-11-01 03:53:24 1366 ----a-w- c:\windows\mariner.ini

==================== Find3M ====================

2009-10-13 17:24:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-12 06:43:36 315392 ----a-w- c:\windows\HideWin.exe
2009-10-12 06:10:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 21:35:08.01 ===============


________________________________________________________________________________________________________________
ROOT REPEAL LOG:
________________________________________________________________________________________________________________

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/25 11:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF4BA5000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5c496b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5c49574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5c49a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5c4914c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5c4964e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5c4908c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5c490f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5c4976e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5c4972e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5c498ae

Stealth Objects
-------------------
Object: Hidden Module [Name: unp209]
Process: winlogon.exe (PID: 936) Address: 0x01310000 Size: 282624

==EOF==




___________________________________________________________________________________________

Thankyou and awaiting your response.

Abhilasha :(

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:41 PM

Posted 02 December 2009 - 11:02 AM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 Abhilasha

Abhilasha
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 03 December 2009 - 05:12 AM

Hi,

Thankyou for trying to help me out.
I dont yet have a solution for my problem.
I have pasted below the information that you need.

Log:
_________________________________________________________________________________________________
Logfile of random's system information tool 1.06 (written by random/random)
Run by Election at 2009-12-03 15:38:28
Microsoft Windows XP Professional Service Pack 2
System drive C: has 23 GB (76%) free of 30 GB
Total RAM: 1014 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:03 PM, on 12/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Huawei\MT882\dslagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Election\Desktop\RSIT.exe
C:\Program Files\trend micro\Election.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [AsusUpd.exe] AsusUpd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AsusUpd.exe] AsusUpd.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{29E9644B-E42A-44B0-8EB0-C484CC4223BB}: NameServer = 164.100.3.1,164.100.17.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4280699-0393-40DA-B8BC-2B25A2331D67}: NameServer = 218.248.255.161 218.248.240.180
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6091 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-07-31 909040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-07-31 159472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-07-31 909040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2007-11-05 53248]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-11-05 118784]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2007-11-05 69632]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DSLAGENTEXE"=C:\Program Files\Huawei\MT882\dslagent.exe [2003-10-31 65536]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-13 149280]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"HPWRTOOLBOX"=C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe [2005-10-26 344064]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Huawei\MT882\dslagent.exe"="C:\Program Files\Huawei\MT882\dslagent.exe:*:Enabled:dslagent"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{494a7ad3-c535-11de-8204-000fa38f3964}]
shell\AutoRun\command - E:\DSK\FLE.exe
shell\open\command - E:\DSK\FLE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8360bb37-b820-11de-81ea-000fa38f3964}]
shell\AutoRun\command - DSK\FLE.exe
shell\open\command - DSK\FLE.exe


======List of files/folders created in the last 1 months======

2009-12-03 15:38:30 ----D---- C:\Program Files\trend micro
2009-12-03 15:38:28 ----D---- C:\rsit
2009-11-30 11:01:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-27 22:13:04 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-11-25 11:02:12 ----A---- C:\RootRepeal report 11-25-09 (11-02-12).txt
2009-11-25 10:59:21 ----A---- C:\RootRepeal report 11-25-09 (10-59-21).txt
2009-11-25 10:42:22 ----D---- C:\Documents and Settings\Election\Application Data\Malwarebytes
2009-11-25 10:42:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

======List of files/folders modified in the last 1 months======

2009-12-03 15:38:48 ----D---- C:\WINDOWS\Temp
2009-12-03 15:38:33 ----D---- C:\WINDOWS\Prefetch
2009-12-03 15:38:30 ----RD---- C:\Program Files
2009-12-03 15:14:19 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-01 13:40:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-30 12:52:56 ----D---- C:\WINDOWS\system32
2009-11-30 12:28:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-30 11:24:13 ----D---- C:\Documents and Settings\Election\Application Data\BitTorrent
2009-11-30 11:15:26 ----D---- C:\Documents and Settings\Election\Application Data\vlc
2009-11-30 11:01:58 ----D---- C:\WINDOWS\system32\drivers
2009-11-28 15:27:06 ----D---- C:\WINDOWS
2009-11-28 00:23:57 ----SHD---- C:\WINDOWS\Installer
2009-11-25 10:53:34 ----SD---- C:\WINDOWS\Tasks
2009-11-25 10:47:37 ----SHD---- C:\System Volume Information
2009-11-25 10:47:37 ----D---- C:\WINDOWS\system32\Restore
2009-11-25 05:24:29 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R3 5U870UVC;Sony Visual Communication Camera VGP-VCC7; C:\WINDOWS\System32\Drivers\5U870UVCx86.sys [2007-11-28 70144]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-11-05 108767]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-10-21 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-10-21 878520]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-05 4429312]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\system32\DRIVERS\SonyNC.sys [2001-08-17 20752]
R3 SPI;Sony Programmable I/O Control Device; C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 37040]
R3 USB_RNDIS;Huawei Remote USB Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 12672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-11-05 259712]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-10-21 539160]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-10-21 156392]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-10-21 55352]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\8.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-07-10 260704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-13 153376]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-10 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 axbacvww;Microcode Update Controller; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------



________________________________________________________________________
info:
________________________________________________________________________

info.txt logfile of random's system information tool 1.06 2009-12-03 15:39:06

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Deskjet 460 Series-->C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Installer\setup.exe /x
HP Deskjet 460-->msiexec /x{9875BF9C-8565-4085-B6A4-5D8D838FB5C3}
Huawei MT882 USB ADSL Modem-->C:\Program Files\Huawei\MT882\uninstall.exe
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setup.exe /uninstall ExtraUninstallID=""
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 091129-1]

======System event log======

Computer Name: GOVT-2
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 62
Source Name: W32Time
Time Written: 20091012121636.000000+330
Event Type: error
User:

Computer Name: GOVT-2
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Record Number: 55
Source Name: W32Time
Time Written: 20091012121159.000000+330
Event Type: error
User:

Computer Name: GOVT-2
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 54
Source Name: W32Time
Time Written: 20091012121159.000000+330
Event Type: error
User:

Computer Name: GOVT-2
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 50
Source Name: W32Time
Time Written: 20091012121038.000000+330
Event Type: error
User:

Computer Name: GOVT-2
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 49
Source Name: W32Time
Time Written: 20091012121038.000000+330
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------





Thanks again.
Awaiting your reply.


Abhilasha

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:41 PM

Posted 03 December 2009 - 10:43 AM

Hi Abhilasha,

Can you tell me what problems you are currently having?


Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case bittorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Thanks

unite.jpg


#5 Abhilasha

Abhilasha
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 04 December 2009 - 10:06 AM

Hi,

Thank you for the swift response.
And also for the info on peer to peer warning. Someone told me it was one of the safe ways to sample media.. anyway... it has landed me in trouble!

The history these posts is that i was initially infected my win32:walivun which keep disconnecting my internet everytime i connected. Avast could not delete it and so i had my laptop reformatted. Then about 3 weeks later i was infected with injector, wali and malware-gen. To which i was asked on this site to use tfc, mbam and root repeal. It worked and i was rid of all those. And as soon as the root repeal scan was over. Avast detected win32:delf-hpr... it could not be deleted, moved or anything! it is present in my system32 folder.

The person who viewed my rootrepeal log asked me to post here because there was something amiss about the log. And now i have primarily two problems. Theres delf-hpr that avast has detected twice and i dont know what to do about it. And there also is trogan-gen that just wont go. It has however been dormant for 3 days now.

Below is the scan log you asked me to post:

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-04 20:24:31
Windows 5.1.2600 Service Pack 2
Running: o1ygixod.exe; Driver: C:\DOCUME~1\Election\LOCALS~1\Temp\kwtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF5C496B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF5C49574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF5C49A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF5C4914C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF5C4964E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF5C4908C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF5C490F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF5C4976E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF5C4972E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF5C498AE]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF5C5282E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF5C52678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF5C527AC]
Code 6AAFCD99 KeFindConfigurationNextEntry
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 80582DFE 7 Bytes JMP F5C527B0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A9DEE 7 Bytes JMP F5C5267C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF966 7 Bytes JMP F5C52832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF7485380]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[984] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[984] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\00000859 -> \Driver\atapi \Device\Harddisk0\DR0 8653DE07

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----





Thank you. Awaiting your reply.

Abhilasha

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:41 PM

Posted 04 December 2009 - 02:59 PM

I do see evidence of a Rootkit in your Gmer log, so you need to know the following information.

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 Abhilasha

Abhilasha
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 06 December 2009 - 07:14 AM

Hi,

I dont do any banking from this laptop. I do have a secure comp for that purpose.
I ran combo fix and below is the log you asked for:

ComboFix 09-12-05.03 - Election 12/06/2009 17:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.680 [GMT 5.5:30]
Running from: c:\documents and settings\Election\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091206-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Election\Application Data\bcrypt.html
c:\recycler\S-1-5-21-1062325712-5299388379-428788016-8320
c:\recycler\S-1-5-21-9477371881-9676425076-458759788-0768
c:\windows\system32\api.dat

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-06 11:44 . 2009-12-06 11:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-06 11:41 . 2009-12-06 11:41 -------- d-sh--w- c:\documents and settings\Election\IECompatCache
2009-12-04 15:44 . 2009-12-04 15:44 -------- d-sh--w- c:\documents and settings\Election\PrivacIE
2009-12-04 15:43 . 2009-12-04 15:43 -------- d-sh--w- c:\documents and settings\Election\IETldCache
2009-12-04 15:40 . 2009-01-07 12:51 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-04 15:39 . 2009-12-04 15:40 -------- dc-h--w- c:\windows\ie8
2009-12-04 15:37 . 2009-12-04 15:37 -------- d--h--w- c:\windows\$hf_mig$
2009-12-03 12:34 . 2004-08-03 18:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-03 10:08 . 2009-12-03 10:09 -------- d-----w- c:\program files\trend micro
2009-12-03 10:08 . 2009-12-03 10:09 -------- d-----w- C:\rsit
2009-11-30 05:31 . 2009-09-10 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-30 05:31 . 2009-11-30 05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-30 05:31 . 2009-09-10 09:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-27 16:43 . 2009-11-27 16:43 -------- d-----w- c:\documents and settings\Election\Local Settings\Application Data\WinZip
2009-11-27 16:43 . 2009-11-27 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-25 05:12 . 2009-11-25 05:12 -------- d-----w- c:\documents and settings\Election\Application Data\Malwarebytes
2009-11-25 05:12 . 2009-11-25 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-04 15:42 . 2009-10-13 19:06 -------- d-----w- c:\documents and settings\Election\Application Data\BitTorrent
2009-11-30 05:45 . 2009-10-24 14:13 -------- d-----w- c:\documents and settings\Election\Application Data\vlc
2009-11-24 23:54 . 2009-10-24 13:27 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-24 13:27 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-10-24 13:27 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-24 13:27 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-24 13:27 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-24 13:27 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-01 14:08 . 2009-10-13 17:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-01 03:54 . 2009-11-01 03:54 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-24 14:11 . 2009-10-24 14:11 -------- d-----w- c:\program files\VideoLAN
2009-10-24 13:27 . 2009-10-24 13:27 -------- d-----w- c:\program files\Alwil Software
2009-10-21 17:30 . 2009-10-21 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-21 09:14 . 2009-10-21 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-21 08:49 . 2009-10-21 08:46 -------- d-----w- c:\program files\Yahoo!
2009-10-21 08:49 . 2009-10-21 08:49 -------- d-----w- c:\documents and settings\Election\Application Data\Yahoo!
2009-10-18 15:23 . 2009-10-18 15:23 -------- d-----w- c:\documents and settings\Election\Application Data\CyberLink
2009-10-18 12:41 . 2009-10-18 12:11 -------- d-----w- c:\program files\Internet Download Manager
2009-10-18 12:14 . 2009-10-18 12:12 -------- d-----w- c:\documents and settings\Election\Application Data\IDM
2009-10-18 12:12 . 2009-10-18 12:12 -------- d-----w- c:\documents and settings\Election\Application Data\DMCache
2009-10-18 11:56 . 2009-10-18 11:43 -------- d-----w- c:\program files\DAP
2009-10-18 11:55 . 2009-10-18 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-18 11:54 . 2009-10-18 11:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-14 18:24 . 2009-10-12 06:13 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-13 19:06 . 2009-10-13 19:06 -------- d-----w- c:\program files\BitTorrent
2009-10-13 17:24 . 2009-10-13 17:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 17:24 . 2009-10-13 17:24 -------- d-----w- c:\program files\Java
2009-10-13 17:24 . 2009-10-13 17:24 152576 ----a-w- c:\documents and settings\Election\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-13 16:12 . 2009-10-13 16:12 -------- d-----w- c:\program files\Huawei
2009-10-13 09:36 . 2009-10-12 07:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 08:08 . 2009-10-12 08:08 68456 ----a-w- c:\documents and settings\Election\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 07:58 . 2009-10-12 07:58 -------- d-----w- c:\program files\Common Files\Nero
2009-10-12 07:56 . 2009-10-12 07:56 -------- d-----w- c:\program files\Ahead
2009-10-12 07:56 . 2009-10-12 07:56 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-12 07:55 . 2009-10-12 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-10-12 07:55 . 2009-10-12 07:55 -------- d-----w- c:\program files\CyberLink
2009-10-12 07:55 . 2009-10-12 06:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 07:54 . 2009-10-12 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-12 07:53 . 2009-10-12 07:53 -------- d-----w- c:\program files\Microsoft Works
2009-10-12 07:53 . 2009-10-12 07:53 -------- d-----w- c:\program files\MSBuild
2009-10-12 07:41 . 2009-10-12 07:41 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-10-12 06:56 . 2009-10-12 06:56 -------- d-----w- c:\program files\Sony
2009-10-12 06:56 . 2009-10-12 06:43 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-12 06:50 . 2009-10-12 06:50 -------- d-----w- c:\program files\Apoint
2009-10-12 06:49 . 2009-10-12 06:49 -------- d-----w- c:\program files\Intel
2009-10-12 06:45 . 2009-10-12 06:45 -------- d-----w- c:\program files\WIDCOMM
2009-10-12 06:43 . 2009-10-12 06:43 -------- d-----w- c:\program files\Realtek
2009-10-12 06:43 . 2009-10-12 06:43 315392 ----a-w- c:\windows\HideWin.exe
2009-10-12 06:15 . 2009-10-12 06:15 -------- d-----w- c:\program files\microsoft frontpage
2009-10-12 06:10 . 2009-10-12 06:10 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-15 10:56 . 2009-10-24 13:27 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-10-24 13:27 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-10-24 13:27 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2007-11-05 53248]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-11-05 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DSLAGENTEXE"="c:\program files\Huawei\MT882\dslagent.exe" [2003-10-31 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-13 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"HPWRTOOLBOX"="c:\program files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" [2005-10-25 344064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-13 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-10 572008]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Huawei\\MT882\\dslagent.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/24/2009 6:57 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/24/2009 6:57 PM 20560]
R3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870UVCx86.sys [10/12/2009 12:10 PM 70144]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [10/12/2009 5:04 PM 37040]
S2 axbacvww;Microcode Update Controller;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 12:26 AM 14336]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8.tmp --> c:\windows\system32\8.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
axbacvww
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {29E9644B-E42A-44B0-8EB0-C484CC4223BB} = 164.100.3.1,164.100.17.3
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-AsusUpd.exe - AsusUpd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 17:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8.tmp"
.
Completion time: 2009-12-06 17:34
ComboFix-quarantined-files.txt 2009-12-06 12:04

Pre-Run: 23,567,204,352 bytes free
Post-Run: 23,566,995,456 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 974960ED0552E860C37AF1FECCDFC901

________________________________________________________________________________

Thanks again. Waiting for your reply.

Abhilasha

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:41 PM

Posted 06 December 2009 - 09:16 AM

It appears you are still using BitTorrent even after I have asked you not to, please do not use it again whilst I am helping you, otherwise you will
have to uninstall it if you want to carry on recieving my help.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
axbacvww
NetSvc::
axbacvww

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#9 Abhilasha

Abhilasha
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 06 December 2009 - 10:25 PM

Hi,
I have uninstalled bittorrent.

Below is the log you requested for:

ComboFix 09-12-06.09 - Election 12/07/2009 8:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.740 [GMT 5.5:30]
Running from: c:\documents and settings\Election\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Election\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091206-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AXBACVWW
-------\Service_axbacvww


((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-06 11:44 . 2009-12-06 11:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-06 11:41 . 2009-12-06 11:41 -------- d-sh--w- c:\documents and settings\Election\IECompatCache
2009-12-04 15:44 . 2009-12-04 15:44 -------- d-sh--w- c:\documents and settings\Election\PrivacIE
2009-12-04 15:43 . 2009-12-04 15:43 -------- d-sh--w- c:\documents and settings\Election\IETldCache
2009-12-04 15:40 . 2009-01-07 12:51 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-04 15:39 . 2009-12-04 15:40 -------- dc-h--w- c:\windows\ie8
2009-12-04 15:37 . 2009-12-04 15:37 -------- d--h--w- c:\windows\$hf_mig$
2009-12-03 12:34 . 2004-08-03 18:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-03 10:08 . 2009-12-03 10:09 -------- d-----w- c:\program files\trend micro
2009-12-03 10:08 . 2009-12-03 10:09 -------- d-----w- C:\rsit
2009-11-30 05:31 . 2009-09-10 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-30 05:31 . 2009-11-30 05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-30 05:31 . 2009-09-10 09:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-27 16:43 . 2009-11-27 16:43 -------- d-----w- c:\documents and settings\Election\Local Settings\Application Data\WinZip
2009-11-27 16:43 . 2009-11-27 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-25 05:12 . 2009-11-25 05:12 -------- d-----w- c:\documents and settings\Election\Application Data\Malwarebytes
2009-11-25 05:12 . 2009-11-25 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 13:47 . 2009-10-13 17:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-30 05:45 . 2009-10-24 14:13 -------- d-----w- c:\documents and settings\Election\Application Data\vlc
2009-11-24 23:54 . 2009-10-24 13:27 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-24 13:27 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-10-24 13:27 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-24 13:27 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-24 13:27 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-24 13:27 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-01 03:54 . 2009-11-01 03:54 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-24 14:11 . 2009-10-24 14:11 -------- d-----w- c:\program files\VideoLAN
2009-10-24 13:27 . 2009-10-24 13:27 -------- d-----w- c:\program files\Alwil Software
2009-10-21 17:30 . 2009-10-21 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-21 09:14 . 2009-10-21 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-21 08:49 . 2009-10-21 08:46 -------- d-----w- c:\program files\Yahoo!
2009-10-21 08:49 . 2009-10-21 08:49 -------- d-----w- c:\documents and settings\Election\Application Data\Yahoo!
2009-10-18 15:23 . 2009-10-18 15:23 -------- d-----w- c:\documents and settings\Election\Application Data\CyberLink
2009-10-18 12:41 . 2009-10-18 12:11 -------- d-----w- c:\program files\Internet Download Manager
2009-10-18 12:14 . 2009-10-18 12:12 -------- d-----w- c:\documents and settings\Election\Application Data\IDM
2009-10-18 12:12 . 2009-10-18 12:12 -------- d-----w- c:\documents and settings\Election\Application Data\DMCache
2009-10-18 11:56 . 2009-10-18 11:43 -------- d-----w- c:\program files\DAP
2009-10-18 11:55 . 2009-10-18 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-18 11:54 . 2009-10-18 11:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-14 18:24 . 2009-10-12 06:13 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-13 17:24 . 2009-10-13 17:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 17:24 . 2009-10-13 17:24 -------- d-----w- c:\program files\Java
2009-10-13 17:24 . 2009-10-13 17:24 152576 ----a-w- c:\documents and settings\Election\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-13 16:12 . 2009-10-13 16:12 -------- d-----w- c:\program files\Huawei
2009-10-13 09:36 . 2009-10-12 07:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 08:08 . 2009-10-12 08:08 68456 ----a-w- c:\documents and settings\Election\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 07:58 . 2009-10-12 07:58 -------- d-----w- c:\program files\Common Files\Nero
2009-10-12 07:56 . 2009-10-12 07:56 -------- d-----w- c:\program files\Ahead
2009-10-12 07:56 . 2009-10-12 07:56 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-12 07:55 . 2009-10-12 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-10-12 07:55 . 2009-10-12 07:55 -------- d-----w- c:\program files\CyberLink
2009-10-12 07:55 . 2009-10-12 06:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 07:54 . 2009-10-12 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-12 07:53 . 2009-10-12 07:53 -------- d-----w- c:\program files\Microsoft Works
2009-10-12 07:53 . 2009-10-12 07:53 -------- d-----w- c:\program files\MSBuild
2009-10-12 07:41 . 2009-10-12 07:41 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-10-12 06:56 . 2009-10-12 06:56 -------- d-----w- c:\program files\Sony
2009-10-12 06:56 . 2009-10-12 06:43 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-12 06:50 . 2009-10-12 06:50 -------- d-----w- c:\program files\Apoint
2009-10-12 06:49 . 2009-10-12 06:49 -------- d-----w- c:\program files\Intel
2009-10-12 06:45 . 2009-10-12 06:45 -------- d-----w- c:\program files\WIDCOMM
2009-10-12 06:43 . 2009-10-12 06:43 -------- d-----w- c:\program files\Realtek
2009-10-12 06:43 . 2009-10-12 06:43 315392 ----a-w- c:\windows\HideWin.exe
2009-10-12 06:15 . 2009-10-12 06:15 -------- d-----w- c:\program files\microsoft frontpage
2009-10-12 06:10 . 2009-10-12 06:10 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-15 10:56 . 2009-10-24 13:27 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-10-24 13:27 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-10-24 13:27 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-12-06_12.03.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-07 03:18 . 2009-12-07 03:18 16384 c:\windows\Temp\Perflib_Perfdata_ac0.dat
+ 2009-12-07 03:18 . 2009-12-07 03:18 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2009-12-07 03:18 . 2009-12-07 03:18 16384 c:\windows\Temp\Perflib_Perfdata_70.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2007-11-05 53248]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-11-05 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DSLAGENTEXE"="c:\program files\Huawei\MT882\dslagent.exe" [2003-10-31 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-13 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"HPWRTOOLBOX"="c:\program files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" [2005-10-25 344064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-13 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-10 572008]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Huawei\\MT882\\dslagent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/24/2009 6:57 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/24/2009 6:57 PM 20560]
R3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870UVCx86.sys [10/12/2009 12:10 PM 70144]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [10/12/2009 5:04 PM 37040]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8.tmp --> c:\windows\system32\8.tmp [?]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {29E9644B-E42A-44B0-8EB0-C484CC4223BB} = 164.100.3.1,164.100.17.3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 08:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2576)
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-12-07 08:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-07 03:20
ComboFix2.txt 2009-12-06 12:04

Pre-Run: 23,494,701,056 bytes free
Post-Run: 23,467,106,304 bytes free

- - End Of File - - 11F6CF1B21E0E256313B39F92F4D6C1A








Thanks
Abhilasha

#10 Abhilasha

Abhilasha
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 06 December 2009 - 10:30 PM

Hi,
I have uninstalled bittorrent.

Below is the log you requested for:

ComboFix 09-12-06.09 - Election 12/07/2009 8:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.740 [GMT 5.5:30]
Running from: c:\documents and settings\Election\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Election\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091206-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AXBACVWW
-------\Service_axbacvww


((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-06 11:44 . 2009-12-06 11:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-06 11:41 . 2009-12-06 11:41 -------- d-sh--w- c:\documents and settings\Election\IECompatCache
2009-12-04 15:44 . 2009-12-04 15:44 -------- d-sh--w- c:\documents and settings\Election\PrivacIE
2009-12-04 15:43 . 2009-12-04 15:43 -------- d-sh--w- c:\documents and settings\Election\IETldCache
2009-12-04 15:40 . 2009-01-07 12:51 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-04 15:39 . 2009-12-04 15:40 -------- dc-h--w- c:\windows\ie8
2009-12-04 15:37 . 2009-12-04 15:37 -------- d--h--w- c:\windows\$hf_mig$
2009-12-03 12:34 . 2004-08-03 18:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-03 10:08 . 2009-12-03 10:09 -------- d-----w- c:\program files\trend micro
2009-12-03 10:08 . 2009-12-03 10:09 -------- d-----w- C:\rsit
2009-11-30 05:31 . 2009-09-10 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-30 05:31 . 2009-11-30 05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-30 05:31 . 2009-09-10 09:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-27 16:43 . 2009-11-27 16:43 -------- d-----w- c:\documents and settings\Election\Local Settings\Application Data\WinZip
2009-11-27 16:43 . 2009-11-27 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-25 05:12 . 2009-11-25 05:12 -------- d-----w- c:\documents and settings\Election\Application Data\Malwarebytes
2009-11-25 05:12 . 2009-11-25 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 13:47 . 2009-10-13 17:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-30 05:45 . 2009-10-24 14:13 -------- d-----w- c:\documents and settings\Election\Application Data\vlc
2009-11-24 23:54 . 2009-10-24 13:27 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-24 13:27 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-10-24 13:27 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-24 13:27 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-24 13:27 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-24 13:27 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-01 03:54 . 2009-11-01 03:54 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-24 14:11 . 2009-10-24 14:11 -------- d-----w- c:\program files\VideoLAN
2009-10-24 13:27 . 2009-10-24 13:27 -------- d-----w- c:\program files\Alwil Software
2009-10-21 17:30 . 2009-10-21 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-21 09:14 . 2009-10-21 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-21 08:49 . 2009-10-21 08:46 -------- d-----w- c:\program files\Yahoo!
2009-10-21 08:49 . 2009-10-21 08:49 -------- d-----w- c:\documents and settings\Election\Application Data\Yahoo!
2009-10-18 15:23 . 2009-10-18 15:23 -------- d-----w- c:\documents and settings\Election\Application Data\CyberLink
2009-10-18 12:41 . 2009-10-18 12:11 -------- d-----w- c:\program files\Internet Download Manager
2009-10-18 12:14 . 2009-10-18 12:12 -------- d-----w- c:\documents and settings\Election\Application Data\IDM
2009-10-18 12:12 . 2009-10-18 12:12 -------- d-----w- c:\documents and settings\Election\Application Data\DMCache
2009-10-18 11:56 . 2009-10-18 11:43 -------- d-----w- c:\program files\DAP
2009-10-18 11:55 . 2009-10-18 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-18 11:54 . 2009-10-18 11:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-14 18:24 . 2009-10-12 06:13 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-13 17:24 . 2009-10-13 17:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 17:24 . 2009-10-13 17:24 -------- d-----w- c:\program files\Java
2009-10-13 17:24 . 2009-10-13 17:24 152576 ----a-w- c:\documents and settings\Election\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-13 16:12 . 2009-10-13 16:12 -------- d-----w- c:\program files\Huawei
2009-10-13 09:36 . 2009-10-12 07:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 08:08 . 2009-10-12 08:08 68456 ----a-w- c:\documents and settings\Election\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 07:58 . 2009-10-12 07:58 -------- d-----w- c:\program files\Common Files\Nero
2009-10-12 07:56 . 2009-10-12 07:56 -------- d-----w- c:\program files\Ahead
2009-10-12 07:56 . 2009-10-12 07:56 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-12 07:55 . 2009-10-12 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-10-12 07:55 . 2009-10-12 07:55 -------- d-----w- c:\program files\CyberLink
2009-10-12 07:55 . 2009-10-12 06:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 07:54 . 2009-10-12 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-12 07:53 . 2009-10-12 07:53 -------- d-----w- c:\program files\Microsoft Works
2009-10-12 07:53 . 2009-10-12 07:53 -------- d-----w- c:\program files\MSBuild
2009-10-12 07:41 . 2009-10-12 07:41 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-10-12 06:56 . 2009-10-12 06:56 -------- d-----w- c:\program files\Sony
2009-10-12 06:56 . 2009-10-12 06:43 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-12 06:50 . 2009-10-12 06:50 -------- d-----w- c:\program files\Apoint
2009-10-12 06:49 . 2009-10-12 06:49 -------- d-----w- c:\program files\Intel
2009-10-12 06:45 . 2009-10-12 06:45 -------- d-----w- c:\program files\WIDCOMM
2009-10-12 06:43 . 2009-10-12 06:43 -------- d-----w- c:\program files\Realtek
2009-10-12 06:43 . 2009-10-12 06:43 315392 ----a-w- c:\windows\HideWin.exe
2009-10-12 06:15 . 2009-10-12 06:15 -------- d-----w- c:\program files\microsoft frontpage
2009-10-12 06:10 . 2009-10-12 06:10 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-15 10:56 . 2009-10-24 13:27 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-10-24 13:27 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-10-24 13:27 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-12-06_12.03.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-07 03:18 . 2009-12-07 03:18 16384 c:\windows\Temp\Perflib_Perfdata_ac0.dat
+ 2009-12-07 03:18 . 2009-12-07 03:18 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2009-12-07 03:18 . 2009-12-07 03:18 16384 c:\windows\Temp\Perflib_Perfdata_70.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2007-11-05 53248]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-11-05 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DSLAGENTEXE"="c:\program files\Huawei\MT882\dslagent.exe" [2003-10-31 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-13 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"HPWRTOOLBOX"="c:\program files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" [2005-10-25 344064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-13 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-10 572008]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Huawei\\MT882\\dslagent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/24/2009 6:57 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/24/2009 6:57 PM 20560]
R3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870UVCx86.sys [10/12/2009 12:10 PM 70144]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [10/12/2009 5:04 PM 37040]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8.tmp --> c:\windows\system32\8.tmp [?]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {29E9644B-E42A-44B0-8EB0-C484CC4223BB} = 164.100.3.1,164.100.17.3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 08:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2576)
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-12-07 08:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-07 03:20
ComboFix2.txt 2009-12-06 12:04

Pre-Run: 23,494,701,056 bytes free
Post-Run: 23,467,106,304 bytes free

- - End Of File - - 11F6CF1B21E0E256313B39F92F4D6C1A








Thanks
Abhilasha

#11 Abhilasha

Abhilasha
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 06 December 2009 - 10:32 PM

Sorry about the double post. No idea how that happened!

Abhilasha

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:41 PM

Posted 07 December 2009 - 10:00 AM

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • MBAM log
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:41 PM

Posted 12 December 2009 - 01:03 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:41 PM

Posted 21 December 2009 - 11:50 AM

Topic reopened at OP request.

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:41 PM

Posted 21 December 2009 - 12:00 PM

Please try running this scanner instead of Kaspersky.

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users