Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Somethings messing with my google...


  • This topic is locked This topic is locked
13 replies to this topic

#1 frogeye

frogeye

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 19 January 2010 - 09:56 PM

When clicking on the links generated by google I am irregularly diverted to different websites (I think about 5 in the last week).
E.g.
hxxp://www.shoppingbank.com/sb/pia/pid/10313645?afid=105749&coid=68F8686AD6339641992E93DA97D0945D

hxxp://bridge1.admarketplace.net/ct?version=1.0.0&enURL=4GvTpRz9Mavrj78f2hx6WkkrpBAzUV8XFwPsziKJ96Kw/ADgTWcX8L+HOxmN2uUFpgz3J1ptRUp0Acos+1iq+1+ZzhuOw4xWAdIJdeZP9QIzufH61KUN9odi1C77asPvXX5jxba0fUNQ+ranuTpOd/5d4PHNEZ8wM8osRGov+cUwpe4SXLQ8RSN+zbJMQnBI5603N/e4HgvZHgCZ9V1OX37p5DYvmRTm8k+Izl1w0Jmd+uJgm3fNJ0EkUiF9dnjQgtJlTQ72OkrZuNMEnx/i1vyE+gu1s98u8k6d7Rw4+GXIpeq9KKUTprvq3tibex3hcUPLb08HDspFaEkjOG738GO7zRFwr4+hduJJZeeR/ccR/w1fMwrST/u5uyvPhoeNGlQ+b2cVCQQ=&queryid=32497180607&adid=32497180689&fs=e-xml-05&pb=051.0&kwidx=1369&txid=102013000&advn=chickenshop+ltd+%28ref%3A+5044%29&cp=0.150,41467036,117588,0,pub_klik-32921,web,backfill_conducive/l=COND

!!!!!

I have run AVG and AdAware to no avail...

Rootrepeal would not run giving the following upon startup:

02:39:44: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000e4)
02:39:44: DeviceIoControl Error! Error Code = 0x1e7
02:39:44: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000e4)

Upon clicking run several others appeared that I can provide upon request.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Jason at 2:32:25.40 on 20/01/2010
Internet Explorer: 7.0.6000.16386 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vistaā„¢ Home Premium 6.0.6000.0.1252.44.1033.18.2047.1083 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jason\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.documentary-log.com/
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [<NO NAME>]
uRun: [mapwm32] rundll32.exe "c:\users\jason\appdata\local\mapwm32\mapwm32.dll", DllInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
StartupFolder: c:\users\jason\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: x-wpexpert - {382E05AF-964B-41CE-B2B5-ED0BF48013C0} - c:\program files\wildpackets\omnipeek\peekrecon.dll
AppInit_DLLs: avgrsstx.dll
mASetup: ccc-core-static - msiexec /fums {8BB7F11E-4F20-9E97-0350-0EEDEF3C3D89} /qb

================= FIREFOX ===================

FF - ProfilePath - c:\users\jason\appdata\roaming\mozilla\firefox\profiles\avvbbjk2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-18 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-13 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-13 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-31 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-20 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-20 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-9-15 6000640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-18 1153368]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-11-21 16472]

=============== Created Last 30 ================

2010-01-20 02:03:09 0 d-----w- c:\program files\CCleaner
2010-01-18 07:05:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-18 03:41:54 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-18 03:39:15 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-18 03:38:45 0 d-----w- c:\programdata\Lavasoft
2010-01-18 03:38:45 0 d-----w- c:\program files\Lavasoft
2010-01-18 03:15:44 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-18 03:15:44 0 d-----w- c:\program files\Spybot - Search & Destroy

==================== Find3M ====================

2010-01-20 02:13:32 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-01-20 02:13:32 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-20 02:13:32 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-25 02:30:26 190508875 ----a-w- c:\windows\DUMP4f28.tmp
2009-11-24 04:47:08 177155805 ----a-w- c:\windows\DUMP5c52.tmp
2009-11-09 22:46:49 171231855 ----a-w- c:\windows\DUMP4e8d.tmp
2009-11-05 05:13:47 168995439 ----a-w- c:\windows\DUMP668e.tmp
2009-11-04 06:02:16 154352239 ----a-w- c:\windows\DUMP66bd.tmp
2006-11-02 12:50:50 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:32:18 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 2:32:39.41 ===============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:16:42, on 20/01/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.documentary-log.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [mapwm32] rundll32.exe "C:\Users\Jason\AppData\Local\mapwm32\mapwm32.dll", DllInit
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\pnrpnsp.dll' missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: x-wpexpert - {382E05AF-964B-41CE-B2B5-ED0BF48013C0} - C:\Program Files\WildPackets\OmniPeek\peekrecon.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4539 bytes


I'm interested in how to do this myself so any recommended reading would be appreciated.

Thanks in advance for any help!!!

Attached Files


Edited by Orange Blossom, 19 January 2010 - 10:13 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 25 January 2010 - 12:59 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 frogeye

frogeye
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 27 January 2010 - 08:22 AM

Hey,
no problem, i'm sure your busy.

It's been clear for a few days now...

The wireless driver has crashed a few times to but enable/disable worked fine.
Still can't make rootrepeal run... errors attached.

Could AVG have updated??

Thanks!!!!!!!



DDS (Ver_09-12-01.01) - NTFSx86
Run by Jason at 12:37:08.35 on 27/01/2010
Internet Explorer: 7.0.6000.16386 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vistaāā€˛¢ Home Premium 6.0.6000.0.1252.44.1033.18.2047.1078 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:Windowssystem32WLANExt.exe
C:Program FilesLavasoftAd-AwareAAWService.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsRtHDVCpl.exe
C:Program FilesAVGAVG8avgtray.exe
C:Program FilesJavajre6binjusched.exe
C:WindowsSystem32rundll32.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesIntelWiFibinEvtEng.exe
C:Program FilesKontikiKService.exe
C:WindowsSystem32svchost.exe -k HPZ12
C:WindowsSystem32svchost.exe -k HPZ12
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32wbemwmiprvse.exe
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Windowssystem32msiexec.exe
C:WindowsservicingTrustedInstaller.exe
C:Windowssystem32taskeng.exe
C:UsersJasonDownloadsdds.scr
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://www.som.soton.ac.uk/desktop/default4.asp
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg8avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:program filesspybot - search & destroySDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre6binssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
uRun: [<NO NAME>]
uRun: [mapwm32] rundll32.exe "c:usersjasonappdatalocalmapwm32mapwm32.dll", DllInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [MSConfig] "c:windowssystem32msconfig.exe" /auto
StartupFolder: c:usersjasonappdataroamingmicros~1windowsstartm~1programsstartupccc.lnk - c:program filesati technologiesati.acecore-staticCCC.exe
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupcaledo~1.lnk - c:windowsinstaller{0368a580-9fa9-4495-ac56-7b11ee6b24c8}_3F792AE6AFFFF40E55DB8B.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
AppInit_DLLs: avgrsstx.dll
mASetup: ccc-core-static - msiexec /fums {8BB7F11E-4F20-9E97-0350-0EEDEF3C3D89} /qb

================= FIREFOX ===================

FF - ProfilePath - c:usersjasonappdataroamingmozillafirefoxprofilesavvbbjk2.default
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - component: c:program filesavgavg8firefoxcomponentsavgssff.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref(&....i.enabled', 'allAccess');FF - user.js: yahoo.homepage.dontask - truec:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2010-1-18 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-1-13 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2009-1-13 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:windowssystem32driversavgtdix.sys [2009-1-31 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:progra~1avgavg8avgemc.exe [2009-8-20 908056]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1avgavg8avgwdsvc.exe [2009-8-20 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program fileslavasoftad-awareAAWService.exe [2009-12-2 1181328]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:windowssystem32driversNETw5v32.sys [2009-9-15 6000640]
S2 SBSDWSCService;SBSD Security Center Service;c:program filesspybot - search & destroySDWinSec.exe [2010-1-18 1153368]
S3 IKSIVISQM;IKSIVISQM;c:usersjasonappdatalocaltempIKSIVISQM.exe [2010-1-20 592768]
S3 pbfilter;pbfilter;c:program filespeerblockpbfilter.sys [2009-11-21 16472]

=============== Created Last 30 ================

2010-01-21 04:44:14 0 d-----w- c:program filesCaledosLAB
2010-01-21 04:26:42 18030130 ----a-w- c:programdatavlc-1.0.3-win32.exe
2010-01-20 02:03:09 0 d-----w- c:program filesCCleaner
2010-01-18 07:05:45 15880 ----a-w- c:windowssystem32lsdelete.exe
2010-01-18 03:41:54 64288 ----a-w- c:windowssystem32driversLbd.sys
2010-01-18 03:39:15 0 dc-h--w- c:programdata{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-18 03:38:45 0 d-----w- c:programdataLavasoft
2010-01-18 03:38:45 0 d-----w- c:program filesLavasoft
2010-01-18 03:15:44 0 d-----w- c:programdataSpybot - Search & Destroy
2010-01-18 03:15:44 0 d-----w- c:program filesSpybot - Search & Destroy

==================== Find3M ====================

2010-01-20 02:13:32 86016 ----a-w- c:windowsinfinfstrng.dat
2010-01-20 02:13:32 86016 ----a-w- c:windowsinfinfstor.dat
2010-01-20 02:13:32 51200 ----a-w- c:windowsinfinfpub.dat
2009-11-25 02:30:26 190508875 ----a-w- c:windowsDUMP4f28.tmp
2009-11-24 04:47:08 177155805 ----a-w- c:windowsDUMP5c52.tmp
2009-11-09 22:46:49 171231855 ----a-w- c:windowsDUMP4e8d.tmp
2009-11-05 05:13:47 168995439 ----a-w- c:windowsDUMP668e.tmp
2009-11-04 06:02:16 154352239 ----a-w- c:windowsDUMP66bd.tmp
2006-11-02 12:50:50 174 --sha-w- c:program filesdesktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 10:32:18 665600 ----a-w- c:windowsinfdrvindex.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfc.dat
2009-10-22 13:36:50 16384 --sha-w- c:windowsserviceprofileslocalserviceappdatalocalmicrosoftwindowshistoryhistory.ie5index.dat
2009-10-22 13:36:50 32768 --sha-w- c:windowsserviceprofileslocalserviceappdatalocalmicrosoftwindowstemporary internet filescontent.ie5index.dat
2009-10-22 13:36:50 16384 --sha-w- c:windowsserviceprofileslocalserviceappdataroamingmicrosoftwindowscookiesindex.dat

============= FINISH: 12:37:27.59 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 27 January 2010 - 09:33 AM

Try GMER for me.

Download and Run GMER

We will use GMER to scan for rootkits.
  • Please download GMER from one of the following locations, and save it to your desktop:
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click or on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

--
Yes, you can update AVG. The log looks is sort of weird due to the \ missing.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 frogeye

frogeye
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 28 January 2010 - 03:46 PM

Here you go...

Sorry I was so long - been doing exams.

I left adblock plus off after running DDS and they came back, tried to download some bleep....
Gotta love the writers - causing international irritation without moving an inch.
Cheers...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-28 17:19:47
Windows 6.0.6000
Running: ptxcgdt5.exe; Driver: C:\Users\Jason\AppData\Local\Temp\agroypog.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 83ED7BF8
INT 0x62 ? 83ED7BF8
INT 0x72 ? 83ED7BF8
INT 0x82 ? 83C0FBF8
INT 0x92 ? 83C0FBF8
INT 0xA2 ? 83ED7BF8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [807026D2] \SystemRoot\System32\Drivers\spiw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80702040] \SystemRoot\System32\Drivers\spiw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [807027FC] \SystemRoot\System32\Drivers\spiw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [807020BE] \SystemRoot\System32\Drivers\spiw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8070213C] \SystemRoot\System32\Drivers\spiw.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80712048] \SystemRoot\System32\Drivers\spiw.sys
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00012284
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 458D5600
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortMoveMemory] 106A50F4
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortReadPortUshort] 38335668
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortReadPortBufferUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] D1E85757
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortInitialize] [8B0001E7] \SystemRoot\system32\DRIVERS\atikmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.)
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83C141F8
Device \Driver\volmgr \Device\VolMgrControl 83C111F8
Device \Driver\PCI_PNP9132 \Device\00000043 spiw.sys
Device \Driver\usbuhci \Device\USBPDO-0 83E361F8
Device \Driver\usbuhci \Device\USBPDO-1 83E361F8
Device \Driver\usbuhci \Device\USBPDO-2 83E361F8
Device \Driver\usbuhci \Device\USBPDO-3 83E361F8
Device \Driver\usbehci \Device\USBPDO-4 83E41500

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\volmgr \Device\HarddiskVolume1 83C111F8
Device \Driver\cdrom \Device\CdRom0 83E9C1F8
Device \Driver\cdrom \Device\CdRom1 83E9C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 83C131F8
Device \Driver\atapi \Device\Ide\IdePort0 83C131F8
Device \Driver\atapi \Device\Ide\IdePort1 83C131F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 83C131F8
Device \Driver\netbt \Device\NetBt_Wins_Export 84F4D1F8
Device \Driver\Smb \Device\NetbiosSmb 84F4E1F8
Device \Driver\iScsiPrt \Device\RaidPort0 83EA31F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 83E361F8
Device \Driver\usbuhci \Device\USBFDO-1 83E361F8
Device \Driver\usbuhci \Device\USBFDO-2 83E361F8
Device \Driver\usbuhci \Device\USBFDO-3 83E361F8
Device \Driver\sptd \Device\1851701144 spiw.sys
Device \Driver\usbehci \Device\USBFDO-4 83E41500
Device \Driver\netbt \Device\NetBT_Tcpip_{7442417C-E0D1-4CA2-8EB6-7768F26695B0} 84F4D1F8
Device \Driver\augs6c3b \Device\Scsi\augs6c3b1 83E9F1F8
Device \Driver\augs6c3b \Device\Scsi\augs6c3b1Port3Path0Target0Lun0 83E9F1F8
Device \FileSystem\cdfs \Cdfs 83E991F8

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-28 17:19:47
Windows 6.0.6000
Running: ptxcgdt5.exe; Driver: C:\Users\Jason\AppData\Local\Temp\agroypog.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 83ED7BF8
INT 0x62 ? 83ED7BF8
INT 0x72 ? 83ED7BF8
INT 0x82 ? 83C0FBF8
INT 0x92 ? 83C0FBF8
INT 0xA2 ? 83ED7BF8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [807026D2] \SystemRoot\System32\Drivers\spiw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80702040] \SystemRoot\System32\Drivers\spiw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [807027FC] \SystemRoot\System32\Drivers\spiw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [807020BE] \SystemRoot\System32\Drivers\spiw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8070213C] \SystemRoot\System32\Drivers\spiw.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80712048] \SystemRoot\System32\Drivers\spiw.sys
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00012284
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 458D5600
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortMoveMemory] 106A50F4
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortReadPortUshort] 38335668
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortReadPortBufferUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] D1E85757
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortInitialize] [8B0001E7] \SystemRoot\system32\DRIVERS\atikmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.)
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\augs6c3b.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83C141F8
Device \Driver\volmgr \Device\VolMgrControl 83C111F8
Device \Driver\PCI_PNP9132 \Device\00000043 spiw.sys
Device \Driver\usbuhci \Device\USBPDO-0 83E361F8
Device \Driver\usbuhci \Device\USBPDO-1 83E361F8
Device \Driver\usbuhci \Device\USBPDO-2 83E361F8
Device \Driver\usbuhci \Device\USBPDO-3 83E361F8
Device \Driver\usbehci \Device\USBPDO-4 83E41500

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\volmgr \Device\HarddiskVolume1 83C111F8
Device \Driver\cdrom \Device\CdRom0 83E9C1F8
Device \Driver\cdrom \Device\CdRom1 83E9C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 83C131F8
Device \Driver\atapi \Device\Ide\IdePort0 83C131F8
Device \Driver\atapi \Device\Ide\IdePort1 83C131F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 83C131F8
Device \Driver\netbt \Device\NetBt_Wins_Export 84F4D1F8
Device \Driver\Smb \Device\NetbiosSmb 84F4E1F8
Device \Driver\iScsiPrt \Device\RaidPort0 83EA31F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 83E361F8
Device \Driver\usbuhci \Device\USBFDO-1 83E361F8
Device \Driver\usbuhci \Device\USBFDO-2 83E361F8
Device \Driver\usbuhci \Device\USBFDO-3 83E361F8
Device \Driver\sptd \Device\1851701144 spiw.sys
Device \Driver\usbehci \Device\USBFDO-4 83E41500
Device \Driver\netbt \Device\NetBT_Tcpip_{7442417C-E0D1-4CA2-8EB6-7768F26695B0} 84F4D1F8
Device \Driver\augs6c3b \Device\Scsi\augs6c3b1 83E9F1F8
Device \Driver\augs6c3b \Device\Scsi\augs6c3b1Port3Path0Target0Lun0 83E9F1F8
Device \FileSystem\cdfs \Cdfs 83E991F8

---- EOF - GMER 1.0.15 ----


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 28 January 2010 - 03:48 PM

Hello.

Can you give me an update of the condition of your system? What problems/symptoms do you have currently?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 frogeye

frogeye
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 29 January 2010 - 02:46 PM

It redirects when adblock plus is disabled - it attempted to download a file that set AVG off last time. The internet is drops out and is slow too - when compared to my housemates laptop which until a few weeks ago was exactly the same.
I think the system itself is not as responsive as before, though I could be bias because I'm thinking about it loads. It is getting full...

Thanks

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 29 January 2010 - 02:52 PM

Thanks for the description. Let's start off with Combofix.

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 frogeye

frogeye
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 30 January 2010 - 05:15 PM

As requested...
ComboFix 10-01-29.05 - Jason 30/01/2010 21:55:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2047.1588 [GMT 0:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\install.exe
c:\programdata\vlc-1.0.2-win32.exe
c:\programdata\vlc-1.0.3-win32.exe
c:\users\Jason\AppData\Local\mapwm32\mapwm32.dll
c:\users\Jason\AppData\Roaming\inst.exe
c:\windows\system32\ccrpTmr6.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-30 22:02 . 2010-01-30 22:02 -------- d-----w- c:\users\Jason\AppData\Local\temp
2010-01-28 06:35 . 2010-01-28 06:35 -------- d-----w- c:\programdata\Apple Computer
2010-01-28 06:35 . 2010-01-28 06:35 -------- d-----w- c:\program files\QuickTime Alternative
2010-01-27 23:58 . 2010-01-27 23:58 -------- d-----w- c:\program files\Common Files\Apple
2010-01-27 23:58 . 2010-01-27 23:58 -------- d-----w- c:\program files\Apple Software Update
2010-01-27 23:58 . 2010-01-27 23:58 -------- d-----w- c:\programdata\Apple
2010-01-27 22:15 . 2010-01-27 22:15 -------- d-----w- c:\users\Jason\AppData\Roaming\Foxit Software
2010-01-27 15:41 . 2010-01-27 15:41 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 15:41 . 2010-01-27 15:41 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-18 03:39 . 2010-01-18 03:39 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-18 03:39 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-18 03:38 . 2010-01-18 03:41 -------- d-----w- c:\programdata\Lavasoft
2010-01-18 03:38 . 2010-01-18 03:38 -------- d-----w- c:\program files\Lavasoft
2010-01-18 03:15 . 2010-01-30 21:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-18 03:15 . 2010-01-30 21:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 22:02 . 2009-01-10 17:04 -------- d-----w- c:\programdata\Kontiki
2010-01-28 16:59 . 2009-02-05 19:58 -------- d-----w- c:\program files\Steam
2010-01-28 16:16 . 2010-01-19 00:43 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-27 12:42 . 2009-01-08 21:06 1 ----a-w- c:\users\Jason\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-27 12:33 . 2009-01-08 19:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 12:32 . 2009-01-17 18:20 -------- d-----w- c:\program files\Pcsx2_0.9.4
2010-01-26 16:22 . 2009-01-08 20:03 -------- d-----w- c:\users\Jason\AppData\Roaming\uTorrent
2010-01-21 04:44 . 2010-01-21 04:44 -------- d-----w- c:\program files\CaledosLAB
2010-01-20 02:13 . 2009-08-31 18:02 -------- d-----w- c:\users\Jason\AppData\Roaming\Research In Motion
2010-01-20 02:13 . 2009-08-31 18:01 -------- d-----w- c:\program files\Research In Motion
2010-01-20 02:03 . 2010-01-20 02:03 -------- d-----w- c:\program files\CCleaner
2010-01-19 00:43 . 2010-01-19 00:43 -------- d-----w- c:\users\Jason\AppData\Roaming\Thunderbird
2010-01-11 19:59 . 2009-04-20 16:42 -------- d-----w- c:\users\Jason\AppData\Roaming\Spotify
2009-12-24 19:42 . 2009-01-08 20:10 -------- d-----w- c:\program files\Java
2009-12-24 19:39 . 2009-02-22 20:35 -------- d-----w- c:\program files\WorldOfGoo
2009-12-23 11:37 . 2009-12-23 11:37 -------- d-----w- c:\program files\Gabest
2009-12-15 09:01 . 2009-08-30 02:06 -------- d-----w- c:\program files\Alarm
2009-12-14 09:19 . 2009-12-14 09:18 -------- dc-h--w- c:\programdata\{3689B77C-90FA-4663-91AB-5AB34383CD81}
2009-12-14 09:17 . 2009-12-14 09:17 -------- d-----w- c:\programdata\Native Instruments
2009-12-14 09:17 . 2009-12-14 09:17 -------- d-----w- c:\program files\Native Instruments
2009-12-14 09:17 . 2009-12-14 09:17 -------- dc-h--w- c:\programdata\{24E3A4D8-9E57-4B19-9715-6E61513095D7}
2009-12-14 09:17 . 2009-12-14 09:17 -------- dc-h--w- c:\programdata\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
2009-12-14 09:17 . 2009-12-14 09:17 -------- d-----w- c:\program files\Common Files\Native Instruments
2009-12-02 13:19 . 2010-01-18 03:41 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-02 13:19 . 2010-01-18 07:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-25 02:30 . 2009-01-05 17:23 190508875 ----a-w- c:\windows\DUMP4f28.tmp
2009-11-24 04:47 . 2009-01-05 17:23 177155805 ----a-w- c:\windows\DUMP5c52.tmp
2009-11-24 02:54 . 2009-01-08 19:30 680 ----a-w- c:\users\Jason\AppData\Local\d3d9caps.dat
2009-11-09 22:46 . 2009-01-05 17:23 171231855 ----a-w- c:\windows\DUMP4e8d.tmp
2009-11-05 05:13 . 2009-01-05 17:23 168995439 ----a-w- c:\windows\DUMP668e.tmp
2009-11-04 06:02 . 2009-01-05 17:23 154352239 ----a-w- c:\windows\DUMP66bd.tmp
2009-11-02 23:57 . 2009-11-02 23:58 38208 ----a-w- c:\users\Jason\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-02 23:57 . 2009-11-02 23:58 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Caledos Wallpaper (startup).lnk - c:\windows\Installer\{0368A580-9FA9-4495-AC56-7B11EE6B24C8}\_3F792AE6AFFFF40E55DB8B.exe [2010-1-21 82726]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^Jason^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]
path=c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk
backup=c:\windows\pss\CCC.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWC]
c:\program files\AWC\AWC [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-17 21:59 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-05 09:59 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-06-29 01:51 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [18/01/2010 03:41 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02/12/2009 13:19 1181328]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [15/09/2009 12:34 6000640]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [15/02/2009 02:46 717296]
S3 IKSIVISQM;IKSIVISQM;c:\users\Jason\AppData\Local\Temp\IKSIVISQM.exe --> c:\users\Jason\AppData\Local\Temp\IKSIVISQM.exe [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [21/11/2009 21:51 16472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-01-30 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:41]

2010-01-30 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:41]

2010-01-30 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:41]

2010-01-30 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:41]

2010-01-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:41]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.som.soton.ac.uk/desktop/default4.asp
FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\avvbbjk2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-mapwm32 - c:\users\Jason\AppData\Local\mapwm32\mapwm32.dll
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
ActiveSetup-ccc-core-static - msiexec



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 22:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-01-30 22:04:10
ComboFix-quarantined-files.txt 2010-01-30 22:04

Pre-Run: 39,173,529,600 bytes free
Post-Run: 41,231,368,192 bytes free

- - End Of File - - DA8DF1CFD0D75B55CABC8DBA7408E0CE


#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 30 January 2010 - 05:30 PM

Hello.

Okay, that's looking pretty good but we need to get you an anti-virus software installed.

First...

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

--
Install Antivirus

An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a (ONE) free anti-virus program from one of the links below:
Update It after the installation is complete please.

Then, run an online scan...

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 02 February 2010 - 03:50 PM

How's the last few steps coming along?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 frogeye

frogeye
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 04 February 2010 - 08:58 AM

Sorry - internet broke!!

I shall be back to you within the day...
Thanks so much,..

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 05 February 2010 - 07:49 PM

Sure. Okay, thanks for letting me know.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 12 February 2010 - 04:33 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users