Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS FILES /Malware Removal Assistance


  • This topic is locked This topic is locked
35 replies to this topic

#1 don lawrence

don lawrence

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 12 April 2010 - 04:41 PM


Please note here are the DDS Files I did attach one as well as cut and pasted another one. Thanks in advance to EBoy and all others in advance.

Don lawrence


DDS (Ver_10-03-17.01) - NTFSx86
Run by Nicky at 14:25:15.60 on Mon 04/12/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.574 [GMT -7:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Nicky\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyServer = 127.0.0.1:5555
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: NameServer = 93.188.162.111,93.188.166.49
TCP: {CA7B1421-A56E-4707-B4CA-A2E003035FE0} = 93.188.162.111,93.188.166.49
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-4 207280]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-3-16 30280]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-4 112592]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-3-16 53088]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-3-16 582992]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-3-4 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-3-4 1141712]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2007-2-26 18432]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-3-16 206608]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 Alesis1394;Alesis Firewire Driver;c:\windows\system32\drivers\Alesis1394.sys [2007-3-12 111744]
S3 Alesis1394Midi;%Alesis1394Midi.SvcDesc%;c:\windows\system32\drivers\Alesis1394Midi.sys [2007-3-12 16640]
S3 Alesis1394Strm;%Alesis1394Strm.SvcDesc%;c:\windows\system32\drivers\Alesis1394Strm.sys [2007-3-12 18176]
S3 Dice1394;Multimix Driver;c:\windows\system32\drivers\Dice1394.sys [2005-11-1 73152]
S3 DiceAudioStrm;Dice II Stream MiniDriver;c:\windows\system32\drivers\DiceAudioStrm.sys [2005-11-1 16672]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-3-16 206608]

=============== Created Last 30 ================

2010-04-08 23:34:59 54156 ---ha-w- c:\windows\QTFont.qfn
2010-04-08 23:34:59 1409 ----a-w- c:\windows\QTFont.for
2010-03-19 04:06:34 702297 ----a-w- c:\windows\unins001.exe
2010-03-19 04:06:34 111193 ----a-w- c:\windows\unins001.dat
2010-03-19 04:02:47 702297 ----a-w- c:\windows\unins000.exe
2010-03-19 04:02:47 34197 ----a-w- c:\windows\unins000.dat
2010-03-17 09:41:06 1529241 ------w- C:\SDFix.exe
2010-03-17 03:43:48 53160 ----a-w- c:\windows\system32\PxSecure.dll
2010-03-17 03:43:47 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-03-17 03:43:46 0 d-----w- c:\program files\Prevx
2010-03-17 03:43:33 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-03-17 03:35:08 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-03-17 03:35:07 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-03-17 02:53:10 0 d-----w- C:\SDFix
2010-03-17 02:25:44 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-03-17 01:50:19 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-17 01:50:19 0 d-----w- c:\documents and settings\nicky\log
2010-03-17 01:39:11 0 d-----w- c:\program files\Trend Micro
2010-03-17 01:12:58 0 d-----w- c:\windows\system32\Dell
2010-03-16 22:52:34 0 d-----w- c:\docume~1\alluse~1\applic~1\PCDr
2010-03-16 22:52:00 0 d-----w- c:\program files\Dell Support Center
2010-03-16 22:52:00 0 d-----w- c:\program files\common files\supportsoft
2010-03-16 22:37:20 0 d-----w- c:\program files\PCCheckupOnline
2010-03-16 19:46:40 0 d--h--w- c:\windows\system32\GroupPolicy
2010-03-15 21:08:08 0 d-----w- c:\windows\SxsCaPendDel
2010-03-15 20:06:26 0 d-----w- c:\documents and settings\all users\AVP 2009
2010-03-15 20:06:17 0 d-----w- c:\program files\Adware Pro

==================== Find3M ====================


============= FINISH: 14:25:55.46 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/21/2006 12:55:33 PM
System Uptime: 4/12/2010 2:04:30 PM (0 hours ago)

Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket M2 | 2004/1000mhz
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket M2 | 2004/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 91.43 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP210: 1/11/2010 12:47:49 PM - System Checkpoint
RP211: 1/12/2010 12:33:34 PM - Software Distribution Service 3.0
RP212: 1/12/2010 2:17:50 PM - Software Distribution Service 3.0
RP213: 1/23/2010 4:20:38 PM - Software Distribution Service 3.0
RP214: 1/29/2010 12:47:18 PM - System Checkpoint
RP215: 1/31/2010 6:37:30 PM - System Checkpoint
RP216: 2/1/2010 7:55:23 PM - System Checkpoint
RP217: 2/1/2010 8:35:44 PM - Installed Microsoft Office XP Standard for Students and Teachers
RP218: 2/2/2010 1:28:48 PM - Software Distribution Service 3.0
RP219: 2/3/2010 2:04:50 PM - System Checkpoint
RP220: 2/8/2010 3:48:33 PM - System Checkpoint
RP221: 2/8/2010 7:51:57 PM - Restore Operation
RP222: 2/24/2010 2:56:31 PM - System Checkpoint
RP223: 2/24/2010 6:04:37 PM - Removed LiveUpdate Notice (Symantec Corporation)
RP224: 2/25/2010 10:01:14 PM - System Checkpoint
RP225: 2/26/2010 1:31:28 PM - Software Distribution Service 3.0
RP226: 2/26/2010 2:10:12 PM - Software Distribution Service 3.0
RP227: 3/2/2010 11:45:16 AM - System Checkpoint
RP228: 3/4/2010 3:40:46 PM - System Checkpoint
RP229: 3/4/2010 8:32:13 PM -
RP230: 3/4/2010 8:32:22 PM -
RP231: 3/5/2010 5:49:31 AM - Removed Full Tilt Poker
RP232: 3/11/2010 11:45:58 AM - System Checkpoint
RP233: 3/15/2010 9:41:24 PM -
RP234: 3/16/2010 3:51:58 PM - Installed Dell Support Center (Support Software).
RP235: 3/16/2010 7:25:44 PM - Installed Trend Micro RUBotted
RP236: 3/17/2010 1:31:40 AM - Installed Dell Driver Reset Tool
RP237: 3/17/2010 1:03:28 PM - Installed Trend Micro RUBotted
RP238: 3/25/2010 11:37:55 PM - System Checkpoint
RP239: 3/30/2010 10:18:03 PM - System Checkpoint
RP240: 4/2/2010 6:05:11 PM - System Checkpoint
RP241: 4/8/2010 4:23:40 PM - System Checkpoint
RP242: 4/10/2010 2:55:23 AM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Alesis MultiMix
AOLIcon
Belarc Advisor 8.1
Broadcom Management Programs
Browser Defender 2.0.6.11
Conexant D850 56K V.9x DFVc Modem
Corel Snapfire Plus
Cubase Studio 4
Dell CinePlayer
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.2.1
Dell Support Center (Support Software)
Dell System Restore
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
DoylesRoom
EarthLink Setup Files
EducateU
Games, Music, & Photos Launcher
Get High Speed Internet!
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Internet Service Offers Launcher
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Office XP Standard for Students and Teachers
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Modem Diagnostic Tool
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NVIDIA Drivers
Prevx
QuickTime
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Sonic Activation Module
Sonic Update Manager
Spyware Doctor 7.0
Steinberg Cubase LE
Steinberg mp3 Encoder
Syncrosoft License Control
Trend Micro RUBotted
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
URL Assistant
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WildTangent Web Driver
Windows Driver Package - Alesis (Alesis1394) MEDIA (8/11/2006 1.0.95.0)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

==== Event Viewer Messages From Past Week ========

4/8/2010 2:43:37 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DEREK-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CA7B1421-A56E-4707-. The master browser is stopping or an election is being forced.
4/7/2010 8:01:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 00188B7CDF23 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/7/2010 7:48:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.107 for the Network Card with network address 00188B7CDF23 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/7/2010 7:38:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid TfFsMon TfSysMon
4/7/2010 7:38:12 PM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 00188B7CDF23 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/7/2010 4:06:17 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00188B7CDF23 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/7/2010 11:12:12 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00:24:01:EF:C0:A3. Network operations on this system may be disrupted as a result.
4/6/2010 8:21:01 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 9:46:53 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SERENA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CA7B1421-A56E-4707. The master browser is stopping or an election is being forced.
4/5/2010 2:42:21 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CHRISTA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CA7B1421-A56E-4707-B. The master browser is stopping or an election is being forced.
4/10/2010 4:16:26 AM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 169.254.12.67. The machine with the IP address 169.254.87.11 did not allow the name to be claimed by this machine.
4/10/2010 4:04:07 AM, error: Service Control Manager [7000] - The pxkbf service failed to start due to the following error: The system cannot find message text for message number 0x%1 in the message file for %2.
4/10/2010 2:28:45 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00188B7CDF23 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 12 April 2010 - 06:53 PM

Hello.

Since you started a topic here, we'll just continue here. I closed the other topic.

Can you try GMER for me with the following instructions...

Download and Run GMER

We will use GMER to scan for rootkits.
  • Please download GMER from one of the following locations, and save it to your desktop:
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click or on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

Thanks. If it doesn't work let me know.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 don lawrence

don lawrence
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 12 April 2010 - 08:24 PM

You folks are very helpful. I did download the GMER software about 4 hours ago. It has been running ever since. I have thousands of files because this is a music computer. Safe mode does not work nor could I implement The fix By Andy M. I did do a whole system resore about three months ago prior to this happenning. (Getting a virus or Trojan or worm.) The complete resore took about 36 hours because of all the files which seems logical to me. The last time I attempted a system restore this computer ran for over three weeks and I just let it go hoping that it would restore which It did not do.

How can I contribute to your organbnization.

Don

Thanks again. I did do the DSS/DDS???. I did the best I could to disable script debuggers. However I do not know if I did so adequately.

Highest Thanks and Regards

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 12 April 2010 - 08:29 PM

Hello again,

System restores don't always work in cases especially dealing with malware now. Since GMER didn't work, let's try something else.

QUOTE
How can I contribute to your organbnization.

Not exactly sure what you mean by that?

QUOTE
Thanks again. I did do the DSS/DDS???. I did the best I could to disable script debuggers. However I do not know if I did so adequately.

That's fine. The previous lgos in your previous post is good.

Let's start off with Combofix.

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 don lawrence

don lawrence
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 12 April 2010 - 08:53 PM

Wow many thanks what I did was let the GMER run but I did not uncheck the registry box. The response and trun around time with you folks is incredible. !!!!!!!! I did save a copy of that run to my desktop.

I did start the GMER up again and unchecked the registry box before I just heard back from you. .

So I will let it run with that box unchecked. Upload a file to you when it is done.

You folks have got to let me contribute to you somehow.

You are far more helpful than the folks I purchased my virus protection from.

The GMER does seem to be running adequtely. So I will hold on the combo fix for right now.

Many and highest Thanks

don

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 12 April 2010 - 09:01 PM

Hello again.

QUOTE
The GMER does seem to be running adequtely. So I will hold on the combo fix for right now.

Sounds good. smile.gif

QUOTE
You folks have got to let me contribute to you somehow.

You can offer a donation through paypal if you would like to show your appreciation/contribution by clicking the "donate" button in my signature.
--
In this case, post the GMER log once it's done and don't run Combofix yet. Once I see the GMER log we can continue from there. smile.gif

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 don lawrence

don lawrence
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 13 April 2010 - 01:47 PM



I included 2 scan result one without IAT and with the registry. One with IAT without the registry/


Thye look similar to me but I will enclose them both. Will hirt the paypal button later 2 day. Many Thanks, much appreciated

d

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-12 18:27:55
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Nicky\LOCALS~1\Temp\uftcyaog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xF75A8464]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7279E22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF725ACDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF725AECE]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xF75A849E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xF75A8290]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xF75A8302]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7278B14]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xF75A87B2]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xF75A868E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xF75A852A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF727AD30]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xF75A8426]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xF75A838E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xF75A88E6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xF75A85AE]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xF75A85E6]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF72CA380]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF65D2360, 0x2456AE, 0xE8000020]
init C:\WINDOWS\system32\drivers\SynasUSB.sys entry point in "init" section [0xF760E000]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)

Device \Driver\atapi \Device\Ide\IdePort0 [F72BD9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72BD9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [F72BD9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort2 [F72BD9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort3 [F72BD9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F72BD9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \FileSystem\Fastfat \Fat B8FEBC8A
Device \FileSystem\Fastfat \Fat B90034F4

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----




SCAN 2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-12 21:51:15
Windows 5.1.2600 Service Pack 2
Running: 2ezhefdd.exe; Driver: C:\DOCUME~1\Nicky\LOCALS~1\Temp\uftcyaog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xF392D464]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7279E22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF725ACDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF725AECE]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xF392D49E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xF392D290]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xF392D302]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7278B14]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xF392D7B2]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xF392D68E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xF392D52A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF727AD30]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xF392D426]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xF392D38E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xF392D8E6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xF392D5AE]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xF392D5E6]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF72CA380]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF65E0360, 0x2456AE, 0xE8000020]
init C:\WINDOWS\system32\drivers\SynasUSB.sys entry point in "init" section [0xF765E000]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)

Device \Driver\atapi \Device\Ide\IdePort0 [F72BD9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72BD9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [F72BD9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort2 [F72BD9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort3 [F72BD9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F72BD9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \FileSystem\Fastfat \Fat B847EC8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----




#8 don lawrence

don lawrence
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 13 April 2010 - 02:09 PM

Just hit the paypal button. Donated what I could at this point. You folks are Monster. TY D

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 13 April 2010 - 03:54 PM

Hello.

Thanks for the GMER log. I see the infection and what we need to do here. You seem to be infected with the TDL3 rootkit. More information here: http://rootbiez.blogspot.com/2009/11/rootk...s-lets-put.html

Let's start with Combofix like i mentioned last time, and see if it can automatically deal with it, if not we can try a different method and go with plan B. smile.gif

Any problems, please don't hesitate to ask and let me know.

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 don lawrence

don lawrence
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 14 April 2010 - 05:16 PM

TY will do now and MANY THANKS

#11 don lawrence

don lawrence
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 14 April 2010 - 05:45 PM

AM printing out directions now. I believe I have disabled all antivirus and I know I disabled the firewalls. Will check one or two more times before I run the COMBO FIX/ AS BEFo laugh.gif laugh.gif RE MANY THanks. I will eventuall want you opiniions on what antivisrus is the best. The organization I uesed does not seem to have a clue and they are widely publicized on the net and in print as being one of the best out there. NOT.

Bye for now and thanks very much.

D

::::smile.gif)))))

#12 don lawrence

don lawrence
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 14 April 2010 - 07:14 PM

Hi, I have run combo fix and it seemed to operate as explained in the instructions. I t has been at the final stages "Combo fix is preparing a log report. Do not run any programs until Combo Fix has finished" for about 30-40 minutes. This is not a complaint from me but just letting you know where we are with the process. Thanks for the link to the malware noted above. I appreciate that you know what you are doing.

specool.gif I will let combo fix run until you tell me otherwise. I am on a different computer so we will let it run until you tell me otherwise/

Thanks in advance.

Don Lawrence

#13 don lawrence

don lawrence
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 14 April 2010 - 07:24 PM

I wanted to let you know that the only time I touched the computer while combo fix was running was when it rebooted the computer and my password screen came up for starting the computer. If this was an error on my part, and combo fix would have bypassed that process, on its own, let me know and I will re-run combo fix and not touch the mouse or keyboard in any manner. Have not touched the mouse at any time unless prompted to click by combo fix.

Ty.

d

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 14 April 2010 - 07:42 PM

Hello again.

No problem. What you did was fine, no worries.

Is Combofix still running or was no log produced? If so, please do run Combofix once more and post the Combofix log once it's done. It shouldn't take more than an hour at the maximum. Usually 10 minutes or so, any problems feel free to let me know.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 don lawrence

don lawrence
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 14 April 2010 - 07:47 PM

Purpose Donation
amount
ComboFix $25.00 USD

Donations Coordinator:
-----edit----

Confirmation Number: -----edit----- Placed on Apr 14, 2010

TY very MUCH :::smile.gif)))))

Cannot imagine not helping out. TY

Edited by extremeboy, 14 April 2010 - 07:50 PM.
Removed E-mail/ID





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users