Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware, porn sites and shut down


  • This topic is locked This topic is locked
7 replies to this topic

#1 ffitch847

ffitch847

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 22 May 2010 - 09:28 AM

This is the main server for the house and was wondering if perhaps my problems with other computers could have been router related.


I apologize for notbeing able to follow the posting methods you prefer. When I tried to do a full gmer scan my pc would shut down after about 45 minutes and the scan was not complete. I tried to scan in safe mode but after 5 hours and the scan had completed, the window could not be resized to be able to click the save button (that was fun). So I tried to scan each section individually and the file scan would also shut down the pc after about 45 minutes.

I'm hoping this is enough information to begin to remove items so a full scan may be performed if needed.




DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 17:56:34.64 on Fri 05/21/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.912 [GMT -4:00]

AV: Data Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
c:\windows\system32\svchost -k dcomlaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe




C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Wireless-G Portable USB Adapter\WUSB54GP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\mscdexnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dllhost.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\wscsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {01E04581-4EEE-11D0-BFE9-00AA005@4383} - No File
TB: {0E5CBF21-D15F-11D0-8301-00AA005@4383} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [mscdexnt.exe] c:\docume~1\owner\locals~1\temp\mscdexnt.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Data Protection] "c:\program files\data protection\datprot.exe" -noscan
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://imail.ashland.com/iNotes6W.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\csyc2hfi.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");

============= SERVICES / DRIVERS ===============

R2 WUSB54GPSVC;WUSB54GPSVC;c:\program files\wireless-g portable usb adapter\WLService.exe [2005-11-9 41025]
S1 BigFix.exe;BigFix.exe;c:\windows\system32\drivers\BigFix.exe.sys [2010-1-21 0]
S1 l3WEUr3S;l3WEUr3S;\??\c:\windows\system32\drivers\l3weur3s.sys --> c:\windows\system32\drivers\l3WEUr3S.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-6 136176]
S3 583UM6r8;583UM6r8;\??\c:\windows\system32\drivers\583um6r8.sys --> c:\windows\system32\drivers\583UM6r8.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S4 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S4 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-4-26 24652]
S4 vttk;vttk;c:\windows\system32\drivers\bjuxr.sys [2010-5-20 54016]

=============== Created Last 30 ================

2010-05-21 21:55:50 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-05-21 01:44:09 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-21 01:43:03 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-21 01:37:22 54016 ----a-w- c:\windows\system32\drivers\bjuxr.sys
2010-05-21 00:15:43 0 d-----w- c:\program files\Data Protection
2010-05-10 03:50:11 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-10 03:48:13 0 d--h--w- c:\windows\msdownld.tmp
2010-05-10 01:41:37 0 d-----w- c:\documents and settings\owner\IECompatCache
2010-05-10 01:00:07 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-09 23:52:39 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-09 23:52:39 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-05-02 12:18:24 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-05-02 12:17:57 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-05-02 00:29:31 0 d-----w- c:\windows\ie8updates
2010-05-02 00:18:05 0 dc-h--w- c:\windows\ie8
2010-05-02 00:13:56 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-02 00:13:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-02 00:13:11 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-25 02:02:45 0 d-----w- c:\docume~1\alluse~1\applic~1\FileCure

==================== Find3M ====================

2010-05-13 02:07:52 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-13 01:09:27 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-01 17:33:34 5662 ----a-w- c:\docume~1\owner\applic~1\wklnhst.dat
2010-04-20 01:34:47 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-31 18:32:44 22328 ----a-w- c:\docume~1\owner\applic~1\PnkBstrK.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 06:20:41 32768 --sha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat
2009-12-15 00:38:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009120720091214\index.dat
2009-12-15 04:55:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121420091215\index.dat
2009-12-17 00:05:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121620091217\index.dat
2009-12-18 12:08:31 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121820091219\index.dat
2009-12-25 16:13:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122520091226\index.dat
2009-12-27 04:30:40 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122620091227\index.dat
2010-01-05 08:37:57 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122820100104\index.dat
2009-12-29 12:42:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122920091230\index.dat
2010-01-11 12:59:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010010420100111\index.dat
2010-01-18 12:25:33 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010011120100118\index.dat
2010-01-18 12:25:33 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010011820100119\index.dat

============= FINISH: 17:57:21.62 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-22 09:17:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwldqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 8A2B418B
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 8A2B3C83
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEB8 5 Bytes JMP 8A2B441C
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB90 5 Bytes JMP 8A2B4284

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01F3000A
.text C:\WINDOWS\Explorer.EXE[1480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01F2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3480] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100D36CB C:\Program Files\Zynga\tbZyn0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3480] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100D389B C:\Program Files\Zynga\tbZyn0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3480] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3480] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3480] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3480] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3480] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3480] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3480] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3480] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3480] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-22 09:19:16
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwldqpow.sys


---- Modules - GMER 1.0.15 ----

Module \systemroot\PRAGMAsevspuxprq\PRAGMAd.sys (*** hidden *** ) AF497000-AF4BA000 (143360 bytes)

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-22 09:20:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwldqpow.sys


---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\PRAGMAncyexnqvcd\PRAGMAd.sys (*** hidden *** ) [DISABLED] PRAGMAncyexnqvcd <-- ROOTKIT !!!
Service C:\WINDOWS\PRAGMAqombivwqph\PRAGMAd.sys (*** hidden *** ) [DISABLED] PRAGMAqombivwqph <-- ROOTKIT !!!
Service C:\WINDOWS\PRAGMArxvmksevpr\PRAGMAd.sys (*** hidden *** ) [DISABLED] PRAGMArxvmksevpr <-- ROOTKIT !!!
Service C:\WINDOWS\PRAGMAsevspuxprq\PRAGMAd.sys (*** hidden *** ) [SYSTEM] PRAGMAsevspuxprq <-- ROOTKIT !!!
Service C:\WINDOWS\PRAGMAtinlprphko\PRAGMAd.sys (*** hidden *** ) [DISABLED] PRAGMAtinlprphko <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-22 09:22:43
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwldqpow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd@imagepath \systemroot\PRAGMAncyexnqvcd\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd\modules@PRAGMAd \systemroot\PRAGMAncyexnqvcd\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd\modules@PRAGMAc \systemroot\PRAGMAncyexnqvcd\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAncyexnqvcd\pragmaserf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAncyexnqvcd\pragmabbr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph@imagepath \systemroot\PRAGMAqombivwqph\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph\modules@PRAGMAd \systemroot\PRAGMAqombivwqph\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph\modules@PRAGMAc \systemroot\PRAGMAqombivwqph\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAqombivwqph\pragmaserf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAqombivwqph\pragmabbr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr@imagepath \systemroot\PRAGMArxvmksevpr\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr\modules@PRAGMAd \systemroot\PRAGMArxvmksevpr\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr\modules@PRAGMAc \systemroot\PRAGMArxvmksevpr\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr\modules@pragmaserf \\?\globalroot\systemroot\PRAGMArxvmksevpr\pragmaserf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr\modules@pragmabbr \\?\globalroot\systemroot\PRAGMArxvmksevpr\pragmabbr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq@imagepath \systemroot\PRAGMAsevspuxprq\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq\modules@PRAGMAd \systemroot\PRAGMAsevspuxprq\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq\modules@PRAGMAc \systemroot\PRAGMAsevspuxprq\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAsevspuxprq\pragmaserf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAsevspuxprq\pragmabbr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko@imagepath \systemroot\PRAGMAtinlprphko\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko\modules@PRAGMAd \systemroot\PRAGMAtinlprphko\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko\modules@PRAGMAc \systemroot\PRAGMAtinlprphko\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAtinlprphko\pragmaserf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAtinlprphko\pragmabbr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd@start 4
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd@imagepath \systemroot\PRAGMAncyexnqvcd\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd\modules@PRAGMAd \systemroot\PRAGMAncyexnqvcd\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd\modules@PRAGMAc \systemroot\PRAGMAncyexnqvcd\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAncyexnqvcd\pragmaserf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAncyexnqvcd\pragmabbr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph@start 4
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph@imagepath \systemroot\PRAGMAqombivwqph\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph\modules@PRAGMAd \systemroot\PRAGMAqombivwqph\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph\modules@PRAGMAc \systemroot\PRAGMAqombivwqph\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAqombivwqph\pragmaserf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAqombivwqph\pragmabbr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr@start 4
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr@imagepath \systemroot\PRAGMArxvmksevpr\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr\modules@PRAGMAd \systemroot\PRAGMArxvmksevpr\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr\modules@PRAGMAc \systemroot\PRAGMArxvmksevpr\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr\modules@pragmaserf \\?\globalroot\systemroot\PRAGMArxvmksevpr\pragmaserf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr\modules@pragmabbr \\?\globalroot\systemroot\PRAGMArxvmksevpr\pragmabbr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq@imagepath \systemroot\PRAGMAsevspuxprq\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq\modules@PRAGMAd \systemroot\PRAGMAsevspuxprq\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq\modules@PRAGMAc \systemroot\PRAGMAsevspuxprq\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAsevspuxprq\pragmaserf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAsevspuxprq\pragmabbr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko@start 4
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko@imagepath \systemroot\PRAGMAtinlprphko\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko\modules@PRAGMAd \systemroot\PRAGMAtinlprphko\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko\modules@PRAGMAc \systemroot\PRAGMAtinlprphko\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAtinlprphko\pragmaserf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAtinlprphko\pragmabbr.dll

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 24 May 2010 - 01:08 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log







Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 ffitch847

ffitch847
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 25 May 2010 - 12:25 AM

Sorry that I had to keep these as open files as opposed to attached. I couldnt see where to add a new attachment on the second post.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 1:22:51.82 on Tue 05/25/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.703 [GMT -4:00]

AV: Data Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

c:\windows\system32\svchost -k dcomlaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Data Protection\datprot.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Owner\Desktop\Scan Logs\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {01E04581-4EEE-11D0-BFE9-00AA005@4383} - No File
TB: {0E5CBF21-D15F-11D0-8301-00AA005@4383} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Data Protection] "c:\program files\data protection\datprot.exe" -noscan
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://imail.ashland.com/iNotes6W.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\csyc2hfi.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-22 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-22 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-22 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-22 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-22 40384]
S1 BigFix.exe;BigFix.exe;c:\windows\system32\drivers\BigFix.exe.sys [2010-1-21 0]
S1 l3WEUr3S;l3WEUr3S;\??\c:\windows\system32\drivers\l3weur3s.sys --> c:\windows\system32\drivers\l3WEUr3S.sys [?]
S3 583UM6r8;583UM6r8;\??\c:\windows\system32\drivers\583um6r8.sys --> c:\windows\system32\drivers\583UM6r8.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S4 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S4 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-4-26 24652]
S4 vttk;vttk;c:\windows\system32\drivers\bjuxr.sys [2010-5-20 54016]

=============== Created Last 30 ================

2010-05-22 21:35:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-22 21:30:58 0 d-----w- c:\program files\SpywareBlaster
2010-05-22 14:41:38 125 ----a-w- C:\ioSpecial.ini
2010-05-21 21:55:50 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-05-21 01:44:09 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-21 01:43:03 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-21 01:37:22 54016 ----a-w- c:\windows\system32\drivers\bjuxr.sys
2010-05-21 00:15:43 0 d-----w- c:\program files\Data Protection
2010-05-10 03:50:11 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-10 03:48:13 0 d--h--w- c:\windows\msdownld.tmp
2010-05-10 01:41:37 0 d-----w- c:\documents and settings\owner\IECompatCache
2010-05-10 01:00:07 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-09 23:52:39 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-09 23:52:39 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-05-02 12:18:24 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-05-02 12:17:57 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-05-02 00:29:31 0 d-----w- c:\windows\ie8updates
2010-05-02 00:18:05 0 dc-h--w- c:\windows\ie8
2010-05-02 00:13:56 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-02 00:13:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-02 00:13:11 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll

==================== Find3M ====================

2010-05-13 02:07:52 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-13 01:09:27 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-01 17:33:34 5662 ----a-w- c:\docume~1\owner\applic~1\wklnhst.dat
2010-04-20 01:34:47 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-31 18:32:44 22328 ----a-w- c:\docume~1\owner\applic~1\PnkBstrK.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 06:20:41 32768 --sha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat
2009-12-15 00:38:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009120720091214\index.dat
2009-12-15 04:55:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121420091215\index.dat
2009-12-17 00:05:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121620091217\index.dat
2009-12-18 12:08:31 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121820091219\index.dat
2009-12-25 16:13:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122520091226\index.dat
2009-12-27 04:30:40 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122620091227\index.dat
2010-01-05 08:37:57 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122820100104\index.dat
2009-12-29 12:42:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122920091230\index.dat
2010-01-11 12:59:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010010420100111\index.dat
2010-01-18 12:25:33 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010011120100118\index.dat
2010-01-18 12:25:33 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010011820100119\index.dat

============= FINISH: 1:23:07.51 ===============








UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/2/2005 9:33:20 PM
System Uptime: 5/24/2010 7:13:09 PM (6 hours ago)

Motherboard: | | MS-7093
Processor: AMD Athlon™ 64 Processor 3500+ | Socket 939 | 2188/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 182 GiB total, 110.362 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.663 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\95962210DC00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\95962210DC00
Service: NIC1394

==== System Restore Points ===================

RP40: 2/22/2010 3:53:19 AM - Software Distribution Service 3.0
RP41: 2/23/2010 7:01:20 PM - System Checkpoint
RP42: 2/24/2010 6:09:17 AM - Software Distribution Service 3.0
RP43: 2/25/2010 1:32:03 PM - System Checkpoint
RP44: 2/25/2010 2:44:22 PM - Removed Call of Duty® 4 - Modern Warfare™
RP45: 2/27/2010 12:18:13 AM - System Checkpoint
RP46: 2/28/2010 11:39:52 AM - System Checkpoint
RP47: 3/1/2010 10:05:55 PM - System Checkpoint
RP48: 3/2/2010 10:47:47 PM - System Checkpoint
RP49: 3/5/2010 5:12:12 PM - System Checkpoint
RP50: 3/7/2010 7:43:52 PM - System Checkpoint
RP51: 3/8/2010 10:55:31 PM - System Checkpoint
RP52: 3/10/2010 10:17:20 PM - System Checkpoint
RP53: 3/11/2010 12:25:35 AM - Software Distribution Service 3.0
RP54: 3/12/2010 10:13:10 PM - System Checkpoint
RP55: 3/14/2010 11:50:38 AM - System Checkpoint
RP56: 3/15/2010 4:23:45 PM - System Checkpoint
RP57: 3/17/2010 9:36:23 PM - System Checkpoint
RP58: 3/19/2010 2:43:56 PM - System Checkpoint
RP59: 3/20/2010 8:06:32 PM - System Checkpoint
RP60: 3/21/2010 8:36:35 PM - System Checkpoint
RP61: 3/24/2010 8:07:07 PM - System Checkpoint
RP62: 3/26/2010 8:02:42 PM - System Checkpoint
RP63: 3/27/2010 8:28:59 PM - System Checkpoint
RP64: 3/29/2010 11:14:43 AM - System Checkpoint
RP65: 3/30/2010 12:54:39 PM - System Checkpoint
RP66: 3/31/2010 2:17:03 PM - Installed Call of Duty® 4 - Modern Warfare™
RP67: 3/31/2010 10:33:17 PM - Software Distribution Service 3.0
RP68: 4/4/2010 4:54:29 PM - System Checkpoint
RP69: 4/5/2010 7:51:45 PM - System Checkpoint
RP70: 4/6/2010 7:54:59 PM - System Checkpoint
RP71: 4/7/2010 8:12:35 PM - System Checkpoint
RP72: 4/9/2010 6:35:03 AM - System Checkpoint
RP73: 4/10/2010 10:27:18 AM - System Checkpoint
RP74: 4/11/2010 12:25:57 PM - System Checkpoint
RP75: 4/12/2010 8:03:39 PM - System Checkpoint
RP76: 4/13/2010 9:16:44 PM - System Checkpoint
RP77: 4/14/2010 3:00:15 AM - Software Distribution Service 3.0
RP78: 4/14/2010 10:26:21 PM - Software Distribution Service 3.0
RP79: 4/16/2010 5:28:23 PM - System Checkpoint
RP80: 4/17/2010 6:40:11 PM - System Checkpoint
RP81: 4/18/2010 7:38:38 PM - System Checkpoint
RP82: 4/19/2010 7:55:34 PM - System Checkpoint
RP83: 4/20/2010 9:42:10 PM - System Checkpoint
RP84: 4/23/2010 5:19:33 PM - System Checkpoint
RP85: 4/24/2010 5:20:09 PM - System Checkpoint
RP86: 4/24/2010 10:13:46 PM - Removed RollerCoaster Tycoon Deluxe
RP87: 4/24/2010 10:14:24 PM - Removed Safari
RP88: 4/27/2010 6:29:59 PM - System Checkpoint
RP89: 4/28/2010 6:30:13 PM - System Checkpoint
RP90: 5/1/2010 10:59:42 AM - System Checkpoint
RP91: 5/1/2010 8:20:39 PM - Installed Windows Internet Explorer 8.
RP92: 5/1/2010 8:25:38 PM - Software Distribution Service 3.0
RP93: 5/3/2010 5:58:10 AM - Software Distribution Service 3.0
RP94: 5/5/2010 6:59:42 PM - System Checkpoint
RP95: 5/6/2010 7:22:40 PM - System Checkpoint
RP96: 5/7/2010 7:37:13 PM - System Checkpoint
RP97: 5/8/2010 8:02:37 PM - System Checkpoint
RP98: 5/9/2010 7:52:38 PM - Installed SUPERAntiSpyware Free Edition
RP99: 5/9/2010 9:56:04 PM - Restore Operation
RP100: 5/9/2010 11:47:38 PM - Restore Operation
RP101: 5/11/2010 9:33:14 PM - System Checkpoint
RP102: 5/12/2010 1:25:35 AM - Software Distribution Service 3.0
RP103: 5/12/2010 5:51:49 AM - Software Distribution Service 3.0
RP104: 5/14/2010 4:33:48 PM - System Checkpoint
RP105: 5/15/2010 5:27:11 PM - System Checkpoint
RP106: 5/16/2010 5:35:54 PM - System Checkpoint
RP107: 5/17/2010 6:58:24 PM - System Checkpoint
RP108: 5/18/2010 7:16:20 PM - System Checkpoint
RP109: 5/22/2010 10:51:40 AM - System Checkpoint

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 217.23.15.139 www.google.com
Hosts: 217.23.15.139 google.com
Hosts: 217.23.15.139 google.com.au
Hosts: 217.23.15.139 www.google.com.au
Hosts: 217.23.15.139 google.be
Hosts: 217.23.15.139 www.google.be
Hosts: 217.23.15.139 google.com.br
Hosts: 217.23.15.139 www.google.com.br
Hosts: 217.23.15.139 google.ca
Hosts: 217.23.15.139 www.google.ca
Hosts: 217.23.15.139 google.ch
Hosts: 217.23.15.139 www.google.ch
Hosts: 217.23.15.139 google.de
Hosts: 217.23.15.139 www.google.de
Hosts: 217.23.15.139 google.dk
Hosts: 217.23.15.139 www.google.dk
Hosts: 217.23.15.139 google.fr
Hosts: 217.23.15.139 www.google.fr
Hosts: 217.23.15.139 google.ie
Hosts: 217.23.15.139 www.google.ie
Hosts: 217.23.15.139 google.it
Hosts: 217.23.15.139 www.google.it
Hosts: 217.23.15.139 google.co.jp
Hosts: 217.23.15.139 www.google.co.jp
Hosts: 217.23.15.139 google.nl
Hosts: 217.23.15.139 www.google.nl
Hosts: 217.23.15.139 google.no
Hosts: 217.23.15.139 www.google.no
Hosts: 217.23.15.139 google.co.nz
Hosts: 217.23.15.139 www.google.co.nz
Hosts: 217.23.15.139 google.pl
Hosts: 217.23.15.139 www.google.pl
Hosts: 217.23.15.139 google.se
Hosts: 217.23.15.139 www.google.se
Hosts: 217.23.15.139 google.co.uk
Hosts: 217.23.15.139 www.google.co.uk
Hosts: 217.23.15.139 google.co.za
Hosts: 217.23.15.139 www.google.co.za
Hosts: 217.23.15.139 www.google-analytics.com
Hosts: 217.23.15.139 www.bing.com
Hosts: 217.23.15.139 search.yahoo.com
Hosts: 217.23.15.139 www.search.yahoo.com
Hosts: 217.23.15.139 uk.search.yahoo.com
Hosts: 217.23.15.139 ca.search.yahoo.com
Hosts: 217.23.15.139 de.search.yahoo.com
Hosts: 217.23.15.139 fr.search.yahoo.com
Hosts: 217.23.15.139 au.search.yahoo.com

==== Installed Programs ======================

Access Drivers
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Common File Installer
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Help Center 2.1
Adobe Media Player
Adobe Premiere Elements 3.0
Adobe Premiere Elements 3.0 Templates
Adobe Reader 6.0
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
avast! Free Antivirus
Big Green Help
BigFix
Bookworm Deluxe 1.03
CC-off
Data Protection
Dvr Client Program
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Product Detection
HP Software Update
iTunes
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2
Java™ 6 Update 17
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
LEGO Digital Designer
Lexmark 1200 Series
Lexmark Fax Solutions
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Digital Image Library 9 - Blocker
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
MobileMe Control Panel
Mozilla Firefox (1.0.7)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Keyboard Driver
Nero BurnRights
Nero OEM
Photosmart 140,240,7200,7600,7700,7900 Series
PowerDVD
PS7700
PSShortcutsP
PSUsage
QFolder
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Recorder ¡® Viewer 1.2
Samsung USB Driver
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SoftV92 Data Fax Modem with SmartCP
Sonic Encoders
Spybot - Search & Destroy
SpywareBlaster 4.3
SUPERAntiSpyware Free Edition
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Software Update
Yahoo! Toolbar
Zynga Toolbar

==== End Of File ===========================


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-25 01:20:56
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwldqpow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB0488AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB04888EA]
Code 8A1D11B0 ZwEnumerateKey
Code 8A1D0CA8 ZwFlushInstructionCache
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB0488A24]
Code 8A1D1336 IofCallDriver
Code 8A1D1776 IofCompleteRequest
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 8A1D133B
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 8A1D177B
PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP B0488A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP B04888EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEB8 5 Bytes JMP 8A1D0CAC
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP B0484536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP B0485EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP B0488ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB90 5 Bytes JMP 8A1D11B4

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02D8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100D36CB C:\Program Files\Zynga\tbZyn0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100D389B C:\Program Files\Zynga\tbZyn0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100D36CB C:\Program Files\Zynga\tbZyn0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100D389B C:\Program Files\Zynga\tbZyn0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2860] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Modules - GMER 1.0.15 ----

Module \systemroot\PRAGMAsevspuxprq\PRAGMAd.sys (*** hidden *** ) B050A000-B052D000 (143360 bytes)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\PRAGMAncyexnqvcd\PRAGMAd.sys (*** hidden *** ) [DISABLED] PRAGMAncyexnqvcd <-- ROOTKIT !!!
Service C:\WINDOWS\PRAGMAqombivwqph\PRAGMAd.sys (*** hidden *** ) [DISABLED] PRAGMAqombivwqph <-- ROOTKIT !!!
Service C:\WINDOWS\PRAGMArxvmksevpr\PRAGMAd.sys (*** hidden *** ) [DISABLED] PRAGMArxvmksevpr <-- ROOTKIT !!!
Service C:\WINDOWS\PRAGMAsevspuxprq\PRAGMAd.sys (*** hidden *** ) [SYSTEM] PRAGMAsevspuxprq <-- ROOTKIT !!!
Service C:\WINDOWS\PRAGMAtinlprphko\PRAGMAd.sys (*** hidden *** ) [DISABLED] PRAGMAtinlprphko <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd@imagepath \systemroot\PRAGMAncyexnqvcd\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd\modules@PRAGMAd \systemroot\PRAGMAncyexnqvcd\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd\modules@PRAGMAc \systemroot\PRAGMAncyexnqvcd\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAncyexnqvcd\pragmaserf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAncyexnqvcd\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAncyexnqvcd\pragmabbr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph@imagepath \systemroot\PRAGMAqombivwqph\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph\modules@PRAGMAd \systemroot\PRAGMAqombivwqph\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph\modules@PRAGMAc \systemroot\PRAGMAqombivwqph\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAqombivwqph\pragmaserf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAqombivwqph\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAqombivwqph\pragmabbr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr@imagepath \systemroot\PRAGMArxvmksevpr\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr\modules@PRAGMAd \systemroot\PRAGMArxvmksevpr\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr\modules@PRAGMAc \systemroot\PRAGMArxvmksevpr\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr\modules@pragmaserf \\?\globalroot\systemroot\PRAGMArxvmksevpr\pragmaserf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMArxvmksevpr\modules@pragmabbr \\?\globalroot\systemroot\PRAGMArxvmksevpr\pragmabbr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq@imagepath \systemroot\PRAGMAsevspuxprq\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq\modules@PRAGMAd \systemroot\PRAGMAsevspuxprq\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq\modules@PRAGMAc \systemroot\PRAGMAsevspuxprq\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAsevspuxprq\pragmaserf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsevspuxprq\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAsevspuxprq\pragmabbr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko@imagepath \systemroot\PRAGMAtinlprphko\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko\modules@PRAGMAd \systemroot\PRAGMAtinlprphko\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko\modules@PRAGMAc \systemroot\PRAGMAtinlprphko\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAtinlprphko\pragmaserf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAtinlprphko\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAtinlprphko\pragmabbr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd@start 4
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd@imagepath \systemroot\PRAGMAncyexnqvcd\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd\modules@PRAGMAd \systemroot\PRAGMAncyexnqvcd\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd\modules@PRAGMAc \systemroot\PRAGMAncyexnqvcd\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAncyexnqvcd\pragmaserf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAncyexnqvcd\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAncyexnqvcd\pragmabbr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph@start 4
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph@imagepath \systemroot\PRAGMAqombivwqph\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph\modules@PRAGMAd \systemroot\PRAGMAqombivwqph\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph\modules@PRAGMAc \systemroot\PRAGMAqombivwqph\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAqombivwqph\pragmaserf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAqombivwqph\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAqombivwqph\pragmabbr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr@start 4
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr@imagepath \systemroot\PRAGMArxvmksevpr\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr\modules@PRAGMAd \systemroot\PRAGMArxvmksevpr\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr\modules@PRAGMAc \systemroot\PRAGMArxvmksevpr\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr\modules@pragmaserf \\?\globalroot\systemroot\PRAGMArxvmksevpr\pragmaserf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMArxvmksevpr\modules@pragmabbr \\?\globalroot\systemroot\PRAGMArxvmksevpr\pragmabbr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq@imagepath \systemroot\PRAGMAsevspuxprq\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq\modules@PRAGMAd \systemroot\PRAGMAsevspuxprq\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq\modules@PRAGMAc \systemroot\PRAGMAsevspuxprq\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAsevspuxprq\pragmaserf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAsevspuxprq\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAsevspuxprq\pragmabbr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko@start 4
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko@imagepath \systemroot\PRAGMAtinlprphko\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko\modules@PRAGMAd \systemroot\PRAGMAtinlprphko\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko\modules@PRAGMAc \systemroot\PRAGMAtinlprphko\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko\modules@pragmaserf \\?\globalroot\systemroot\PRAGMAtinlprphko\pragmaserf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\PRAGMAtinlprphko\modules@pragmabbr \\?\globalroot\systemroot\PRAGMAtinlprphko\pragmabbr.dll

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\PRAGMAncyexnqvcd 0 bytes
File C:\WINDOWS\PRAGMAncyexnqvcd\pragmabbr.dll 57344 bytes executable
File C:\WINDOWS\PRAGMAncyexnqvcd\PRAGMAc.dll 31232 bytes executable
File C:\WINDOWS\PRAGMAncyexnqvcd\PRAGMAcfg.ini 310 bytes
File C:\WINDOWS\PRAGMAncyexnqvcd\PRAGMAd.sys 47616 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\PRAGMAncyexnqvcd\pragmaserf.dll 57344 bytes executable
File C:\WINDOWS\PRAGMAncyexnqvcd\PRAGMAsrcr.dat 140 bytes
File C:\WINDOWS\PRAGMAqombivwqph 0 bytes
File C:\WINDOWS\PRAGMAqombivwqph\pragmabbr.dll 57344 bytes executable
File C:\WINDOWS\PRAGMAqombivwqph\PRAGMAc.dll 31232 bytes executable
File C:\WINDOWS\PRAGMAqombivwqph\PRAGMAcfg.ini 312 bytes
File C:\WINDOWS\PRAGMAqombivwqph\PRAGMAd.sys 47616 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\PRAGMAqombivwqph\pragmaserf.dll 57344 bytes executable
File C:\WINDOWS\PRAGMAqombivwqph\PRAGMAsrcr.dat 140 bytes
File C:\WINDOWS\PRAGMArxvmksevpr 0 bytes
File C:\WINDOWS\PRAGMArxvmksevpr\pragmabbr.dll 57344 bytes executable
File C:\WINDOWS\PRAGMArxvmksevpr\PRAGMAc.dll 31232 bytes executable
File C:\WINDOWS\PRAGMArxvmksevpr\PRAGMAcfg.ini 310 bytes
File C:\WINDOWS\PRAGMArxvmksevpr\PRAGMAd.sys 47616 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\PRAGMArxvmksevpr\pragmaserf.dll 57344 bytes executable
File C:\WINDOWS\PRAGMArxvmksevpr\PRAGMAsrcr.dat 140 bytes
File C:\WINDOWS\PRAGMAsevspuxprq 0 bytes
File C:\WINDOWS\PRAGMAsevspuxprq\pragmabbr.dll 57344 bytes executable
File C:\WINDOWS\PRAGMAsevspuxprq\PRAGMAc.dll 31232 bytes executable
File C:\WINDOWS\PRAGMAsevspuxprq\PRAGMAcfg.ini 312 bytes
File C:\WINDOWS\PRAGMAsevspuxprq\PRAGMAd.sys 47616 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\PRAGMAsevspuxprq\pragmaserf.dll 57344 bytes executable
File C:\WINDOWS\PRAGMAsevspuxprq\PRAGMAsrcr.dat 140 bytes
File C:\WINDOWS\PRAGMAtinlprphko 0 bytes
File C:\WINDOWS\PRAGMAtinlprphko\pragmabbr.dll 57344 bytes executable
File C:\WINDOWS\PRAGMAtinlprphko\PRAGMAc.dll 31232 bytes executable
File C:\WINDOWS\PRAGMAtinlprphko\PRAGMAcfg.ini 312 bytes
File C:\WINDOWS\PRAGMAtinlprphko\PRAGMAd.sys 47616 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\PRAGMAtinlprphko\pragmaserf.dll 57344 bytes executable
File C:\WINDOWS\PRAGMAtinlprphko\PRAGMAsrcr.dat 140 bytes
File C:\WINDOWS\system32\pragmasrcr.dat 149 bytes
File C:\WINDOWS\Temp\PRAGMAe2ce.tmp 149 bytes
File C:\WINDOWS\Temp\pragmamainqt.dll 10357 bytes
File C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll 1161 bytes
File C:\Documents and Settings\Owner\Local Settings\Temp\PRAGMA930b.tmp 343040 bytes executable
File C:\Documents and Settings\Owner\Local Settings\Temp\PRAGMAa06b.tmp 343040 bytes executable
File C:\Documents and Settings\Owner\Local Settings\Temp\PRAGMAd7d2.tmp 343040 bytes executable
File C:\Documents and Settings\Owner\Local Settings\Temp\PRAGMAd8bc.tmp 343040 bytes executable
File C:\Documents and Settings\Owner\Local Settings\Temp\PRAGMAe510.tmp 343040 bytes executable
File C:\Documents and Settings\Owner\Local Settings\Temp\pragmamainqt.dll 10357 bytes
File C:\Documents and Settings\Owner\Local Settings\Temp\pragmapdconf.ini 35 bytes

---- EOF - GMER 1.0.15 ----


#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 25 May 2010 - 01:12 PM

Hi,



One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 ffitch847

ffitch847
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 25 May 2010 - 01:28 PM

Certainly not the news that I had hoped to hear. I will let you know what we decide.

Thanks for your help

#6 ffitch847

ffitch847
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 25 May 2010 - 01:31 PM

If this pc is not used for banking or that type of activity should that be a problem?

#7 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 25 May 2010 - 02:29 PM

Hi,


If the PC isn't used for banking the risk is much lower but you must be aware of the danger.
As I said, I can still clean your PC but we don't take responsabilities of any privacy attacks that might occur after. smile.gif



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:56 PM

Posted 31 May 2010 - 06:16 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users