Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some Trojan, IE redirecting to bogus sites


  • This topic is locked This topic is locked
7 replies to this topic

#1 mcguire1019

mcguire1019

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:45011
  • Local time:05:28 AM

Posted 23 May 2010 - 01:36 AM

When using any search engine (yahoo, google, etc) when clicking a link in the search results, internet explorer opens a completely different websit. I tried removing via Spybot, AVG, Avast and have had no luck. Please help.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Erica Burger at 21:35:58.26 on Sat 05/22/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.189 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Erica Burger\Local Settings\Temporary Internet Files\Content.IE5\84RZY45M\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [oowkbfvb] c:\documents and settings\erica burger\local settings\application data\sawlftbaj\hxjifjatssd.exe
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [oowkbfvb] c:\documents and settings\erica burger\local settings\application data\sawlftbaj\hxjifjatssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup & record\uBBMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe
uPolicies-explorer: <NO NAME> =
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - hxxp://www.easports.com/downloads/games/common/snoopy/iesnoopy.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2006-8-8 66048]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-8-8 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-8-8 13532]

=============== Created Last 30 ================

2010-05-23 01:35:03 0 ----a-w- c:\documents and settings\erica burger\defogger_reenable
2010-05-21 22:55:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-13 04:04:51 171 ----a-w- c:\windows\system32\MRT.INI
2010-05-13 01:50:21 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-05-11 21:29:50 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-11 21:29:49 0 d-----w- c:\program files\iTunes
2010-05-06 04:49:45 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 04:35:13 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-05-06 14:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-16 12:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 12:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-15 01:39:49 56756 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2004-09-23 03:35:05 4354084 ----a-w- c:\program files\spybotsd13.exe
2005-03-08 17:29:08 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:38:41.09 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 AM

Posted 23 May 2010 - 01:44 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mcguire1019

mcguire1019
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:45011
  • Local time:05:28 AM

Posted 23 May 2010 - 08:41 PM

Computer is doing ok. I tried original problem of search engine redirecting when clicking links and it does not happen, however it was sporadic in the past. I am worried it will be back when I reboot.

***********


ComboFix 10-05-23.05 - Erica Burger 05/23/2010 21:11:57.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.234 [GMT -4:00]
Running from: c:\documents and settings\Erica Burger\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Erica Burger\Local Settings\Application Data\sawlftbaj
c:\documents and settings\Erica Burger\Local Settings\Application Data\sawlftbaj\hxjifjatssd.exe
c:\documents and settings\Erica Burger\System
c:\documents and settings\Erica Burger\System\win_qs7.jqx
c:\windows\Fonts\acrsec.fon
c:\windows\system32\ad020326.de
c:\windows\system32\mspr.dat

Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-24 00:35 . 2010-05-24 00:35 -------- d-----w- c:\documents and settings\Administrator.BURGER1119\Local Settings\Application Data\Identities
2010-05-21 22:55 . 2010-05-21 22:55 -------- d-----w- c:\program files\Alwil Software
2010-05-21 22:55 . 2010-05-21 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-14 23:36 . 2010-05-14 23:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-05-13 01:50 . 2010-05-22 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-11 21:29 . 2010-05-11 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-11 21:29 . 2010-05-11 21:32 -------- d-----w- c:\program files\iTunes
2010-05-11 21:23 . 2010-05-11 21:24 -------- d-----w- c:\program files\QuickTime
2010-05-08 11:40 . 2010-05-08 11:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-06 04:49 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 04:35 . 2010-05-06 04:35 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 14:38 . 2005-12-05 22:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 14:38 . 2003-08-22 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-22 04:24 . 2008-09-17 21:03 0 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\prvlcl.dat
2010-05-13 01:51 . 2008-09-04 00:46 -------- d-----w- c:\program files\AVG
2010-05-11 21:30 . 2005-10-02 20:22 -------- d-----w- c:\program files\iPod
2010-05-11 21:30 . 2007-10-27 13:52 -------- d-----w- c:\program files\Common Files\Apple
2010-05-11 21:18 . 2005-10-02 20:26 -------- d-----w- c:\documents and settings\Erica Burger\Application Data\Apple Computer
2010-05-11 21:07 . 2007-10-27 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-06 14:36 . 2009-10-02 21:00 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 04:49 . 2002-10-04 03:23 -------- d-----w- c:\program files\Java
2010-04-16 12:33 . 2009-12-08 20:50 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 12:33 . 2007-11-14 02:15 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-15 01:39 . 2010-04-15 01:39 56756 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-14 16:24 . 2009-09-06 00:13 256 ----a-w- c:\windows\system32\pool.bin
2010-03-31 01:00 . 2006-09-18 02:32 -------- d-----w- c:\program files\Common Files\Java
2010-03-11 12:38 . 2004-02-06 22:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-04-02 02:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2001-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2003-12-04 04:37 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-02 02:26 . 2010-02-04 05:58 167896 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-24 13:11 . 2001-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2004-09-23 03:35 . 2004-09-23 03:21 4354084 ----a-w- c:\program files\spybotsd13.exe
2005-03-08 17:29 . 2005-03-08 17:29 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-04 180269]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-14 113664]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-10-5 278528]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2006-8-8 745472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2008-01-11 00:36 684032 ----a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
2001-03-28 01:00 102400 ----a-w- c:\program files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIAGENT]
2001-08-30 06:00 172122 ----a-w- c:\program files\Creative\SBLive\Creative Diagnostics 2.0\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 17:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 20:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-09-04 23:31 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [8/8/2006 12:31 PM 66048]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [8/8/2006 11:57 AM 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [8/8/2006 12:31 PM 13532]
.
Contents of the 'Scheduled Tasks' folder

2010-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-05-23 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-05-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-oowkbfvb - c:\documents and settings\Erica Burger\Local Settings\Application Data\sawlftbaj\hxjifjatssd.exe
HKLM-Run-oowkbfvb - c:\documents and settings\Erica Burger\Local Settings\Application Data\sawlftbaj\hxjifjatssd.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-Creative News - c:\program files\Creative\News\CTNews.isu
AddRemove-HyperLoad - c:\program files\Nabisco\HyperLoad\Uninst.isu
AddRemove-Win Favorites - c:\program files\winfavorites\WinFavorites.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 21:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(576)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-05-23 21:36:08
ComboFix-quarantined-files.txt 2010-05-24 01:35

Pre-Run: 3,720,716,288 bytes free
Post-Run: 3,766,857,728 bytes free

- - End Of File - - D2A2E0DF18188463AAE1F521A5DE26AD


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 AM

Posted 23 May 2010 - 09:24 PM

Greetings

I would like you to do the following

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Let me have this report and let me know how things are doing

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mcguire1019

mcguire1019
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:45011
  • Local time:05:28 AM

Posted 23 May 2010 - 11:02 PM

Things are looking up....PC is running smooth. No IE issues.

********************
ComboFix 10-05-23.05 - Erica Burger 05/23/2010 23:39:11.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.196 [GMT -4:00]
Running from: c:\documents and settings\Erica Burger\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Erica Burger\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-24 00:35 . 2010-05-24 00:35 -------- d-----w- c:\documents and settings\Administrator.BURGER1119\Local Settings\Application Data\Identities
2010-05-21 22:55 . 2010-05-21 22:55 -------- d-----w- c:\program files\Alwil Software
2010-05-21 22:55 . 2010-05-21 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-14 23:36 . 2010-05-14 23:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-05-13 01:50 . 2010-05-22 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-11 21:29 . 2010-05-11 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-11 21:29 . 2010-05-11 21:32 -------- d-----w- c:\program files\iTunes
2010-05-11 21:23 . 2010-05-11 21:24 -------- d-----w- c:\program files\QuickTime
2010-05-08 11:40 . 2010-05-08 11:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-06 04:49 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 04:35 . 2010-05-06 04:35 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 14:38 . 2005-12-05 22:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 14:38 . 2003-08-22 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-22 04:24 . 2008-09-17 21:03 0 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\prvlcl.dat
2010-05-16 02:48 . 2010-04-18 22:11 439816 ----a-w- c:\documents and settings\Erica Burger\Application Data\Real\Update\setup3.10\setup.exe
2010-05-13 01:51 . 2008-09-04 00:46 -------- d-----w- c:\program files\AVG
2010-05-11 21:30 . 2005-10-02 20:22 -------- d-----w- c:\program files\iPod
2010-05-11 21:30 . 2007-10-27 13:52 -------- d-----w- c:\program files\Common Files\Apple
2010-05-11 21:18 . 2005-10-02 20:26 -------- d-----w- c:\documents and settings\Erica Burger\Application Data\Apple Computer
2010-05-11 21:12 . 2010-05-11 21:12 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-11 21:07 . 2007-10-27 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-06 14:36 . 2009-10-02 21:00 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 04:49 . 2002-10-04 03:23 -------- d-----w- c:\program files\Java
2010-04-16 12:33 . 2009-12-08 20:50 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 12:33 . 2007-11-14 02:15 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-15 01:39 . 2010-04-15 01:39 56756 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-14 16:24 . 2009-09-06 00:13 256 ----a-w- c:\windows\system32\pool.bin
2010-03-31 01:00 . 2006-09-18 02:32 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 00:58 . 2010-03-31 00:58 503808 ----a-w- c:\documents and settings\Erica Burger\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-677c4830-n\msvcp71.dll
2010-03-31 00:58 . 2010-03-31 00:58 499712 ----a-w- c:\documents and settings\Erica Burger\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-677c4830-n\jmc.dll
2010-03-31 00:58 . 2010-03-31 00:58 348160 ----a-w- c:\documents and settings\Erica Burger\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-677c4830-n\msvcr71.dll
2010-03-31 00:58 . 2010-03-31 00:58 61440 ----a-w- c:\documents and settings\Erica Burger\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-763fc400-n\decora-sse.dll
2010-03-31 00:58 . 2010-03-31 00:58 12800 ----a-w- c:\documents and settings\Erica Burger\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-763fc400-n\decora-d3d.dll
2010-03-11 12:38 . 2004-02-06 22:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-04-02 02:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2001-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2003-12-04 04:37 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-02 02:26 . 2010-02-04 05:58 167896 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-24 13:11 . 2001-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2004-09-23 03:35 . 2004-09-23 03:21 4354084 ----a-w- c:\program files\spybotsd13.exe
2005-03-08 17:29 . 2005-03-08 17:29 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-04 180269]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-14 113664]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-10-5 278528]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2006-8-8 745472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2008-01-11 00:36 684032 ----a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
2001-03-28 01:00 102400 ----a-w- c:\program files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIAGENT]
2001-08-30 06:00 172122 ----a-w- c:\program files\Creative\SBLive\Creative Diagnostics 2.0\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 17:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 20:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-09-04 23:31 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [8/8/2006 12:31 PM 66048]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [8/8/2006 11:57 AM 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [8/8/2006 12:31 PM 13532]
.
Contents of the 'Scheduled Tasks' folder

2010-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-05-23 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-05-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 23:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(576)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-24 00:00:45
ComboFix-quarantined-files.txt 2010-05-24 04:00
ComboFix2.txt 2010-05-24 01:36

Pre-Run: 3,777,085,440 bytes free
Post-Run: 3,756,646,400 bytes free

- - End Of File - - ABB96215CC9F8411FD310C466E550B23


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 AM

Posted 23 May 2010 - 11:20 PM

Hello

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Adobe Reader 8.1.4
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_15
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ 6 Update 5
    Java™ 6 Update 7
    Java™ SE Runtime Environment 6 Update 1
    Win Favorites

    Java™ 6 Update 20<---do not remove


    and click on remove

Update Adobe Reader
    Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      If you don't like Adobe Reader (33.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 AM

Posted 27 May 2010 - 06:43 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 AM

Posted 30 May 2010 - 03:17 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users