Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infomoneyservice.com/Multiple Hidden Firefox and IE Windows


  • This topic is locked This topic is locked
12 replies to this topic

#1 Optimus10

Optimus10

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 06 August 2010 - 10:36 AM

Hey Everyone.

First off, thanks to anyone who can help me. You are doing great work, and I can't thank you enough.

For about a month now, I've been having issues with Firefox. At first I thought it was the new plugincontainer. But as I had to Taskmanager quit Firefox, when I reloaded, multiple tabs or windows I didn't have open would appear in the "Restore" page. It was making my browing experience tiresome, as opening a new tab or page would cause the memory usage of Firefox to reach of 99%. Eventually I started coming in after leaving the computer on and would get blue screened. Now, IE is experiencing similar issues.

I've run multiple anti-virus software in safe mode that has never picked up anything. Same with just GMER and MBR. I've tried to search for a solution, and this was the best place. Below are my logs. If I need any more information, please let me know.



Here is the DDS Log

DDS (Ver_10-03-17.01) - NTFSx86
Run by X at 9:55:21.53 on Fri 08/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.14 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\NMapWin\bin\nmapserv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\OpMail\OpMailServer.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\PROGRA~1\OpMail\OpMailSmtpSend.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\mysql\bin\winmysqladmin.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\UltraEdit\UEDIT32.EXE
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Idea2 SidebarBrowserMonitor Class: {45ad732c-2ce2-4666-b366-b2214ad57a49} - c:\program files\desktop sidebar\sbhelp.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\winmys~1.lnk - c:\mysql\bin\winmysqladmin.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache group\apache2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptray.lnk - c:\program files\pgp corporation\pgp for windows xp\PGPtray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Subscribe in Desktop Sidebar - c:\program files\desktop sidebar\sbhelp.dll/menuhandler.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09FE188B-6E85-479e-9411-51FB2220DF80} - {45AD732C-2CE2-4666-B366-B2214AD57A49} - c:\program files\desktop sidebar\sbhelp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000163-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/B/B/0BB06A5C-8611-4840-86B3-54DDDD0344B9/wma9dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {8F4E87B6-178E-4611-9E28-42890706355E} = 10.1.192.51,10.1.192.53
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\jol4c2uq.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-7-28 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-7-28 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-28 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-28 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-28 243024]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-28 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-7-28 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-7-28 5897808]
R2 OpMailServer;OpMail SMTP/POP3 server;c:\progra~1\opmail\OpMailServer.exe [2002-5-26 208957]
R2 OpMailSmtpSend;OpMail SMTP sender;c:\progra~1\opmail\OpMailSmtpSend.exe [2002-3-25 245838]
R2 PGPsdkServ;PGPsdkService;c:\windows\system32\PGPsdkServ.exe [2004-4-20 65536]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-28 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-7-28 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-7-28 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-7-28 26192]
S2 XServer;XServer;c:\program files\sapdb\indep_prog\pgm\serv.exe --> c:\program files\sapdb\indep_prog\pgm\serv.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-28 30104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2002-10-22 32528]
S3 SAP DBTech-.CPROGRA;SAPDB: .CPROGRA;c:\program files\sapdb\depend\pgm\kernel.exe --> c:\program files\sapdb\depend\pgm\kernel.exe [?]
S3 SAPDBWWW;SAP DB WWW;c:\program files\sapdb\indep_prog\web\pgm\wahttp.exe --> c:\program files\sapdb\indep_prog\web\pgm\wahttp.exe [?]
S3 SAPDBXIE;SAPDBXIE;c:\program files\sapdb\indep_prog\web\pgm\sapdbxie.exe --> c:\program files\sapdb\indep_prog\web\pgm\sapdbxie.exe [?]

=============== Created Last 30 ================


==================== Find3M ====================

2010-06-28 14:08:06 4390760 ------w- c:\program files\Shockwave_Installer_Slim.exe
2010-06-24 14:27:31 33850672 ------w- c:\program files\QuickTimeInstaller.exe
2010-06-23 17:46:33 1835259 ------w- c:\program files\setupxls2xls.exe

============= FINISH: 9:56:31.18 ===============



GMER Log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-06 11:16:12
Windows 5.1.2600 Service Pack 2
Running: 15xouj63.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEFB33670]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xEFB33720]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEFB337C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEFB33860]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Cobian Backup 10\cbInterface.exe[616] WS2_32.dll!send 71AB428A 5 Bytes JMP 0234B558
.text C:\Program Files\Cobian Backup 10\cbInterface.exe[616] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0234B86D
.text C:\Program Files\Cobian Backup 10\cbInterface.exe[616] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0234B639
.text C:\Program Files\Cobian Backup 10\cbInterface.exe[616] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0234B70C
.text C:\Program Files\Cobian Backup 10\cbInterface.exe[616] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0234B9BB
.text C:\PROGRA~1\OpMail\OpMailSmtpSend.exe[632] WS2_32.dll!send 71AB428A 5 Bytes JMP 0141B558
.text C:\PROGRA~1\OpMail\OpMailSmtpSend.exe[632] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0141B86D
.text C:\PROGRA~1\OpMail\OpMailSmtpSend.exe[632] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0141B639
.text C:\PROGRA~1\OpMail\OpMailSmtpSend.exe[632] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0141B70C
.text C:\PROGRA~1\OpMail\OpMailSmtpSend.exe[632] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0141B9BB
.text C:\Program Files\AVG\AVG9\avgnsx.exe[636] WS2_32.dll!send 71AB428A 5 Bytes JMP 027CB558
.text C:\Program Files\AVG\AVG9\avgnsx.exe[636] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 027CB86D
.text C:\Program Files\AVG\AVG9\avgnsx.exe[636] WS2_32.dll!recv 71AB615A 5 Bytes JMP 027CB639
.text C:\Program Files\AVG\AVG9\avgnsx.exe[636] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 027CB70C
.text C:\Program Files\AVG\AVG9\avgnsx.exe[636] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 027CB9BB
.text C:\WINDOWS\System32\PGPsdkServ.exe[668] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C1B558
.text C:\WINDOWS\System32\PGPsdkServ.exe[668] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00C1B86D
.text C:\WINDOWS\System32\PGPsdkServ.exe[668] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00C1B639
.text C:\WINDOWS\System32\PGPsdkServ.exe[668] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00C1B70C
.text C:\WINDOWS\System32\PGPsdkServ.exe[668] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C1B9BB
.text C:\WINDOWS\system32\wuauclt.exe[876] WS2_32.dll!send 71AB428A 5 Bytes JMP 00DEB558
.text C:\WINDOWS\system32\wuauclt.exe[876] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00DEB86D
.text C:\WINDOWS\system32\wuauclt.exe[876] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00DEB639
.text C:\WINDOWS\system32\wuauclt.exe[876] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00DEB70C
.text C:\WINDOWS\system32\wuauclt.exe[876] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00DEB9BB
.text C:\WINDOWS\system32\winlogon.exe[972] Secur32.dll!LsaLogonUser 77FE33F1 5 Bytes JMP 01452946
.text C:\Program Files\Cobian Backup 10\Cobian.exe[1180] WS2_32.DLL!send 71AB428A 5 Bytes JMP 095FB558
.text C:\Program Files\Cobian Backup 10\Cobian.exe[1180] WS2_32.DLL!WSARecv 71AB4318 5 Bytes JMP 095FB86D
.text C:\Program Files\Cobian Backup 10\Cobian.exe[1180] WS2_32.DLL!recv 71AB615A 5 Bytes JMP 095FB639
.text C:\Program Files\Cobian Backup 10\Cobian.exe[1180] WS2_32.DLL!WSASend 71AB6233 5 Bytes JMP 095FB70C
.text C:\Program Files\Cobian Backup 10\Cobian.exe[1180] WS2_32.DLL!closesocket 71AB9639 5 Bytes JMP 095FB9BB
.text C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1920] WS2_32.dll!send 71AB428A 5 Bytes JMP 02D3B558
.text C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1920] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 02D3B86D
.text C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1920] WS2_32.dll!recv 71AB615A 5 Bytes JMP 02D3B639
.text C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1920] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 02D3B70C
.text C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1920] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 02D3B9BB
.text C:\Program Files\Apache Group\Apache2\bin\Apache.exe[2136] WS2_32.dll!send 71AB428A 5 Bytes JMP 00AAB558
.text C:\Program Files\Apache Group\Apache2\bin\Apache.exe[2136] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00AAB86D
.text C:\Program Files\Apache Group\Apache2\bin\Apache.exe[2136] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00AAB639
.text C:\Program Files\Apache Group\Apache2\bin\Apache.exe[2136] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00AAB70C
.text C:\Program Files\Apache Group\Apache2\bin\Apache.exe[2136] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00AAB9BB
.text C:\WINDOWS\Explorer.EXE[2204] USER32.dll!DisplayExitWindowsWarnings 77D89B49 5 Bytes JMP 00C92758
.text C:\WINDOWS\Explorer.EXE[2204] WS2_32.dll!send 71AB428A 5 Bytes JMP 0161B558
.text C:\WINDOWS\Explorer.EXE[2204] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0161B86D
.text C:\WINDOWS\Explorer.EXE[2204] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0161B639
.text C:\WINDOWS\Explorer.EXE[2204] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0161B70C
.text C:\WINDOWS\Explorer.EXE[2204] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0161B9BB
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2252] WS2_32.dll!send 71AB428A 5 Bytes JMP 02B1B558
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2252] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 02B1B86D
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2252] WS2_32.dll!recv 71AB615A 5 Bytes JMP 02B1B639
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2252] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 02B1B70C
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2252] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 02B1B9BB
.text C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe[2276] WS2_32.dll!send 71AB428A 5 Bytes JMP 01FFB558
.text C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe[2276] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 01FFB86D
.text C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe[2276] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01FFB639
.text C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe[2276] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01FFB70C
.text C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe[2276] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 01FFB9BB
.text C:\Program Files\AVG\AVG9\avgfws9.exe[2312] WS2_32.dll!send 71AB428A 5 Bytes JMP 0324B558
.text C:\Program Files\AVG\AVG9\avgfws9.exe[2312] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0324B86D
.text C:\Program Files\AVG\AVG9\avgfws9.exe[2312] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0324B639
.text C:\Program Files\AVG\AVG9\avgfws9.exe[2312] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0324B70C
.text C:\Program Files\AVG\AVG9\avgfws9.exe[2312] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0324B9BB
.text C:\WINDOWS\system32\cisvc.exe[2384] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C1B558
.text C:\WINDOWS\system32\cisvc.exe[2384] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00C1B86D
.text C:\WINDOWS\system32\cisvc.exe[2384] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00C1B639
.text C:\WINDOWS\system32\cisvc.exe[2384] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00C1B70C
.text C:\WINDOWS\system32\cisvc.exe[2384] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C1B9BB
.text C:\mysql\bin\mysqld-nt.exe[2512] WS2_32.dll!send 71AB428A 5 Bytes JMP 01FCB558
.text C:\mysql\bin\mysqld-nt.exe[2512] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 01FCB86D
.text C:\mysql\bin\mysqld-nt.exe[2512] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01FCB639
.text C:\mysql\bin\mysqld-nt.exe[2512] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01FCB70C
.text C:\mysql\bin\mysqld-nt.exe[2512] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 01FCB9BB
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] WS2_32.dll!send 71AB428A 5 Bytes JMP 00F4B558
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00F4B86D
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00F4B639
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00F4B70C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00F4B9BB
.text C:\Program Files\iTunes\iTunesHelper.exe[3712] WS2_32.dll!send 71AB428A 5 Bytes JMP 014DB558
.text C:\Program Files\iTunes\iTunesHelper.exe[3712] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 014DB86D
.text C:\Program Files\iTunes\iTunesHelper.exe[3712] WS2_32.dll!recv 71AB615A 5 Bytes JMP 014DB639
.text C:\Program Files\iTunes\iTunesHelper.exe[3712] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 014DB70C
.text C:\Program Files\iTunes\iTunesHelper.exe[3712] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 014DB9BB
.text C:\WINDOWS\BCMSMMSG.exe[3776] WS2_32.dll!send 71AB428A 5 Bytes JMP 00DDB558
.text C:\WINDOWS\BCMSMMSG.exe[3776] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00DDB86D
.text C:\WINDOWS\BCMSMMSG.exe[3776] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00DDB639
.text C:\WINDOWS\BCMSMMSG.exe[3776] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00DDB70C
.text C:\WINDOWS\BCMSMMSG.exe[3776] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00DDB9BB
.text C:\PROGRA~1\OpMail\OpMailServer.exe[3996] WS2_32.dll!send 71AB428A 5 Bytes JMP 0120B558
.text C:\PROGRA~1\OpMail\OpMailServer.exe[3996] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0120B86D
.text C:\PROGRA~1\OpMail\OpMailServer.exe[3996] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0120B639
.text C:\PROGRA~1\OpMail\OpMailServer.exe[3996] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0120B70C
.text C:\PROGRA~1\OpMail\OpMailServer.exe[3996] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0120B9BB
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4112] WS2_32.dll!send 71AB428A 5 Bytes JMP 06B3B558
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4112] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 06B3B86D
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4112] WS2_32.dll!recv 71AB615A 5 Bytes JMP 06B3B639
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4112] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 06B3B70C
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4112] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 06B3B9BB
.text C:\WINDOWS\system32\cidaemon.exe[4592] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D0B558
.text C:\WINDOWS\system32\cidaemon.exe[4592] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00D0B86D
.text C:\WINDOWS\system32\cidaemon.exe[4592] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00D0B639
.text C:\WINDOWS\system32\cidaemon.exe[4592] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D0B70C
.text C:\WINDOWS\system32\cidaemon.exe[4592] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00D0B9BB
.text C:\Program Files\iPod\bin\iPodService.exe[4936] WS2_32.dll!send 71AB428A 5 Bytes JMP 00B2B558
.text C:\Program Files\iPod\bin\iPodService.exe[4936] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00B2B86D
.text C:\Program Files\iPod\bin\iPodService.exe[4936] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00B2B639
.text C:\Program Files\iPod\bin\iPodService.exe[4936] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00B2B70C
.text C:\Program Files\iPod\bin\iPodService.exe[4936] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00B2B9BB
.text C:\WINDOWS\System32\alg.exe[5788] WS2_32.dll!send 71AB428A 5 Bytes JMP 0095B558
.text C:\WINDOWS\System32\alg.exe[5788] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0095B86D
.text C:\WINDOWS\System32\alg.exe[5788] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0095B639
.text C:\WINDOWS\System32\alg.exe[5788] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0095B70C
.text C:\WINDOWS\System32\alg.exe[5788] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0095B9BB

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Ntfs \Ntfs PGPsdk.sys (PGP Software Development Kit NT Driver/PGP Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 PGPsdk.sys (PGP Software Development Kit NT Driver/PGP Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 PGPsdk.sys (PGP Software Development Kit NT Driver/PGP Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB891781$\dhtmled.ocx 0 bytes
File C:\WINDOWS\$NtUninstallKB891781$\kb891781.cat 0 bytes
File C:\WINDOWS\$NtUninstallKB891781$\spuninst 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 PM

Posted 14 August 2010 - 07:53 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Optimus10

Optimus10
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 16 August 2010 - 08:58 AM

Hi m0le, thanks for helping me out.

Sorry about the long reply. The infected computer is at work, and I just got back into the office.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 PM

Posted 16 August 2010 - 06:17 PM

Rootkit activity showing on Gmer. Please run MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 Optimus10

Optimus10
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 17 August 2010 - 09:59 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0004003d

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF8A38000 \WINDOWS\system32\KDCOM.DLL
0xF8948000 \WINDOWS\system32\BOOTVID.dll
0xF84E9000 ACPI.sys
0xF8A3A000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF84D8000 pci.sys
0xF8538000 isapnp.sys
0xF8B00000 pciide.sys
0xF87B8000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8A3C000 intelide.sys
0xF8548000 MountMgr.sys
0xF84B9000 ftdisk.sys
0xF8A3E000 dmload.sys
0xF8493000 dmio.sys
0xF87C0000 PartMgr.sys
0xF8558000 VolSnap.sys
0xF847B000 atapi.sys
0xF8568000 disk.sys
0xF8578000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF845C000 fltmgr.sys
0xF844A000 sr.sys
0xF8433000 KSecDD.sys
0xF83A6000 Ntfs.sys
0xF8379000 NDIS.sys
0xF835E000 Mup.sys
0xF8588000 avgrkx86.sys
0xF8598000 AVGIDSxx.sys
0xF85C8000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7D0E000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF7CFA000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF88F8000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7CD7000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8900000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7BCA000 \SystemRoot\System32\DRIVERS\BCMSM.sys
0xF7BA7000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8908000 \SystemRoot\System32\Drivers\Modem.SYS
0xF85D8000 \SystemRoot\System32\DRIVERS\bcm4sbxp.sys
0xF8910000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF85E8000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8918000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF85F8000 \SystemRoot\System32\Drivers\PGPsdk.sys
0xF8920000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8638000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8A2C000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7B93000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8648000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8658000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8668000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF8930000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF7B78000 \SystemRoot\system32\drivers\ac97ich4.sys
0xF7B54000 \SystemRoot\system32\drivers\portcls.sys
0xF8678000 \SystemRoot\system32\drivers\drmk.sys
0xF8938000 \SystemRoot\system32\DRIVERS\avgfwdx.sys
0xF8C29000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8688000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8A34000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7B3D000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8698000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF86A8000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8940000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7B2C000 \SystemRoot\System32\DRIVERS\psched.sys
0xF86B8000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF87D8000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF87E0000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7AFB000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF86C8000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8AA0000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7A9F000 \SystemRoot\System32\DRIVERS\update.sys
0xF8311000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF86E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEFA0B000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEF9EF000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF8708000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8AA6000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7AEB000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF8848000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8AC2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B3A000 \SystemRoot\System32\Drivers\Null.SYS
0xF8AC4000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8858000 \SystemRoot\System32\drivers\vga.sys
0xF8AC6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8AC8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8860000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8868000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AD7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEF994000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEF93C000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEF902000 \SystemRoot\System32\Drivers\avgtdix.sys
0xEF8DA000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEF8B8000 \SystemRoot\System32\drivers\afd.sys
0xF8728000 \SystemRoot\System32\DRIVERS\netbios.sys
0xEF88D000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF89E0000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xEF7F6000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8758000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8878000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xEF7C2000 \SystemRoot\System32\Drivers\avgldx86.sys
0xEF7A1000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF89F0000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xF8768000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF8788000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEF6C1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8AF4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7AF7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF88B8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C53000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF06F000 \SystemRoot\System32\ialmdd5.DLL
0xEF675000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEF5E1000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys
0xEF5A1000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys
0xEF3C9000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys
0xEF0E4000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF6F9000 \SystemRoot\system32\drivers\sysaudio.sys
0xEEED2000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8AF8000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEEE58000 \SystemRoot\System32\Drivers\PGPdisk.SYS
0xEE799000 \SystemRoot\System32\DRIVERS\srv.sys
0xEE60E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF8820000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xEE27B000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xEDECA000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
900 C:\WINDOWS\system32\smss.exe
948 csrss.exe
972 C:\WINDOWS\system32\winlogon.exe
1016 C:\WINDOWS\system32\services.exe
1028 C:\WINDOWS\system32\lsass.exe
1188 C:\WINDOWS\system32\svchost.exe
1288 svchost.exe
1400 C:\WINDOWS\system32\svchost.exe
1464 svchost.exe
1560 C:\Program Files\AVG\AVG9\avgchsvx.exe
1568 C:\Program Files\AVG\AVG9\avgrsx.exe
1604 svchost.exe
1720 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1852 C:\WINDOWS\system32\BRSVC01A.EXE
1868 C:\WINDOWS\system32\BRSS01A.EXE
1876 C:\WINDOWS\system32\spoolsv.exe
1920 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
1476 svchost.exe
1800 C:\Program Files\Apache Group\Apache2\bin\Apache.exe
2092 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2188 C:\Program Files\AVG\AVG9\avgfws9.exe
2224 C:\WINDOWS\explorer.exe
2420 C:\WINDOWS\system32\cisvc.exe
2480 C:\Program Files\Java\jre6\bin\jqs.exe
2492 C:\Program Files\Apache Group\Apache2\bin\Apache.exe
2544 C:\mysql\bin\mysqld-nt.exe
3656 C:\Program Files\NMapWin\bin\nmapserv.exe
3772 C:\WINDOWS\system32\hkcmd.exe
3784 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3828 C:\PROGRA~1\OpMail\OpMailServer.exe
3936 C:\PROGRA~1\OpMail\OpMailSmtpSend.exe
4028 C:\WINDOWS\system32\PGPsdkServ.exe
448 C:\Program Files\iTunes\iTunesHelper.exe
716 C:\Program Files\AVG\AVG9\avgam.exe
200 C:\Program Files\AVG\AVG9\avgnsx.exe
1064 C:\WINDOWS\system32\svchost.exe
2320 C:\Program Files\QuickTime\QTTask.exe
3704 C:\WINDOWS\BCMSMMSG.exe
3832 C:\PROGRA~1\AVG\AVG9\avgtray.exe
4024 C:\WINDOWS\system32\ctfmon.exe
4108 C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
4128 C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
4216 C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
4248 C:\Program Files\OpenOffice.org 3\program\soffice.exe
4288 C:\mysql\bin\winmysqladmin.exe
4308 C:\Program Files\OpenOffice.org 3\program\soffice.bin
4556 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4784 C:\Program Files\AVG\AVG9\avgcsrvx.exe
5396 C:\Program Files\iPod\bin\iPodService.exe
2232 alg.exe
5224 C:\WINDOWS\system32\wuauclt.exe
4596 C:\WINDOWS\system32\taskmgr.exe
5420 C:\WINDOWS\system32\cidaemon.exe
2384 C:\WINDOWS\system32\wuauclt.exe
1240 C:\Program Files\Mozilla Firefox\firefox.exe
4176 C:\Program Files\AVG\AVG9\avgupd.exe
2116 C:\Documents and Settings\Owner\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`c5d2dc00 (NTFS)

PhysicalDrive0 Model Number: ST380011A, Rev: 3.16

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 MBR Code Faked (known infection: Whistler / Black Internet)!
SHA1: 4C73F18103C9BEEC7A59697F7C30E616317435F9


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 PM

Posted 17 August 2010 - 06:46 PM

Bootkit which can take some shifting.

The first method is to rerun MBRCheck as below

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you [b]"Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#7 Optimus10

Optimus10
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 18 August 2010 - 12:17 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF8A38000 \WINDOWS\system32\KDCOM.DLL
0xF8948000 \WINDOWS\system32\BOOTVID.dll
0xF84E9000 ACPI.sys
0xF8A3A000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF84D8000 pci.sys
0xF8538000 isapnp.sys
0xF8B00000 pciide.sys
0xF87B8000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8A3C000 intelide.sys
0xF8548000 MountMgr.sys
0xF84B9000 ftdisk.sys
0xF8A3E000 dmload.sys
0xF8493000 dmio.sys
0xF87C0000 PartMgr.sys
0xF8558000 VolSnap.sys
0xF847B000 atapi.sys
0xF8568000 disk.sys
0xF8578000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF845C000 fltmgr.sys
0xF844A000 sr.sys
0xF8433000 KSecDD.sys
0xF83A6000 Ntfs.sys
0xF8379000 NDIS.sys
0xF835E000 Mup.sys
0xF8588000 avgrkx86.sys
0xF8598000 AVGIDSxx.sys
0xF85B8000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7CB2000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF7C9E000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF88F0000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7C7B000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF88F8000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7B6E000 \SystemRoot\System32\DRIVERS\BCMSM.sys
0xF7B4B000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8900000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7D59000 \SystemRoot\System32\DRIVERS\bcm4sbxp.sys
0xF8908000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7D49000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8910000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7D39000 \SystemRoot\System32\Drivers\PGPsdk.sys
0xF8928000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7CF9000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8319000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7B37000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7CE9000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7CD9000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7CC9000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF8930000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF7B1C000 \SystemRoot\system32\drivers\ac97ich4.sys
0xF7AF8000 \SystemRoot\system32\drivers\portcls.sys
0xF85C8000 \SystemRoot\system32\drivers\drmk.sys
0xF8938000 \SystemRoot\system32\DRIVERS\avgfwdx.sys
0xF8C8C000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF85D8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8311000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7AE1000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF85E8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF85F8000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8940000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7AD0000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8608000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF87D8000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF87E0000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7A9F000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF8618000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8A86000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7A43000 \SystemRoot\System32\DRIVERS\update.sys
0xF89D0000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8628000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEF9AF000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEF993000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF8648000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8A9C000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8A28000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF8820000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8AA6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8BE4000 \SystemRoot\System32\Drivers\Null.SYS
0xF8AA8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8830000 \SystemRoot\System32\drivers\vga.sys
0xF8AAA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8AAC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8838000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8840000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8321000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEF938000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEF8E0000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEF8A6000 \SystemRoot\System32\Drivers\avgtdix.sys
0xEF87E000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEF85C000 \SystemRoot\System32\drivers\afd.sys
0xF8668000 \SystemRoot\System32\DRIVERS\netbios.sys
0xEF831000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF7A83000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xEF79A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8698000 \SystemRoot\System32\Drivers\Fips.SYS
0xEF779000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF8850000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xEF745000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF89D4000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xF86B8000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF86D8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEF68D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8AD0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEF977000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8878000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BAD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF06F000 \SystemRoot\System32\ialmdd5.DLL
0xEF615000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEF595000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys
0xEF555000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys
0xEF36D000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys
0xEF110000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8AA0000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEF06E000 \SystemRoot\System32\Drivers\PGPdisk.SYS
0xEEE5F000 \SystemRoot\System32\DRIVERS\srv.sys
0xEE824000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF8880000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xEE621000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xEE518000 \SystemRoot\System32\Drivers\HTTP.sys
0xEE39B000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE684000 \SystemRoot\system32\drivers\sysaudio.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 55):
0 System Idle Process
4 System
908 C:\WINDOWS\system32\smss.exe
956 csrss.exe
980 C:\WINDOWS\system32\winlogon.exe
1024 C:\WINDOWS\system32\services.exe
1036 C:\WINDOWS\system32\lsass.exe
1184 C:\WINDOWS\system32\svchost.exe
1284 svchost.exe
1324 C:\WINDOWS\system32\svchost.exe
1408 svchost.exe
1476 C:\Program Files\AVG\AVG9\avgchsvx.exe
1484 C:\Program Files\AVG\AVG9\avgrsx.exe
1508 svchost.exe
1576 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1692 C:\WINDOWS\system32\BRSVC01A.EXE
1708 C:\WINDOWS\system32\BRSS01A.EXE
1716 C:\WINDOWS\system32\spoolsv.exe
1760 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
456 svchost.exe
612 C:\Program Files\Apache Group\Apache2\bin\Apache.exe
632 C:\Program Files\AVG\AVG9\avgwdsvc.exe
644 C:\Program Files\AVG\AVG9\avgfws9.exe
708 C:\WINDOWS\system32\cisvc.exe
924 C:\Program Files\Java\jre6\bin\jqs.exe
1200 C:\Program Files\Apache Group\Apache2\bin\Apache.exe
1072 C:\mysql\bin\mysqld-nt.exe
1572 C:\Program Files\NMapWin\bin\nmapserv.exe
3076 C:\PROGRA~1\OpMail\OpMailServer.exe
3092 C:\PROGRA~1\OpMail\OpMailSmtpSend.exe
3116 C:\WINDOWS\system32\PGPsdkServ.exe
3228 C:\WINDOWS\system32\svchost.exe
3412 C:\Program Files\AVG\AVG9\avgam.exe
3488 C:\Program Files\AVG\AVG9\avgnsx.exe
3796 C:\WINDOWS\system32\wuauclt.exe
4132 alg.exe
6136 C:\WINDOWS\explorer.exe
4592 C:\WINDOWS\system32\hkcmd.exe
4712 C:\Program Files\Common Files\Java\Java Update\jusched.exe
5520 C:\Program Files\iTunes\iTunesHelper.exe
5720 C:\Program Files\iPod\bin\iPodService.exe
5716 C:\Program Files\QuickTime\QTTask.exe
5972 C:\WINDOWS\BCMSMMSG.exe
3168 C:\PROGRA~1\AVG\AVG9\avgtray.exe
4324 C:\WINDOWS\system32\ctfmon.exe
4544 C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
5388 C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
5492 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
5432 C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
3636 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3824 C:\mysql\bin\winmysqladmin.exe
4292 C:\Program Files\OpenOffice.org 3\program\soffice.bin
4496 C:\WINDOWS\system32\wuauclt.exe
4600 C:\WINDOWS\system32\taskmgr.exe
5128 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`c5d2dc00 (NTFS)

PhysicalDrive0 Model Number: ST380011A, Rev: 3.16

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 MBR Code Faked (known infection: Whistler / Black Internet)!
SHA1: 4C73F18103C9BEEC7A59697F7C30E616317435F9


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 PM

Posted 18 August 2010 - 02:19 PM

That failed.

Please do the following:

Locate your XP disk. If you can't find it then follow the instructions to burn one below.

Please download the Recovery Console Bootable CD iso
Unzip the file and user your favourite burning application to burn the iso to a CD. Note, this is not the same as just burning the iso file on a CD.
  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.


    When you have the disk do the following:
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open
Once in Recovery Console, please type fixmbr and hit enter.

Type exit to exit and restart your PC.


Now please run MBRCheck as shown the first time you ran it.
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 PM

Posted 20 August 2010 - 07:00 PM

Are you okay with this step?
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 PM

Posted 21 August 2010 - 06:55 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 PM

Posted 27 August 2010 - 07:29 PM

Reopened at user's request

-----------------------------------------

Have you managed to do this step?
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 PM

Posted 30 August 2010 - 06:52 PM

Optimus10, you have one day to respond to this bump or I will close this topic.
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 PM

Posted 31 August 2010 - 07:19 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users