Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Fraudster Targets Cryptocurrency Wallets with a Variety of Info Stealers

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Photo

browser hijack bug - all browsers

Started by dscrub03 , Nov 16 2010 11:12 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 dscrub03

dscrub03

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:04:55 AM

Posted 16 November 2010 - 11:12 PM

Hi there, I have gone through the preparation page and downloaded / run all the prescribed applications. I have reports ready to provide upon reply.

I do not know how bad it is to have run combofix already but, when I was refered to the program and to download from bleepingcomputer.com ONLY....well, that's what I did. Downloaded, installed and run all prior to realizing there were caution statements not to run it.

Any help would be great.....since I am still getting the epoclick/google analytics browser windows spawning.

Thank you so much.


DDS (Ver_10-11-10.01) - NTFSx86
Run by Administrator at 13:20:14.43 on Tue 11/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.303 [GMT -8:00]

AV: AVG Internet Security 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.com/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\acrobat\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\orderreminder\OrderReminder.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289605236149
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {B91DC06A-2B06-4D17-A745-C51CE443357D} = 208.45.228.3
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\rew4y8x9.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-9-10 3210176]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-9-22 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-9-22 122368]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-9-22 114464]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20061206.016\naveng.sys [2006-12-11 79240]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20061206.016\navex15.sys [2006-12-11 831880]
R3 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
S2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-9-22 221184]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-14 517448]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
S3 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\rtl8180.sys [2005-7-27 184832]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-9-22 245760]

=============== Created Last 30 ================

2010-11-16 00:05:54 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\AVG Security Toolbar
2010-11-15 04:57:56 -------- d--h--w- C:\$AVG
2010-11-15 00:36:29 -------- d-----w- c:\docume~1\admini~1\applic~1\AVG10
2010-11-15 00:20:43 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-11-15 00:19:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-11-15 00:10:44 -------- d-----w- c:\windows\system32\drivers\AVG
2010-11-15 00:10:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-11-15 00:08:11 -------- d-----w- c:\program files\AVG
2010-11-14 23:59:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-14 23:51:16 1409 ----a-w- c:\windows\QTFont.for
2010-11-14 19:39:05 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
2010-11-14 18:41:43 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple
2010-11-13 06:12:50 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-13 06:12:38 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-11-13 06:12:38 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-13 06:12:37 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-13 05:22:11 -------- d-----w- c:\windows\system32\scripting
2010-11-13 05:22:06 -------- d-----w- c:\windows\l2schemas
2010-11-13 05:22:04 -------- d-----w- c:\windows\system32\en
2010-11-13 05:08:36 -------- d-----w- c:\windows\network diagnostic
2010-11-13 04:23:19 276992 ------w- c:\windows\system32\wmphoto.dll
2010-11-13 04:23:16 69120 ------w- c:\windows\system32\wlanapi.dll
2010-11-13 04:23:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2010-11-13 04:23:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2010-11-13 04:21:51 30208 ------w- c:\windows\system32\napipsec.dll
2010-11-13 04:20:48 37376 ------w- c:\windows\system32\l2gpstore.dll
2010-11-13 04:20:46 61440 ------w- c:\windows\system32\kmsvc.dll
2010-11-13 04:20:45 6144 ------w- c:\windows\system32\kbdpash.dll
2010-11-13 04:20:45 6144 ------w- c:\windows\system32\kbdnepr.dll
2010-11-13 04:20:45 6144 ------w- c:\windows\system32\kbdiultn.dll
2010-11-13 04:20:44 6144 ------w- c:\windows\system32\kbdbhc.dll
2010-11-13 04:20:23 10752 ------w- c:\windows\system32\smtpapi.dll
2010-11-13 04:20:22 9728 ------w- c:\windows\system32\rwnh.dll
2010-11-13 04:20:05 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2010-11-13 03:49:27 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-11-13 03:38:44 -------- d-----w- C:\ddac2c132944a050d9895e8d20a1
2010-11-13 03:30:53 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2010-11-13 02:50:27 -------- d-----w- c:\windows\ie8updates
2010-11-13 02:50:03 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-13 02:50:03 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-13 02:50:03 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-13 02:50:03 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-13 02:50:03 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-11-13 02:50:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-11-13 02:50:03 11080192 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-11-13 02:47:32 -------- dc-h--w- c:\windows\ie8
2010-11-13 02:11:13 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-13 02:05:34 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-13 02:02:08 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-13 02:01:34 357248 ------w- c:\windows\system32\dllcache\srv.sys
2010-11-13 02:00:31 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-11-13 02:00:31 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-11-13 02:00:10 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-13 01:56:02 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-11-13 01:52:07 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-11-13 01:49:38 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-11-13 01:49:32 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-11-13 00:45:25 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-11-13 00:44:47 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-11-13 00:44:47 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-11-13 00:44:47 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-11-13 00:44:46 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-11-12 23:40:33 -------- d-sh--w- c:\documents and settings\administrator\UserData
2010-11-12 20:34:53 -------- d-sha-r- C:\cmdcons
2010-11-12 20:27:45 89088 ----a-w- c:\windows\MBR.exe
2010-11-12 20:27:45 256512 ----a-w- c:\windows\PEV.exe
2010-11-12 20:27:45 161792 ----a-w- c:\windows\SWREG.exe
2010-11-12 20:27:44 98816 ----a-w- c:\windows\sed.exe
2010-11-04 01:57:44 -------- d-----w- c:\docume~1\admini~1\applic~1\MSNInstaller

==================== Find3M ====================

2010-09-18 20:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

============= FINISH: 13:24:03.24 ===============

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-16 15:49:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e IC25N020ATMR04-0 rev.MO1OAD0A
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwriipow.sys


---- System - GMER 1.0.15 ----

SSDT E1B7CF90 ZwConnectPort
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEDDF96C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xEDDF9770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEDDF9810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEDDF98B0]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[460] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[2232] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\internet explorer\iexplore.exe[2628] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2628] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2628] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2628] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2628] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2628] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2628] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2628] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2628] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2628] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 01A53E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe[2640] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01523E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2756] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[2888] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00CC3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[2904] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00CB3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text ...
.text C:\Program Files\internet explorer\iexplore.exe[3012] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3012] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[3044] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01543E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[3064] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[3140] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01093E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\WINDOWS\system32\taskmgr.exe[3148] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text ...
.text C:\Program Files\internet explorer\iexplore.exe[4156] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4156] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\AVG\AVG10\avgui.exe[4392] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Documents and Settings\Administrator\Desktop\gmer\gmer.exe[4404] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

ComboFix 10-11-13.01 - Administrator 11/14/2010 9:09.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.437 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-13 17:29 . 2010-11-13 17:29 -------- d-----w- c:\windows\LastGood
2010-11-13 06:12 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-13 06:12 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-11-13 06:12 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-13 06:12 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-13 05:22 . 2010-11-13 05:22 -------- d-----w- c:\windows\system32\scripting
2010-11-13 05:22 . 2010-11-13 05:22 -------- d-----w- c:\windows\l2schemas
2010-11-13 05:22 . 2010-11-13 05:22 -------- d-----w- c:\windows\system32\en
2010-11-13 04:40 . 2010-11-13 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-11-13 04:23 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2010-11-13 04:23 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2010-11-13 04:23 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2010-11-13 04:23 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2010-11-13 04:21 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2010-11-13 04:20 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2010-11-13 04:20 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2010-11-13 04:20 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2010-11-13 04:20 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2010-11-13 04:20 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2010-11-13 04:20 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2010-11-13 04:20 . 2008-04-14 00:12 10752 ------w- c:\windows\system32\smtpapi.dll
2010-11-13 04:20 . 2008-04-14 00:12 9728 ------w- c:\windows\system32\rwnh.dll
2010-11-13 04:20 . 2008-04-13 16:36 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2010-11-13 03:49 . 2010-11-13 03:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-11-13 03:38 . 2010-11-13 03:41 -------- d-----w- C:\ddac2c132944a050d9895e8d20a1
2010-11-13 03:30 . 2010-11-13 03:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-11-13 02:50 . 2010-09-10 05:58 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-11-13 02:50 . 2010-09-10 05:58 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-13 02:50 . 2010-09-10 05:58 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-13 02:50 . 2010-09-10 05:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-11-13 02:50 . 2010-09-10 05:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-13 02:50 . 2010-09-10 05:58 11080192 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-11-13 02:50 . 2010-09-10 05:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-13 02:47 . 2010-11-13 02:49 -------- dc-h--w- c:\windows\ie8
2010-11-13 02:11 . 2010-11-13 02:11 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-13 02:05 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-13 02:02 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-13 02:01 . 2010-08-26 13:39 357248 ------w- c:\windows\system32\dllcache\srv.sys
2010-11-13 02:00 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-11-13 02:00 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-11-13 02:00 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-13 01:56 . 2009-06-10 17:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-11-13 01:52 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-11-13 01:49 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-11-13 01:49 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-11-13 00:45 . 2009-08-07 03:23 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-11-13 00:44 . 2009-08-07 03:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-11-13 00:44 . 2009-08-07 03:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-11-13 00:44 . 2009-08-07 03:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-11-13 00:44 . 2009-08-07 03:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-11-12 23:40 . 2010-11-13 00:46 -------- d-sh--w- c:\documents and settings\Administrator\UserData
2010-11-04 01:58 . 2010-11-04 01:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSN6
2010-11-04 01:57 . 2010-11-04 01:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSNInstaller
2010-10-31 18:49 . 2010-10-31 18:56 -------- d-----w- c:\documents and settings\dave
2010-10-31 18:31 . 2010-10-31 18:49 -------- d-----w- c:\documents and settings\rachel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 20:23 . 2002-08-29 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-08-29 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-08-29 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-08-29 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-12-08 00:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2002-08-29 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2002-08-29 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2002-08-29 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2002-08-29 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2002-08-29 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2002-08-29 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2002-08-29 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2002-08-29 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2005-04-08 151552]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2006-04-07 98304]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-12 229952]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-7-21 49254]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 10:59 122880 -c--a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2004-06-10 04:31 66680 -c--a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DadApp]
2004-03-04 16:36 211828 -c--a-w- c:\program files\Dell\AccessDirect\DadApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 06:04 114741 -c--a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 15:27 28672 -c--a-w- c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 16:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 16:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 22:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 21:03 36975 -c--a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12 143360 ----a-w- c:\windows\SYSTEM32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2003-08-15 17:37 618496 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2003-08-15 17:38 110592 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 09:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2004-08-03 03:36 124232 -c--a-w- c:\progra~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\DKabcoms.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [8/2/2004 7:36 PM 173392]
S3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\SYSTEM32\DRIVERS\rtl8180.sys [7/27/2005 5:21 PM 184832]
.
Contents of the 'Scheduled Tasks' folder

2010-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 21:21]

2004-06-04 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com/
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: {B91DC06A-2B06-4D17-A745-C51CE443357D} = 208.45.228.3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 09:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3502550196-2692914067-1083918019-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,b0,3d,9e,5c,f5,51,40,a4,a1,a3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,b0,3d,9e,5c,f5,51,40,a4,a1,a3,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-11-14 09:25:37
ComboFix-quarantined-files.txt 2010-11-14 17:25
ComboFix2.txt 2010-11-13 00:37
ComboFix3.txt 2010-11-12 22:33
ComboFix4.txt 2010-11-12 21:36
ComboFix5.txt 2010-11-13 17:05

Pre-Run: 1,429,499,904 bytes free
Post-Run: 1,409,241,088 bytes free

- - End Of File - - 95AD5911CD51F05F4B1B9C0F2E28EEBB

Merged posts and removed my reply. ~ OB

Edited by Orange Blossom, 18 November 2010 - 09:14 PM.

BC AdBot (Login to Remove)

 

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 25 November 2010 - 06:01 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply



Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".


information and logs:

In your next post I need the following

1.logs from DDS
2.log from RKUnHooker
3.let me know of any problems you may have had
[/list]
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 28 November 2010 - 11:43 PM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 dscrub03

dscrub03
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:04:55 AM

Posted 29 November 2010 - 01:42 PM

Hi Gringo,
sorry for the delayed reply...holiday travels etc. I am reviewing your instructions now.
Thank you!!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 29 November 2010 - 02:36 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 02 December 2010 - 01:19 AM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 04 December 2010 - 11:22 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.

With Regards,
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·