Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A variant of Win32/Kryptik.YQ??


  • This topic is locked This topic is locked
9 replies to this topic

#1 Twinsdad29

Twinsdad29

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 09 December 2010 - 02:33 AM

Thank you for your prompt reply and help!
:busy: Started off infected with antivirus 2010, ran Malwarebytes and ended up with blue screen after windows logon. Tried SUPERantispyware, Spybot, AdAware, and others but keep getting "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." I uninstalled Java and Adobe and ran ESETs online scanner which found and removed 8 of 9 trojans and left this "C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll probably a variant of Win32/Kryptik.YQ trojan (unable to clean) 00000000000000000000000000000000 I"
Was able to run DDS and am pasting the DDS.txt file and attaching the attach.txt file.
When I ran GMER it scanned right away. I cleared the IAT/EAT check box and tried to scan again but it closed.
Thank you again for your help! :thumbsup:

DDS (Ver_10-12-05.01) - NTFSx86
Run by Burtt at 0:47:28.96 on Thu 12/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2451 [GMT -6:00]

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Burtt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: {70f31233-a15e-33de-a0ec-0751fc22025f} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Visolve: {01c692bf-ff95-4583-91b6-23f8568749b7} - c:\program files\visolve\controlbar.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {C3CD744D-2FAE-4640-8297-16B5DA423104} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [NVIDIA nTune] c:\program files\nvidia corporation\ntune\nTuneCmd.exe resetprofile
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\documents and settings\burtt\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\burtt\startm~1\programs\startup\roller~1.lnk - c:\documents and settings\burtt\local settings\temp\{c0e05ffe-7f93-4877-8990-4894b0be3b89}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261017290437
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261017282749
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://pondcam.hutchcc.edu/activex/AxisCamControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\burtt\applic~1\mozilla\firefox\profiles\zhrldkb3.default\
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\burtt\applic~1\mozilla\firefox\profiles\zhrldkb3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-2-26 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-30 52872]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-12-7 32008]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-30 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-30 243024]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-12-7 76696]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-17 54760]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-1-10 10448]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-12-7 26096]
R3 vbmaa112;Virtual Bus for Microsoft ACPI-Compliant System;c:\windows\system32\drivers\vbmaa112.sys [2004-8-11 28544]
S0 hllnfd;hllnfd;c:\windows\system32\drivers\mswdjze.sys --> c:\windows\system32\drivers\mswdjze.sys [?]
S0 mwwgycs;mwwgycs;c:\windows\system32\drivers\mwwgycs.sys [2010-10-25 0]
S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-12-7 6416120]
S2 gupdate1ca0579690c2d4;Google Update Service (gupdate1ca0579690c2d4);c:\program files\google\update\GoogleUpdate.exe [2009-7-15 133104]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\tmpfw.exe --> c:\progra~1\trendm~1\intern~1\TmPfw.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-2-26 121352]
S3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-2-26 30216]
S3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-2-26 27232]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-12-8 16968]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\32.tmp --> c:\windows\system32\32.tmp [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\tm_cfw.sys --> c:\windows\system32\drivers\TM_CFW.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\xdva344.sys --> c:\windows\system32\XDva344.sys [?]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2010-6-22 921440]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2010-6-22 308136]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
S4 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-2-26 563720]

=============== Created Last 30 ================

2010-12-09 03:31:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-09 03:31:42 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-09 03:30:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-12-09 02:59:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner
2010-12-09 02:59:44 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-12-09 02:31:45 -------- d-----w- C:\eb9bb33335aa5c863d996a69
2010-12-08 02:59:09 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-08 01:01:01 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-12-08 01:01:01 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-12-08 01:01:01 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-12-08 01:01:01 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-12-08 01:01:01 -------- d-----w- c:\program files\Prevx
2010-12-08 01:00:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-12-07 23:39:46 53248 ----a-w- c:\windows\system32\CommonDL.dll
2010-12-07 23:39:46 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-12-07 23:39:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\LGMOBILEAX
2010-12-07 23:23:50 -------- d-----w- c:\docume~1\burtt\locals~1\applic~1\Mozilla
2010-12-06 06:36:36 2321288 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-12-06 06:36:34 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{edc51bba-72eb-45a5-bde5-159946f2090f}\mpengine.dll
2010-12-06 06:36:34 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-06 05:56:49 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-06 05:56:49 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-06 05:55:53 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-12-06 04:48:50 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-06 04:48:50 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-06 04:48:50 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-06 04:48:50 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-06 04:48:49 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-06 04:48:49 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-12-06 04:48:48 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-12-06 04:12:29 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-12-06 04:12:29 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-12-06 04:12:15 81920 ------w- c:\windows\system32\ieencode.dll
2010-12-06 04:12:14 144384 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2010-12-06 04:12:13 19569 ----a-w- c:\windows\006945_.tmp
2010-12-06 04:01:23 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-12-06 04:01:06 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-12-06 04:00:14 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-12-06 04:00:07 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-12-06 03:52:51 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-12-06 03:51:15 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-12-06 03:50:58 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-12-06 02:20:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-06 01:26:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-12-06 01:02:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 01:01:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 01:01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 22:58:01 -------- d-----w- c:\program files\ESET
2010-12-05 20:58:39 -------- d-----w- c:\program files\Sophos
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2010-12-01 23:10:06 3636 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-12-01 22:49:38 197120 ----a-w- c:\windows\system32\drivers\fdco1ins.dll
2010-12-01 22:49:22 197120 ----a-w- c:\windows\system32\drivers\fdco1.dll
2010-12-01 18:07:46 -------- d-----w- c:\program files\Linksys EasyLink Advisor
2010-12-01 05:52:59 7168 -c--a-w- c:\windows\system32\dllcache\isapips.dll
2010-12-01 05:51:54 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-12-01 05:51:54 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-12-01 05:51:54 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-12-01 05:51:54 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-12-01 05:51:54 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-12-01 05:51:53 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-12-01 05:49:57 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-12-01 05:49:57 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2010-12-01 04:53:34 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-01 04:53:34 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-01 04:53:34 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-01 04:53:34 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-01 04:53:30 22339 ----a-r- c:\windows\SETD0.tmp
2010-12-01 04:53:30 10559 ----a-r- c:\windows\SETD1.tmp
2010-12-01 04:53:26 13753 ----a-r- c:\windows\SET8C.tmp
2010-12-01 04:53:24 1086058 ----a-r- c:\windows\SET7C.tmp
2010-12-01 04:53:23 1042903 ----a-r- c:\windows\SET66.tmp
2010-12-01 04:10:04 22339 ----a-r- c:\windows\SETC7.tmp
2010-12-01 04:10:04 10559 ----a-r- c:\windows\SETC8.tmp
2010-12-01 04:10:01 13753 ----a-r- c:\windows\SET87.tmp
2010-12-01 04:09:59 1086058 ----a-r- c:\windows\SET6A.tmp
2010-12-01 04:09:58 1042903 ----a-r- c:\windows\SET65.tmp
2010-12-01 03:59:13 -------- d-----w- c:\windows\NV9321992.TMP
2010-12-01 03:17:28 10559 ----a-r- c:\windows\SET124.tmp
2010-12-01 03:17:27 22339 ----a-r- c:\windows\SET123.tmp
2010-12-01 03:17:18 13753 ----a-r- c:\windows\SETE8.tmp
2010-12-01 03:17:16 1086058 ----a-r- c:\windows\SETDC.tmp
2010-12-01 03:17:14 1042903 ----a-r- c:\windows\SETD9.tmp
2010-11-30 03:24:26 -------- d-----w- c:\docume~1\burtt\locals~1\applic~1\Threat Expert
2010-11-20 02:46:02 -------- dc-h--w- c:\windows\ie8
2010-11-20 01:47:05 9728 ----a-w- c:\windows\system32\rwnh.dll
2010-11-20 01:47:05 10752 ----a-w- c:\windows\system32\smtpapi.dll
2010-11-20 01:47:01 19569 ----a-w- c:\windows\003485_.tmp
2010-11-12 05:36:45 -------- d-----w- C:\AVERT
2010-11-12 05:36:03 -------- d-----w- c:\docume~1\burtt\locals~1\applic~1\AVERT
2010-11-12 03:57:58 10559 ----a-r- c:\windows\SETCF.tmp
2010-11-12 03:57:57 22339 ----a-r- c:\windows\SETCE.tmp
2010-11-12 03:57:51 13753 ----a-r- c:\windows\SET8B.tmp
2010-11-12 03:57:49 1086058 ----a-r- c:\windows\SET7B.tmp
2010-11-12 03:57:48 1042903 ----a-r- c:\windows\SET68.tmp
2010-11-12 02:35:17 22339 ----a-r- c:\windows\SETCC.tmp
2010-11-12 02:35:17 10559 ----a-r- c:\windows\SETCD.tmp
2010-11-12 02:35:08 13753 ----a-r- c:\windows\SET8A.tmp
2010-11-12 02:35:06 1086058 ----a-r- c:\windows\SET7A.tmp
2010-11-12 02:35:05 1042903 ----a-r- c:\windows\SET77.tmp
2010-11-11 23:19:52 -------- d-----w- c:\docume~1\burtt\applic~1\SUPERAntiSpyware.com
2010-11-11 23:06:55 3514 ----a-w- c:\windows\system32\tmp.reg
2010-11-11 22:40:21 -------- d-----w- c:\windows\9EFA732347A048E28F7735DB5EED500A.TMP
2010-11-11 21:26:45 -------- d-----w- C:\318ae0813a5c52090a13
2010-11-11 21:16:37 2804224 ----a-w- c:\windows\system32\msi.old
2010-11-11 20:46:12 -------- d-----w- c:\documents and settings\all users\Uniblue
2010-11-11 19:46:42 -------- d-----w- c:\windows\ERUNT
2010-11-11 19:45:28 -------- d-----w- C:\SDFix
2010-11-11 19:11:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-11-11 18:10:01 -------- d-----w- c:\docume~1\burtt\applic~1\Uniblue
2010-11-11 18:09:52 -------- d-----w- c:\docume~1\burtt\locals~1\applic~1\PackageAware
2010-11-11 17:37:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-11-11 17:37:05 -------- d-----w- c:\program files\common files\iS3
2010-11-11 17:37:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-11-11 17:29:13 53248 ----a-r- c:\docume~1\burtt\applic~1\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2010-11-11 17:28:47 -------- d-----w- c:\docume~1\burtt\locals~1\applic~1\Logishrd
2010-11-11 17:28:38 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-10 22:37:41 -------- d-----w- c:\docume~1\burtt\applic~1\Logishrd
2010-11-10 21:56:18 10559 ----a-r- c:\windows\SETC4.tmp
2010-11-10 21:56:17 22339 ----a-r- c:\windows\SETC3.tmp
2010-11-10 21:56:11 13753 ----a-r- c:\windows\SET86.tmp
2010-11-10 21:56:09 1086058 ----a-r- c:\windows\SET79.tmp
2010-11-10 21:56:08 1042903 ----a-r- c:\windows\SET75.tmp
2010-11-10 21:06:55 10559 ----a-r- c:\windows\SETBF.tmp
2010-11-10 21:06:54 22339 ----a-r- c:\windows\SETBE.tmp
2010-11-10 21:06:48 13753 ----a-r- c:\windows\SET82.tmp
2010-11-10 21:06:46 1086058 ----a-r- c:\windows\SET74.tmp
2010-11-10 21:06:45 1042903 ----a-r- c:\windows\SET71.tmp
2010-11-10 06:03:10 -------- d-----w- C:\92e628886c9116a1151f06
2010-11-10 05:15:56 22339 ----a-r- c:\windows\SETBC.tmp
2010-11-10 05:15:56 10559 ----a-r- c:\windows\SETBD.tmp
2010-11-10 05:15:50 13753 ----a-r- c:\windows\SET81.tmp
2010-11-10 05:15:48 1086058 ----a-r- c:\windows\SET73.tmp
2010-11-10 05:15:47 1042903 ----a-r- c:\windows\SET70.tmp
2010-11-09 20:59:51 10559 ----a-r- c:\windows\SETB9.tmp
2010-11-09 20:59:50 22339 ----a-r- c:\windows\SETB8.tmp
2010-11-09 20:59:44 13753 ----a-r- c:\windows\SET7D.tmp
2010-11-09 20:59:42 1086058 ----a-r- c:\windows\SET6F.tmp
2010-11-09 20:59:40 1042903 ----a-r- c:\windows\SET6B.tmp

==================== Find3M ====================

2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2008-09-15 03:43:59 0 ----a-w- c:\program files\Perfect_World_International.exe
2008-04-18 17:56:25 753 ----a-w- c:\program files\setup.bat

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_ rev.GM4O -> Harddisk0\DR0 -> \Device\Scsi\nvgts1Port3Path0Target0Lun0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xAED85119]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; PUSH EBX; PUSH ESI; PUSH EDI; CMP EAX, [0xaed88858]; JNZ 0x1f; MOV EBX, [EBP+0xc]; CALL 0xfffffffffffffd3b; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AD9D9C0]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8ABD3A90]
\Driver\Disk[0x8AB96CA8] -> IRP_MJ_CREATE -> 0xAED85119
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
user & kernel MBR OK

============= FINISH: 0:47:43.23 ===============



Just a Dreamer!!!!




BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:52 PM

Posted 16 December 2010 - 03:18 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Regards,
Georgi :hello:

cXfZ4wS.png


#3 Twinsdad29

Twinsdad29
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 16 December 2010 - 08:15 PM

GMER.exe scans when i open it, but when i uncheck IAT/EAT and hit scan, it flashes then closes right away.
Here is a new DDS.txt and i have attached a new attach.zip. Thanks!





DDS (Ver_10-12-12.02) - NTFSx86
Run by Burtt at 17:47:16.73 on Thu 12/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2667 [GMT -6:00]

AV: AVG Internet Security *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC-cillin Internet Security - Firewall *Disabled*

============== Running Processes ===============

"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Burtt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: {70f31233-a15e-33de-a0ec-0751fc22025f} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Visolve: {01c692bf-ff95-4583-91b6-23f8568749b7} - c:\program files\visolve\controlbar.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {C3CD744D-2FAE-4640-8297-16B5DA423104} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [NVIDIA nTune] c:\program files\nvidia corporation\ntune\nTuneCmd.exe resetprofile
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\documents and settings\burtt\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\burtt\startm~1\programs\startup\roller~1.lnk - c:\documents and settings\burtt\local settings\temp\{c0e05ffe-7f93-4877-8990-4894b0be3b89}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261017290437
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261017282749
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://pondcam.hutchcc.edu/activex/AxisCamControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\burtt\applic~1\mozilla\firefox\profiles\zhrldkb3.default\
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-2-26 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-30 52872]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-12-7 32008]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-30 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-30 243024]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-12-7 76696]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-17 54760]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-1-10 10448]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-12-7 26096]
R3 vbmaa112;Virtual Bus for Microsoft ACPI-Compliant System;c:\windows\system32\drivers\vbmaa112.sys [2004-8-11 28544]
S0 hllnfd;hllnfd;c:\windows\system32\drivers\mswdjze.sys --> c:\windows\system32\drivers\mswdjze.sys [?]
S0 mwwgycs;mwwgycs;c:\windows\system32\drivers\mwwgycs.sys [2010-10-25 0]
S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-12-7 6416120]
S2 gupdate1ca0579690c2d4;Google Update Service (gupdate1ca0579690c2d4);c:\program files\google\update\GoogleUpdate.exe [2009-7-15 133104]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\tmpfw.exe --> c:\progra~1\trendm~1\intern~1\TmPfw.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-2-26 121352]
S3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-2-26 30216]
S3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-2-26 27232]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-12-8 16968]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\32.tmp --> c:\windows\system32\32.tmp [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\tm_cfw.sys --> c:\windows\system32\drivers\TM_CFW.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\xdva344.sys --> c:\windows\system32\XDva344.sys [?]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2010-6-22 921440]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2010-6-22 308136]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
S4 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-2-26 563720]

=============== Created Last 30 ================

2010-12-09 03:31:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-09 03:31:42 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-09 03:30:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-12-09 02:59:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner
2010-12-09 02:59:44 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-12-09 02:31:45 -------- d-----w- C:\eb9bb33335aa5c863d996a69
2010-12-08 02:59:09 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-08 01:01:01 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-12-08 01:01:01 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-12-08 01:01:01 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-12-08 01:01:01 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-12-08 01:01:01 -------- d-----w- c:\program files\Prevx
2010-12-08 01:00:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-12-07 23:39:46 53248 ----a-w- c:\windows\system32\CommonDL.dll
2010-12-07 23:39:46 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-12-07 23:39:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\LGMOBILEAX
2010-12-07 23:23:50 -------- d-----w- c:\docume~1\burtt\locals~1\applic~1\Mozilla
2010-12-06 06:36:36 2321288 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-12-06 06:36:34 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{edc51bba-72eb-45a5-bde5-159946f2090f}\mpengine.dll
2010-12-06 06:36:34 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-06 05:56:49 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-06 05:56:49 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-06 05:55:53 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-12-06 04:48:50 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-06 04:48:50 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-06 04:48:50 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-06 04:48:50 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-06 04:48:49 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-06 04:48:49 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-12-06 04:48:48 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-12-06 04:12:29 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-12-06 04:12:29 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-12-06 04:12:15 81920 ------w- c:\windows\system32\ieencode.dll
2010-12-06 04:12:14 144384 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2010-12-06 04:12:13 19569 ----a-w- c:\windows\006945_.tmp
2010-12-06 04:01:23 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-12-06 04:01:06 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-12-06 04:00:14 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-12-06 04:00:07 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-12-06 03:52:51 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-12-06 03:51:15 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-12-06 03:50:58 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-12-06 02:20:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-06 01:26:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-12-06 01:02:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 01:01:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 01:01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 22:58:01 -------- d-----w- c:\program files\ESET
2010-12-05 20:58:39 -------- d-----w- c:\program files\Sophos
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-05 20:44:27 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2010-12-01 23:10:06 3636 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-12-01 22:49:38 197120 ----a-w- c:\windows\system32\drivers\fdco1ins.dll
2010-12-01 22:49:22 197120 ----a-w- c:\windows\system32\drivers\fdco1.dll
2010-12-01 18:07:46 -------- d-----w- c:\program files\Linksys EasyLink Advisor
2010-12-01 05:52:59 7168 -c--a-w- c:\windows\system32\dllcache\isapips.dll
2010-12-01 05:51:54 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-12-01 05:51:54 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-12-01 05:51:54 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-12-01 05:51:54 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-12-01 05:51:54 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-12-01 05:51:53 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-12-01 05:49:57 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-12-01 05:49:57 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2010-12-01 04:53:34 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-01 04:53:34 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-01 04:53:34 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-01 04:53:34 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-01 04:53:30 22339 ----a-r- c:\windows\SETD0.tmp
2010-12-01 04:53:30 10559 ----a-r- c:\windows\SETD1.tmp
2010-12-01 04:53:26 13753 ----a-r- c:\windows\SET8C.tmp
2010-12-01 04:53:24 1086058 ----a-r- c:\windows\SET7C.tmp
2010-12-01 04:53:23 1042903 ----a-r- c:\windows\SET66.tmp
2010-12-01 04:10:04 22339 ----a-r- c:\windows\SETC7.tmp
2010-12-01 04:10:04 10559 ----a-r- c:\windows\SETC8.tmp
2010-12-01 04:10:01 13753 ----a-r- c:\windows\SET87.tmp
2010-12-01 04:09:59 1086058 ----a-r- c:\windows\SET6A.tmp
2010-12-01 04:09:58 1042903 ----a-r- c:\windows\SET65.tmp
2010-12-01 03:59:13 -------- d-----w- c:\windows\NV9321992.TMP
2010-12-01 03:17:28 10559 ----a-r- c:\windows\SET124.tmp
2010-12-01 03:17:27 22339 ----a-r- c:\windows\SET123.tmp
2010-12-01 03:17:18 13753 ----a-r- c:\windows\SETE8.tmp
2010-12-01 03:17:16 1086058 ----a-r- c:\windows\SETDC.tmp
2010-12-01 03:17:14 1042903 ----a-r- c:\windows\SETD9.tmp
2010-11-30 03:24:26 -------- d-----w- c:\docume~1\burtt\locals~1\applic~1\Threat Expert
2010-11-20 02:46:02 -------- dc-h--w- c:\windows\ie8
2010-11-20 01:47:05 9728 ----a-w- c:\windows\system32\rwnh.dll
2010-11-20 01:47:05 10752 ----a-w- c:\windows\system32\smtpapi.dll
2010-11-20 01:47:01 19569 ----a-w- c:\windows\003485_.tmp

==================== Find3M ====================

2010-11-25 07:10:58 3514 ----a-w- c:\windows\system32\tmp.reg
2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2008-09-15 03:43:59 0 ----a-w- c:\program files\Perfect_World_International.exe
2008-04-18 17:56:25 753 ----a-w- c:\program files\setup.bat

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_ rev.GM4O -> Harddisk0\DR0 -> \Device\Scsi\nvgts1Port3Path0Target0Lun0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xBA25D119]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; PUSH EBX; PUSH ESI; PUSH EDI; CMP EAX, [0xba260858]; JNZ 0x1f; MOV EBX, [EBP+0xc]; CALL 0xfffffffffffffd3b; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AD43848]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8ABC5D70]
\Driver\Disk[0x8AB8D880] -> IRP_MJ_CREATE -> 0xBA25D119
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
user & kernel MBR OK

============= FINISH: 17:47:25.32 ===============

Attached Files





Just a Dreamer!!!!




#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:52 PM

Posted 17 December 2010 - 02:04 PM

Hi Twinsdad29 and :welcome:

I will be handling your log to help you get cleaned up.
Please give me some time to look it over and I will get back to you as soon as possible.


Regards,
Georgi

cXfZ4wS.png


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:52 PM

Posted 17 December 2010 - 07:15 PM

Hello Twinsdad29 ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



IMPORTANT NOTE: One or more of the identified infections is related to the rootkit Agent component. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:



STEP 1



You have a new nasty variant of Rootkit Agent onboard.

Please open the Device Manager.

Click Start => Run type in the following text and click OK:

devmgmt.msc

The Device Manager window should now be open. In the menu at the top, click the View tab and click 'Show hidden devices'

Scroll down to System Devices. Click the + sign to expand, and look for a device with [cmz vmkd] in the name. If it is there, right click the device and select 'disable'


Please reboot the computer.


IMPORTANT NOTE:

If you do not see it listed there, can you take a screen shot of the expanded System Devices and post it for me?

Click here for more information about how to create it.



STEP 2



Please download ComboFix from the link below:


Link

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Doubleclick combofix.exe to launch the application and follow the prompts that will be displayed on the screen.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.



Regards,
Georgi :hello:

cXfZ4wS.png


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:52 PM

Posted 20 December 2010 - 04:12 PM

Hi Twinsdad29,


Are still with me ? Do you still need assistance ?
Please respond to my questions within 48 hours otherwise the topic will be closed.


Regards,
Georgi

cXfZ4wS.png


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:52 PM

Posted 22 December 2010 - 07:02 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:52 PM

Posted 06 March 2011 - 10:37 AM

This topic has been re-opened at the request of the person who originally posted.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:52 PM

Posted 10 March 2011 - 07:09 AM

Hi Twinsdad29,


Are you still with me ?
Please reply back or the topic will be closed within 48 hours.
Thanks !



Regards,
Georgi

cXfZ4wS.png


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:52 PM

Posted 13 March 2011 - 09:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users