Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed]Nt/auth 1 Minute Shutdown


  • This topic is locked This topic is locked
13 replies to this topic

#1 Nameroc

Nameroc

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 31 July 2007 - 03:22 PM

It is as the topic says, when I turn my laptop on, I get a services.exe error which then proceeds to display the infamous NT/Auth services.exe did something illegal and we will shut the computer down in 60 seconds. Prior to that, my internet connection used to go away randomly, after some time using the computer. No browser would load any page, but programs already connected to the internet would remain connected (such as IM programs). I've tried running ad-aware but doing that gives me a blue screen of that somewhere during the scan, spybot finds nothing and I'm clueless now. Here's the HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 00:20:04, on 01.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\aspimgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingby32 - C:\WINDOWS\SYSTEM32\wingby32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: WinUltra - Unknown owner - C:\WINDOWS\system32\winultra.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

Thank you for any and all help,
Nameroc

    Advertisements

Register to Remove


#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 01 August 2007 - 02:42 PM

Hi! Welcome to the Tom Coyote forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#3 Nameroc

Nameroc

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 01 August 2007 - 03:19 PM

Hello Scotty,

The problem was very urgent as I had work to do, so I fixed the symptoms by running combofix, sdfix, SpyBot, Ewido online scanner and AntiVir Guard virus scan in succession and all *seems* to be clear for now. I will post a new HijackThis log along with the uninstall log you asked for. The major problem seemed to be a rootkit with a filename like x---.sys, whose last three letters I can't seem to remember.

Here are the logs,
Logfile of HijackThis v1.99.1
Scan saved at 00:13:36, on 02.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vbexpress.exe
D:\Belgelerim\Belgelerim\Visual Studio 2005\Projects\ArizaInterface2\ArizaInterface2\bin\Debug\Arıza Takip.vshost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - [url="http://downloads.ewido.net/ewidoOnlineScan.cab"]http://downloads.ewido.net/ewidoOnlineScan.cab[/url]
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - [url="http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab"]http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[/url]
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - [url="http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab"]http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url="http://acs.pandasoftware.com/activescan/as5free/asinst.cab"]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingby32 - wingby32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: WinUltra - Unknown owner - C:\WINDOWS\system32\winultra.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

Uninstall log:

Thanks for the support,

Nameroc

Edited by Nameroc, 01 August 2007 - 03:20 PM.


#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 02 August 2007 - 02:59 AM

Hello Nameroc Do you want to post the Combofix and SDFix logs for me to look over?
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#5 Nameroc

Nameroc

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 02 August 2007 - 06:23 AM

Here is the combofix logs, but I can't find where SDFix might've placed a log. Where may I find it?

ComboFix 07-07-31 - "G”rkem" 2007-08-01  1:43:41.1 [GMT 3:00] - NTFS 
Microsoft Windows XP Professional  5.1.2600.2.1254.1.1033.18.True


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\g32.txt
C:\WINDOWS\s32.txt
C:\WINDOWS\system32_exception.nls
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\wr.txt
C:\WINDOWS\ws386.ini


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\runtime


(((((((((((((((((((((((((   Files Created from 2007-06-28 to 2007-07-31  )))))))))))))))))))))))))))))))


2007-07-31 23:52	<DIR>	d--------	C:\WINDOWS\pss
2007-07-31 22:14	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-07-31 22:13	<DIR>	d--------	C:\Program Files\CCleaner
2007-07-31 19:41	<DIR>	d--------	C:\WINDOWS\system32\ActiveScan
2007-07-31 15:42	<DIR>	d--------	C:\Program Files\Lavasoft
2007-07-31 15:42	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-31 15:41	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2007-07-31 13:49	<DIR>	d--------	C:\DOCUME~1\GRKEM~1\.housecall6.6
2007-07-31 10:20	65,536	--a------	C:\WINDOWS\system32\aspimgr.exe
2007-07-31 10:20	20,992	--a------	C:\etmij.exe
2007-07-31 10:20	19,968	---------	C:\WINDOWS\system32\wingby32.dll
2007-07-31 10:20	1,536	--a------	C:\cfcmuhc.exe
2007-07-26 11:33	<DIR>	d--------	C:\DOCUME~1\GRKEM~1\APPLIC~1\Inkscape
2007-07-23 16:09	98,304	--a------	C:\WINDOWS\system32\msir3jp.dll
2007-07-23 16:09	838,144	--a------	C:\WINDOWS\system32\chtbrkr.dll
2007-07-23 16:09	70,656	--a------	C:\WINDOWS\system32\korwbrkr.dll
2007-07-23 16:09	1,677,824	--a------	C:\WINDOWS\system32\chsbrkr.dll
2007-07-23 16:08	6,144	--a------	C:\WINDOWS\system32\kbd101a.dll
2007-07-23 16:08	218,112	--a------	C:\WINDOWS\system32\c_g18030.dll
2007-07-23 16:07	9,216	--a------	C:\WINDOWS\system32\kbdnecAT.dll
2007-07-23 16:07	76,288	--a------	C:\WINDOWS\system32\uniime.dll
2007-07-23 16:07	7,680	--a------	C:\WINDOWS\system32\kbdnecNT.dll
2007-07-23 16:07	7,168	--a------	C:\WINDOWS\system32\kbdnec95.dll
2007-07-23 16:07	7,168	--a------	C:\WINDOWS\system32\kbdibm02.dll
2007-07-23 16:07	7,168	--a------	C:\WINDOWS\system32\f3ahvoas.dll
2007-07-23 16:07	6,656	--a------	C:\WINDOWS\system32\kbdlk41a.dll
2007-07-23 16:07	6,656	--a------	C:\WINDOWS\system32\c_is2022.dll
2007-07-23 16:07	6,144	--a------	C:\WINDOWS\system32\kbdlk41j.dll
2007-07-23 16:07	6,144	--a------	C:\WINDOWS\system32\kbdax2.dll
2007-07-23 16:07	6,144	--a------	C:\WINDOWS\system32\kbd106n.dll
2007-07-23 16:07	6,144	--a------	C:\WINDOWS\system32\kbd101.dll
2007-07-23 16:06	811,064	--a------	C:\WINDOWS\system32\imjp81k.dll
2007-07-20 13:34	<DIR>	d--------	C:\Program Files\OverDrive ReaderWorks
2007-07-20 13:34	<DIR>	d--------	C:\Program Files\Common Files\OverDrive Shared
2007-07-20 13:30	<DIR>	d--------	C:\Content SDK
2007-07-16 13:19	<DIR>	d--------	C:\Program Files\Safari
2007-07-16 13:18	<DIR>	d--------	C:\Program Files\Apple Software Update
2007-07-16 13:18	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-09 13:41	<DIR>	d--------	C:\DOCUME~1\GRKEM~1\APPLIC~1\Key Metric Software
2007-07-09 13:25	<DIR>	d--------	C:\Program Files\Key Metric Software
2007-07-09 13:24	<DIR>	d--h-----	C:\DOCUME~1\ALLUSE~1\APPLIC~1\{AEA07565-5558-47B3-9A0A-18C6162C9C4C}
2007-07-05 13:14	19,328	--a------	C:\WINDOWS\system32\NotSleep.dll
2007-07-05 13:13	<DIR>	d--------	C:\Program Files\NoTrax
2007-07-03 14:50	<DIR>	d--------	C:\Program Files\VDMSound
2007-06-29 14:26	<DIR>	d--------	C:\DOCUME~1\GRKEM~1\.thinkfree
2007-06-29 14:26	<DIR>	d--------	C:\DOCUME~1\GRKEM~1\.tfo3
2007-06-21 13:47	68,432	--ah-----	C:\WINDOWS\system32\mlfcache.dat
2007-06-19 14:01	22,016	--a------	C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2007-06-19 00:02	<DIR>	d--------	C:\DOCUME~1\GRKEM~1\APPLIC~1\Autodesk
2007-06-19 00:00	<DIR>	d--------	C:\Program Files\Common Files\Autodesk Shared
2007-06-19 00:00	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-06-18 23:57	<DIR>	d--------	C:\install
2007-06-15 09:51	<DIR>	d--------	C:\Program Files\Real Alternative
2007-06-15 09:51	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-06-15 09:46	740,442	--a------	C:\WINDOWS\system32\divx.dll
2007-06-15 09:46	73,728	--a------	C:\WINDOWS\system32\dpl100.dll
2007-06-15 09:46	630,784	--a------	C:\WINDOWS\system32\vp7vfw.dll
2007-06-15 09:46	593,920	--a------	C:\WINDOWS\system32\xvidcore.dll
2007-06-15 09:46	564,224	--a------	C:\WINDOWS\system32\x264vfw.dll
2007-06-15 09:46	438,272	--a------	C:\WINDOWS\system32\vp6vfw.dll
2007-06-15 09:46	39,936	--a------	C:\WINDOWS\system32\huffyuv.dll
2007-06-15 09:46	3,596,288	--a------	C:\WINDOWS\system32\qt-dx331.dll
2007-06-15 09:46	217,088	--a------	C:\WINDOWS\system32\yv12vfw.dll
2007-06-15 09:46	217,088	--a------	C:\WINDOWS\system32\i420vfw.dll
2007-06-15 09:46	180,224	--a------	C:\WINDOWS\system32\xvidvfw.dll
2007-06-15 09:46	144,384	--a------	C:\WINDOWS\system32\Iacenc.dll
2007-06-15 09:46	10,752	--a------	C:\WINDOWS\system32\ff_vfw.dll
2007-06-14 11:53	<DIR>	d--------	C:\DOCUME~1\GRKEM~1\IGC
2007-06-13 09:46	<DIR>	d--------	C:\Program Files\mIRC
2007-06-11 09:23	40,960	--a------	C:\WINDOWS\system32\VPN.dll
2007-06-11 09:23	<DIR>	d--------	C:\Program Files\Linksys
2007-06-05 09:55	<DIR>	d--------	C:\Program Files\MSXML 4.0
2007-06-04 15:18	9,344	--a------	C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17	8,320	--a------	C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14	6,272	--a------	C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 13:39	<DIR>	d--------	C:\DOCUME~1\GRKEM~1\APPLIC~1\MapInfo
2007-06-04 13:38	<DIR>	d--------	C:\WINDOWS\Crystal
2007-06-04 13:38	<DIR>	d--------	C:\Program Files\Seagate Software
2007-06-04 13:38	<DIR>	d--------	C:\Program Files\MapInfo
2007-06-04 13:38	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\MapInfo


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 01:38	3904	--a------	C:\WINDOWS\system32\tmp.reg
2007-08-01 01:38	---------	d--------	C:\DOCUME~1\GRKEM~1\APPLIC~1\OpenOffice.org2
2007-07-31 20:46	---------	d--------	C:\Program Files\MegauploadToolbar
2007-07-31 20:41	---------	d--------	C:\Program Files\iTunes
2007-07-31 20:40	---------	d--------	C:\Program Files\FlashGet
2007-07-31 20:13	---------	d--------	C:\Program Files\Apoint
2007-07-31 11:03	---------	d--------	C:\Program Files\Ancient Sudoku
2007-07-31 10:40	---------	d--h-----	C:\Program Files\InstallShield Installation Information
2007-07-31 10:20	---------	d--------	C:\Program Files\Last.fm
2007-07-16 13:20	---------	d--------	C:\DOCUME~1\GRKEM~1\APPLIC~1\Apple Computer
2007-07-12 17:28	---------	d--------	C:\Program Files\Jewel Quest
2007-07-10 16:20	---------	d--------	C:\Program Files\Webteh
2007-06-27 11:08	---------	d--------	C:\DOCUME~1\GRKEM~1\APPLIC~1\TOBB_Ekonomi_ve_Teknoloji
2007-06-21 16:19	---------	d--------	C:\DOCUME~1\GRKEM~1\APPLIC~1\X-Chat 2
2007-06-17 00:11	51200	--a------	C:\WINDOWS\nircmd.exe
2007-06-15 09:46	---------	d--------	C:\Program Files\K-Lite Codec Pack
2007-06-13 16:22	---------	d--------	C:\DOCUME~1\GRKEM~1\APPLIC~1\MySQL
2007-06-12 14:44	---------	d--------	C:\Program Files\Mystery Case Files Huntsville
2007-06-11 11:21	---------	d--------	C:\Program Files\xchat
2007-05-28 08:53	---------	d--------	C:\Program Files\Microsoft Reader
2007-05-16 18:12	683520	--a------	C:\WINDOWS\system32\inetcomm.dll
2007-05-04 19:28	28672	--a------	C:\WINDOWS\system32\myodbc3i.exe
2007-05-04 19:28	2056192	--a------	C:\WINDOWS\system32\myodbc3S.dll
2007-05-04 19:28	1716224	--a------	C:\WINDOWS\system32\myodbc3.dll
2007-05-04 19:28	11776	--a------	C:\WINDOWS\system32\myodbc3m.exe


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 17:32]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-07 16:53]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-05-01 09:11]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 12:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 15:18]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-10-25 18:58]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 00:22]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]

C:\Documents and Settings\G”rkem\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 22:26:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] 
C:\WINDOWS\system32\LgNotify.dll 2004-01-12 06:55 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingby32] 
wingby32.dll 2007-07-31 10:20 19968 C:\WINDOWS\system32\wingby32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

R1 APPDRV;APPDRV;C:\WINDOWS\system32\DRIVERS\APPDRV.SYS
R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R2 aspimgr;Microsoft ASPI Manager;C:\WINDOWS\system32\aspimgr.exe
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 SQLBrowser;SQL Server Browser;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
S1 xpdx.REN;xpdx system driver;\??\C:\WINDOWS\system32\xpdx.sys
S2 WinUltra;WinUltra;C:\WINDOWS\system32\winultra.exe
S3 bvrp_pci;bvrp_pci;C:\WINDOWS\system32\drivers\bvrp_pci.sys
S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 NAL;Nal Service;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver;C:\WINDOWS\system32\DRIVERS\w70n51.sys
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\SETUP.EXE /AUTORUN
configure\command- E:\SETUP.EXE
install\command- E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d4c3ce5-cc9b-11db-8018-0011434ef4ae}]
AutoRun\command- ie.exe
explore\Command- ie.exe
open\Command- ie.exe


Contents of the 'Scheduled Tasks' folder
2007-07-23 08:18:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-01 01:54:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\iexplore]
"Type"=dword:00000003
"Count"=dword:000002ae

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-01  1:58:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-01 01:58

	--- E O F ---

And here are the files it found and quarantined.
2004-08-18 19:00	  39	--a------	C:\Qoobox\Quarantine\C\WINDOWS\ws386.ini.vir
2004-08-18 19:00	  81	--a------	C:\Qoobox\Quarantine\C\WINDOWS\s32.txt.vir
2007-07-31 10:20	  0	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32_exception.nls.vir
2007-07-31 10:21	  54156	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\xpdx.sys.vir
2007-07-31 16:01	  0	--a------	C:\Qoobox\Quarantine\C\WINDOWS\g32.txt.vir
2007-07-31 22:11	  133	--a------	C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-08-01 01:48	  40183	--a------	C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1162OinUninstaller.exe.vir
2007-08-01 01:49	  430	--a------	C:\Qoobox\Quarantine\Registry_backups\services_runtime.reg.cf
2007-08-01 01:50	  296	--a------	C:\Qoobox\Quarantine\catchme.log


Folder PATH listing
Volume serial number is 70B7-95DC
C:\QOOBOX
\---Quarantine
	|   catchme.log
	|   
	+---C
	|   +---Program Files
	|   |   \---Common Files
	|   |		   Yazzle1162OinUninstaller.exe.vir
	|   |		   
	|   \---WINDOWS
	|	   |   g32.txt.vir
	|	   |   s32.txt.vir
	|	   |   wr.txt.vir
	|	   |   ws386.ini.vir
	|	   |   
	|	   \---system32
	|			   0_exception.nls.vir
	|			   xpdx.sys.vir
	|			   
	\---Registry_backups
			services_runtime.reg.cf


Thanks again for the help.

#6 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 02 August 2007 - 07:33 AM

Hi Nameroc

The SDFix log will be in the SDFix folder, a text file called Report.txt. If you still have that, it would be handy for me to see.

FYI, there's no need to use the code boxes. It actually makes the logs harder to read for me. :blink:

And paste a new HijackThis log too.

Edited by Mac70, 02 August 2007 - 07:34 AM.

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#7 Nameroc

Nameroc

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 02 August 2007 - 07:50 AM

Hi Scotty,

Oh, okay then. I have the report.txt file, but it seemed awfully short and uninformative, I thought it must be something else. Here it is anyway.


SDFix: Version 1.94

Run by G”rkem on 01.08.2007 at 02:04

Microsoft Windows XP [Version 5.1.2600]

Running From: D:\BELGEL~1\Desktop\Sdfix\SDFix

Safe Mode:
Checking Services:

Name:
aspimgr

ImagePath:
C:\WINDOWS\system32\aspimgr.exe

aspimgr - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

And here's the new HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 16:46:59, on 02.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vbexpress.exe
C:\WINDOWS\system32\svchost.exe
D:\Belgelerim\Belgelerim\Visual Studio 2005\Projects\ArizaInterface2\ArizaInterface2\bin\Debug\Arıza Takip.vshost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingby32 - wingby32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: WinUltra - Unknown owner - C:\WINDOWS\system32\winultra.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

That is all. Thanks again.

#8 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 02 August 2007 - 08:15 AM

Hi

Open Notepad and Copy/Paste the text in the codebox below into it:

File::
C:\etmij.exe
C:\WINDOWS\system32\wingby32.dll
C:\cfcmuhc.exe
C:\WINDOWS\retadpu2000352.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingby32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d4c3ce5-cc9b-11db-8018-0011434ef4ae}]

Save this as "CFScript"

Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a new HijackThis log.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#9 Nameroc

Nameroc

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 02 August 2007 - 09:03 AM

Hello,

Here's the combofix log.
ComboFix 07-07-31 - "G”rkem" 2007-08-02 17:47:04.2 [GMT 3:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1033.18.True
Command switches used :: d:\belgelerim\Desktop\CFScript.txt


((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))


2007-08-01 02:31 <DIR> d-------- C:\DOCUME~1\GRKEM~1\APPLIC~1\OfficeUpdate12
2007-08-01 02:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-08-01 02:12 1,167 --a------ C:\DOCUME~1\GRKEM~1\clean.reg
2007-08-01 02:03 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-01 01:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 01:38 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-01 01:38 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-01 01:38 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-01 01:00 3,904 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-01 00:46 <DIR> dr-h----- C:\MSOCache
2007-07-31 23:52 <DIR> d-------- C:\WINDOWS\pss
2007-07-31 22:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-07-31 22:13 <DIR> d-------- C:\Program Files\CCleaner
2007-07-31 19:41 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-31 15:42 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-31 13:49 <DIR> d-------- C:\DOCUME~1\GRKEM~1\.housecall6.6
2007-07-26 11:33 <DIR> d-------- C:\DOCUME~1\GRKEM~1\APPLIC~1\Inkscape
2007-07-23 16:09 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-07-23 16:09 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-07-23 16:09 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-07-23 16:09 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-07-23 16:08 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-07-23 16:08 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-07-23 16:07 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-07-23 16:07 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2007-07-23 16:07 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-07-23 16:07 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-07-23 16:07 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-07-23 16:07 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-07-23 16:07 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-07-23 16:07 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-07-23 16:07 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-07-23 16:07 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-07-23 16:07 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-07-23 16:07 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-07-23 16:06 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-07-20 13:34 <DIR> d-------- C:\Program Files\OverDrive ReaderWorks
2007-07-20 13:34 <DIR> d-------- C:\Program Files\Common Files\OverDrive Shared
2007-07-20 13:30 <DIR> d-------- C:\Content SDK
2007-07-16 13:19 <DIR> d-------- C:\Program Files\Safari
2007-07-16 13:18 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-16 13:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-16 13:02 524,288 --a------ C:\WINDOWS\opuc.dll
2007-07-09 13:41 <DIR> d-------- C:\DOCUME~1\GRKEM~1\APPLIC~1\Key Metric Software
2007-07-09 13:25 <DIR> d-------- C:\Program Files\Key Metric Software
2007-07-09 13:24 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{AEA07565-5558-47B3-9A0A-18C6162C9C4C}
2007-07-05 13:14 19,328 --a------ C:\WINDOWS\system32\NotSleep.dll
2007-07-05 13:13 <DIR> d-------- C:\Program Files\NoTrax
2007-07-03 14:50 <DIR> d-------- C:\Program Files\VDMSound


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-02 15:14 --------- d-------- C:\DOCUME~1\GRKEM~1\APPLIC~1\OpenOffice.org2
2007-08-01 15:58 --------- d-------- C:\DOCUME~1\GRKEM~1\APPLIC~1\TOBB_Ekonomi_ve_Teknoloji
2007-08-01 15:47 --------- d-------- C:\Program Files\mIRC
2007-08-01 01:58 --------- d-------- C:\DOCUME~1\GRKEM~1\APPLIC~1\MegauploadToolbar
2007-07-31 20:46 --------- d-------- C:\Program Files\MegauploadToolbar
2007-07-31 20:41 --------- d-------- C:\Program Files\iTunes
2007-07-31 20:40 --------- d-------- C:\Program Files\FlashGet
2007-07-31 20:36 --------- d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-31 20:13 --------- d-------- C:\Program Files\Apoint
2007-07-31 11:03 --------- d-------- C:\Program Files\Ancient Sudoku
2007-07-31 10:40 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-31 10:20 --------- d-------- C:\Program Files\Last.fm
2007-07-16 13:20 --------- d-------- C:\DOCUME~1\GRKEM~1\APPLIC~1\Apple Computer
2007-07-12 17:28 --------- d-------- C:\Program Files\Jewel Quest
2007-07-10 16:20 --------- d-------- C:\Program Files\Webteh
2007-06-21 16:19 --------- d-------- C:\DOCUME~1\GRKEM~1\APPLIC~1\X-Chat 2
2007-06-21 13:47 68432 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-06-19 00:02 --------- d-------- C:\DOCUME~1\GRKEM~1\APPLIC~1\Autodesk
2007-06-15 09:51 --------- d-------- C:\Program Files\Real Alternative
2007-06-15 09:46 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-06-13 16:22 --------- d-------- C:\DOCUME~1\GRKEM~1\APPLIC~1\MySQL
2007-06-12 14:44 --------- d-------- C:\Program Files\Mystery Case Files Huntsville
2007-06-11 11:21 --------- d-------- C:\Program Files\xchat
2007-06-11 09:23 --------- d-------- C:\Program Files\Linksys
2007-06-09 06:14 564224 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-06-05 09:55 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-04 13:39 --------- d-------- C:\DOCUME~1\GRKEM~1\APPLIC~1\MapInfo
2007-06-04 13:38 --------- d-------- C:\Program Files\Seagate Software
2007-06-04 13:38 --------- d-------- C:\Program Files\MapInfo
2007-06-03 14:31 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-31 08:44 740442 --a------ C:\WINDOWS\system32\divx.dll
2007-05-16 18:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-04 19:28 28672 --a------ C:\WINDOWS\system32\myodbc3i.exe
2007-05-04 19:28 2056192 --a------ C:\WINDOWS\system32\myodbc3S.dll
2007-05-04 19:28 1716224 --a------ C:\WINDOWS\system32\myodbc3.dll
2007-05-04 19:28 11776 --a------ C:\WINDOWS\system32\myodbc3m.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 17:32]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-07 16:53]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 12:13]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 15:18]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 00:22]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]

C:\Documents and Settings\G”rkem\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 22:26:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2004-01-12 06:55 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

R1 APPDRV;APPDRV;C:\WINDOWS\system32\DRIVERS\APPDRV.SYS
R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 SQLBrowser;SQL Server Browser;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 E100B;Intel® PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
S1 xpdx.REN;xpdx system driver;\??\C:\WINDOWS\system32\xpdx.sys
S2 WinUltra;WinUltra;C:\WINDOWS\system32\winultra.exe
S3 bvrp_pci;bvrp_pci;C:\WINDOWS\system32\drivers\bvrp_pci.sys
S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver ;C:\WINDOWS\system32\DRIVERS\w70n51.sys
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\SETUP.EXE /AUTORUN
configure\command- E:\SETUP.EXE
install\command- E:\SETUP.EXE


Contents of the 'Scheduled Tasks' folder
2007-07-23 08:18:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 17:52:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-02 17:53:55
C:\ComboFix-quarantined-files.txt ... 2007-08-02 17:53
C:\ComboFix2.txt ... 2007-08-01 01:58

--- E O F ---

The quarantine file:
2004-08-18 19:00	  39	--a------	C:\Qoobox\Quarantine\C\WINDOWS\ws386.ini.vir
2004-08-18 19:00	  81	--a------	C:\Qoobox\Quarantine\C\WINDOWS\s32.txt.vir
2007-07-31 10:20	  0	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32_exception.nls.vir
2007-07-31 10:21	  54156	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\xpdx.sys.vir
2007-07-31 16:01	  0	--a------	C:\Qoobox\Quarantine\C\WINDOWS\g32.txt.vir
2007-07-31 22:11	  133	--a------	C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-08-01 01:48	  40183	--a------	C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1162OinUninstaller.exe.vir
2007-08-01 01:49	  430	--a------	C:\Qoobox\Quarantine\Registry_backups\services_runtime.reg.cf
2007-08-01 01:50	  296	--a------	C:\Qoobox\Quarantine\catchme.log


Folder PATH listing
Volume serial number is 70B7-95DC
C:\QOOBOX
\---Quarantine
	|   catchme.log
	|   
	+---C
	|   +---Program Files
	|   |   \---Common Files
	|   |		   Yazzle1162OinUninstaller.exe.vir
	|   |		   
	|   \---WINDOWS
	|	   |   g32.txt.vir
	|	   |   s32.txt.vir
	|	   |   wr.txt.vir
	|	   |   ws386.ini.vir
	|	   |   
	|	   \---system32
	|			   0_exception.nls.vir
	|			   xpdx.sys.vir
	|			   
	\---Registry_backups
			services_runtime.reg.cf

After dragging it on, combofix ate the script file. I'm assuming that is normal?

And here is the HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 17:59:58, on 02.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: WinUltra - Unknown owner - C:\WINDOWS\system32\winultra.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

#10 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 02 August 2007 - 09:13 AM

Hello Nameroc

After dragging it on, combofix ate the script file.


Yes, that's normal.

Let's do a little tidying up now. First of all, I cant see which version of Adobe Acrobat you have. If you have 8.1, ignore the following instruction. If not, I suggest updating.

I would advise updating Adobe Reader, as the latest version clears up any vulnerabilities of previous versions.
First uninstall the version you have on your computer then download and install Adobe Reader 8.1.

Delete the older versions of Java and download the newest.
Please follow these steps to remove older version Java components.
  • Close any programmes you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.
Then download the latest version of Java Runtime Environment (JRE) (4th one down the list), which is JRE6u2, and click Yes at the page warning, then accept the Licence Agreement before downloading the Offline file.
  • Please go HERE to run PandaActiveScan...

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to your desktop.
Post back with a new HijackThis log and the Pandascan report, please.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#11 Nameroc

Nameroc

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 04 August 2007 - 02:30 AM

Hello, Sorry for the late reply, I've been busy. I have the latest version of Adobe Reader, yes. I can't uninstall my old Javas as I need them for development, except the 1.4.2 runtime. I don't need that anymore. I've also downloaded the JDK 6.0u2, I assumed Java would update itself so I hadn't done so myself. The Panda active scan does not install. AntiVir tells me that it's trying to install a virus called W95/Bumblebee. Shall I tell it to ignore that and proceed? Thank you for the help, Nameroc

#12 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 04 August 2007 - 06:08 AM

Hi Nemeroc That's an odd one. As the name suggest's the Bumblebee virus is Windows 95/98 specific. Choose to ignore. :thumbup:
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#13 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 09 August 2007 - 07:26 AM

Still needing help here?
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#14 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 12 August 2007 - 05:22 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users