View Full Version : Sorry
1)Does not show hidden files even if "Show Hidden files" is selected
2)rundll32.exe is visible but does not run when double-clicked
One of my friends had a similar kind of problem & now he's computer does'nt start..
First his hidden files were always hidden, then suddenly *.exe files did'nt open (or execute) when double-clicked & then his comp. dosent start now..
I think i'am in the 1st phase..
Plz help me..:sad:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:42 PM, on 10/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\EASY FILE & FOLDER PROTECTOR\EFPAP.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\DOCUME~1\Aditya\LOCALS~1\Temp\2007102817140_mcinfo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
D:\Software\Mobile Software\Spy_and_ad_killer\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Aditya\LOCALS~1\Temp\2007102817140_mcinfo.exe /insfin
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8A2-850A-101B-AFC0-4210102A8DA7} (Microsoft TreeView Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/shared/COMCTL32/6,0,80,22/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Easy File & Folder Protector (ACDService) - Unknown owner - C:\PROGRAM FILES\EASY FILE & FOLDER PROTECTOR\EFPAP.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
--
End of file - 6832 bytes
ComboFix 07-10-29.1 - Aditya 2007-10-29 17:36:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.94 [GMT 5.5:30]
Running from: C:\Documents and Settings\Aditya\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-29 )))))))))))))))))))))))))))))))
.
2007-10-29 17:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-28 21:10 <DIR> d-------- C:\Documents and Settings\Aditya\Application Data\Lavasoft
2007-10-28 17:20 <DIR> d-------- C:\Program Files\SymNetDrv
2007-10-28 12:39 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-28 12:36 <DIR> d-------- C:\Program Files\MSBuild
2007-10-28 12:36 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-28 12:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-28 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-28 12:25 <DIR> dr-h----- C:\MSOCache
2007-10-28 10:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-28 10:22 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-10-28 10:22 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-10-28 10:22 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-10-28 10:22 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-10-28 10:22 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-10-28 10:22 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-10-28 10:22 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-10-28 10:22 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-10-28 09:59 2,136,064 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-10-28 09:59 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-10-28 09:46 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-10-28 09:45 <DIR> d-------- C:\Documents and Settings\Aditya\Application Data\Symantec
2007-10-28 09:44 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-28 09:44 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-28 09:43 <DIR> d-------- C:\Program Files\Symantec
2007-10-28 09:43 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-28 09:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-28 09:20 0 --a------ C:\WINDOWS\system32\Ultra.dll
2007-10-28 09:18 <DIR> d-------- C:\Program Files\PcBugDoctor
2007-10-26 18:02 <DIR> d-------- C:\WINDOWS\pss
2007-10-26 17:07 <DIR> d-------- C:\Downloads
2007-10-23 12:32 <DIR> d-------- C:\Macromedia Studio v8 2006
2007-10-22 23:19 <DIR> d-------- C:\paint
2007-10-22 23:15 <DIR> d-------- C:\New Folder
2007-10-22 23:12 <DIR> d-------- C:\FRIENDS
2007-10-22 23:09 <DIR> d--hs---- C:\heap41a
2007-10-22 22:18 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-22 22:03 <DIR> d-------- C:\Program Files\Winamp
2007-10-22 20:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-22 19:17 <DIR> d---s---- C:\Documents and Settings\Aditya\UserData
2007-10-22 19:11 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-10-22 19:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-22 19:08 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-22 19:08 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-22 18:54 <DIR> d-------- C:\Documents and Settings\Aditya\Application Data\Ahead
2007-10-22 18:53 <DIR> d-------- C:\Program Files\Nero
2007-10-22 18:53 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-22 18:42 <DIR> d-------- C:\Program Files\VideoLAN
2007-10-22 18:40 <DIR> d-------- C:\Program Files\RM Converter
2007-10-22 18:40 <DIR> d-------- C:\Program Files\Riva
2007-10-22 18:38 99,965 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-10-22 18:37 3,286 --a------ C:\WINDOWS\mozver.dat
2007-10-22 18:34 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2007-10-22 18:27 <DIR> d-------- C:\Program Files\CyberLink
2007-10-22 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-22 18:23 <DIR> d-------- C:\Program Files\Easy File & Folder Protector
2007-10-22 18:22 <DIR> d-------- C:\Program Files\ffdshow
2007-10-22 18:16 <DIR> d-------- C:\Program Files\ADSL Router
2007-10-22 18:11 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2007-10-22 18:09 <DIR> d-------- C:\Program Files\Intel
2007-10-22 18:05 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2007-10-22 18:04 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-10-22 18:04 45,568 --a------ C:\WINDOWS\system32\drivers\R8139n51.sys
2007-10-22 18:03 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-10-22 18:02 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-10-22 18:02 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-10-21 23:25 <DIR> d-------- C:\Program Files\Google
2007-10-21 22:26 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-10-21 22:26 <DIR> d-------- C:\Documents and Settings\Aditya\Application Data\McAfee.com Personal Firewall
2007-10-21 22:20 <DIR> d-------- C:\Program Files\McAfee AntiSpyware 1.00 Install
2007-10-21 22:20 <DIR> d-------- C:\Program Files\McAfee
2007-10-21 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-21 22:16 <DIR> d-------- C:\Program Files\McAfee.com
2007-10-21 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-10-21 22:13 <DIR> d-------- C:\Program Files\D-Tools
2007-10-21 22:13 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-10-21 22:13 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-10-21 22:08 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-10-21 22:03 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-10-21 22:01 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 04:32 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 13:49 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 13:49 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 13:49 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 13:49 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 13:49 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 13:49 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 13:49 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 13:48 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-06 21:49]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-06 21:37]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-10-28 17:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ACDService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCBNT.SYS"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart
R1 FDCBNT;FDCBNT;\??\C:\WINDOWS\system32\FDCBNT.SYS
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R2 sbbotdi;sbbotdi;\??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-28 05:08:46 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Aditya.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 17:39:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-29 17:40:33
.
--- E O F ---
Sorry Shaba
I'm sorry for sending a PM to you.:sad:
I read the instructions posted by tashi later..:oops:
I had a problem: My hidden files were not shown(even if i selected "show hidden files"), but now they are visible if i select "show hidden files"..
My 'rundll32.exe' does not execute even if i double click it.
And there are some folders in my "C:\WINDOWS\" named "$NtUninstallKB873339$" which are in BLUE.
Are these folders created by Virus or they are the virus??
PLZ HELP!!!
Hi aditya and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly :D
It looks like you have a Flash/USB drive infection, have you been sharing files with your friend ?
Flash Disinfector by sUBs
Please download Flash_Disinfector.exe (http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe) by sUBs and save it to your desktop:
* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* Wait until the program has finished scanning, then please exit the program.
The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
Please restart your computer.
Please delete your copy of ComboFix and download the latest version.
Download and Run ComboFix
Download Combofix from one of the two links below :
Download 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Download 2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
Then double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
ComboFix SHOULD NOT be used without supervision
Yes i do share a lot of files with my friends.
Thanks for repyling and i will definately follow the rules that you have stated.
Here is the ComboFix log that you wanted:
ComboFix 07-11-07.3 - Aditya 2007-11-07 18:29:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.127 [GMT 5.5:30]
Running from: C:\Documents and Settings\Aditya\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
.
2007-11-07 18:20 <DIR> d-------- C:\DG Cam
2007-11-07 18:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-11-06 20:29 <DIR> d-------- C:\DBZ episodes
2007-11-06 18:44 <DIR> d-------- C:\Program Files\AskPBar
2007-11-05 22:59 <DIR> d-------- C:\Documents and Settings\Aditya\WINDOWS
2007-11-05 17:15 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-11-04 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-04 23:26 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-04 23:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-01 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-01 23:46 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-01 23:09 <DIR> d-------- C:\Documents and Settings\Aditya\Application Data\Media Player Classic
2007-11-01 23:08 <DIR> d-------- C:\Program Files\Real Alternative
2007-11-01 23:08 <DIR> d-------- C:\Program Files\Media Player Classic
2007-10-31 19:33 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-28 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-28 21:10 <DIR> d-------- C:\Documents and Settings\Aditya\Application Data\Lavasoft
2007-10-28 17:20 <DIR> d-------- C:\Program Files\SymNetDrv
2007-10-28 12:39 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-28 12:36 <DIR> d-------- C:\Program Files\MSBuild
2007-10-28 12:36 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-28 12:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-28 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-28 12:25 <DIR> dr-h----- C:\MSOCache
2007-10-28 10:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-28 10:22 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-10-28 10:22 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-10-28 10:22 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-10-28 10:22 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-10-28 10:22 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-10-28 10:22 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-10-28 10:22 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-10-28 10:22 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-10-28 09:59 2,136,064 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-10-28 09:59 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-10-28 09:46 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-10-28 09:45 <DIR> d-------- C:\Documents and Settings\Aditya\Application Data\Symantec
2007-10-28 09:44 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-28 09:44 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-28 09:43 <DIR> d-------- C:\Program Files\Symantec
2007-10-28 09:43 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-28 09:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-28 09:20 0 --a------ C:\WINDOWS\system32\Ultra.dll
2007-10-28 09:18 <DIR> d-------- C:\Program Files\PcBugDoctor
2007-10-26 18:02 <DIR> d-------- C:\WINDOWS\pss
2007-10-26 17:07 <DIR> d-------- C:\Downloads
2007-10-23 12:32 <DIR> d-------- C:\Macromedia Studio v8 2006
2007-10-22 23:19 <DIR> d-------- C:\paint
2007-10-22 23:15 <DIR> d-------- C:\New Folder
2007-10-22 23:12 <DIR> d-------- C:\FRIENDS
2007-10-22 23:09 <DIR> d--hs---- C:\heap41a
2007-10-22 22:18 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-22 22:03 <DIR> d-------- C:\Program Files\Winamp
2007-10-22 20:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-22 19:17 <DIR> d---s---- C:\Documents and Settings\Aditya\UserData
2007-10-22 19:11 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-10-22 19:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-22 19:08 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-22 19:08 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-22 18:54 <DIR> d-------- C:\Documents and Settings\Aditya\Application Data\Ahead
2007-10-22 18:53 <DIR> d-------- C:\Program Files\Nero
2007-10-22 18:53 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-22 18:42 <DIR> d-------- C:\Program Files\VideoLAN
2007-10-22 18:40 <DIR> d-------- C:\Program Files\RM Converter
2007-10-22 18:40 <DIR> d-------- C:\Program Files\Riva
2007-10-22 18:38 99,965 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-10-22 18:37 3,286 --a------ C:\WINDOWS\mozver.dat
2007-10-22 18:34 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2007-10-22 18:27 <DIR> d-------- C:\Program Files\CyberLink
2007-10-22 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-22 18:23 <DIR> d-------- C:\Program Files\Easy File & Folder Protector
2007-10-22 18:22 <DIR> d-------- C:\Program Files\ffdshow
2007-10-22 18:16 <DIR> d-------- C:\Program Files\ADSL Router
2007-10-22 18:11 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2007-10-22 18:09 <DIR> d-------- C:\Program Files\Intel
2007-10-22 18:05 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2007-10-22 18:04 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-10-22 18:04 45,568 --a------ C:\WINDOWS\system32\drivers\R8139n51.sys
2007-10-22 18:03 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-10-22 18:02 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-10-22 18:02 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-10-21 23:25 <DIR> d-------- C:\Program Files\Google
2007-10-21 22:26 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-10-21 22:26 <DIR> d-------- C:\Documents and Settings\Aditya\Application Data\McAfee.com Personal Firewall
2007-10-21 22:20 <DIR> d-------- C:\Program Files\McAfee AntiSpyware 1.00 Install
2007-10-21 22:20 <DIR> d-------- C:\Program Files\McAfee
2007-10-21 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-21 22:16 <DIR> d-------- C:\Program Files\McAfee.com
2007-10-21 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-10-21 22:13 <DIR> d-------- C:\Program Files\D-Tools
2007-10-21 22:13 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-10-21 22:13 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-10-21 22:08 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-10-21 22:03 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-10-21 22:01 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 04:32 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2007-10-29_17.39.27.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-26 04:21:17 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-29 13:26:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-04 17:56:50 65,536 ----a-r C:\WINDOWS\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D}\NewShortcut1_236BB7C4441942FD04091E257A25E34D.exe
+ 2007-11-06 15:43:30 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\NewShortcut1_AC76BA867AD710337DCD7E8A45A00001.exe
+ 2007-11-06 15:43:30 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\Reader_PM_SC_NON_OPT_AC76BA867AD710337DCD7E8A45A00001.exe
+ 2007-11-06 15:43:29 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe
+ 2007-11-04 17:59:00 65,536 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\AdobeBridge_B74D4E10103300000000000000000001_1.exe
+ 2007-11-04 17:59:00 65,536 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\BridgeCommonShortcut_B74D4E101033000000000001_1.exe
+ 2007-11-04 17:59:00 1,904,640 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\ESLaunchShortcut_B74D4E10103300000000000000000001.exe
+ 2007-11-04 17:59:00 61,440 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\NewShortcut2_B74D4E10103300000000000000000001.exe
+ 2007-11-04 18:00:52 65,536 ----a-r C:\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001}\AppLanuchShortcut_E9787678103300008E67000000000001_1.exe
+ 2007-11-04 18:00:52 65,536 ----a-r C:\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001}\ProgramMenuShortcut_E9787678103300008E670000000001_1.exe
- 2005-05-04 09:15:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2007-04-18 16:12:23 2,854,400 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2007-10-28 16:27:52 263,024 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-05 07:11:19 263,824 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-06-11 07:34:38 190,696 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
+ 2007-09-27 16:49:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
- 2005-05-04 09:15:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
+ 2001-06-22 20:01:20 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 1998-03-25 23:27:34 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 1998-05-12 15:06:44 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2006-01-27 21:25:26 176,167 ----a-w C:\WINDOWS\system32\rmoc3260.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-06 21:49]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-06 21:37]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-10-28 17:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ACDService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCBNT.SYS"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart
R1 FDCBNT;FDCBNT;\??\C:\WINDOWS\system32\FDCBNT.SYS
R2 sbbotdi;sbbotdi;\??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-28 05:08:46 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Aditya.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 18:32:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-07 18:34:12
C:\ComboFix2.txt ... 2007-10-29 17:40
.
--- E O F ---
http://images.orkut.com/orkut/albums2/ATgAAAAmA1RzPyB-qMZy2oCxtFh3cFEoTm_fTc7FghGyW7hVque3zjmhNWVpU75SkMLEI8f-EyHsf-Boy4jGClN-EJ40AJtU9VDz0DmBxItBeB8e3mU6GTWIX7pixw.jpg
this is the image of my rundll32.exe.
It does not execute when double-clicked..
Is it captured by a virus OR is it like this only?
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines if still present
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
Show All Files And Folders
Now you need to show all files and folders
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Delete Files and Folders
Find and delete the following Folder if present
C:\heap41a <<< This Folder
Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti
Please visit Jotti (http://virusscan.jotti.org/)
Click on Browse... and navigate to the following file: C:\WINDOWS\system32\rundll32.exe
Click Open
Please post back, to let me know the results.
If Jotti is too busy please try Virustotal (http://www.virustotal.com/en/indexf.html)
Kaspersky Online Scanner .
Go Here http://www.kaspersky.com/virusscanner
Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Please post the report in your reply.
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
A fresh HJT log
Jotti/Virus Total results
Kaspersky Log
How are things running now ?
I would like to say just 3 words....
No they are not 'I love you'
But "You are Great"..:D:
I Fixed the two files you told me to fix with the help of HJT.
There was a folder named "heap41a" I deleted that too
Then submitted my "rundll32.exe" file to Jotti, the results are below..
Then came the main part that took almost 4 HOURS and you told me to put the kettle on.. you should have mentioned to have lunch and take a nap..:D:
rundll32.exe is as same as it was and i found out that my pc is infected by virus,trojan,worms..
So here's all the information that you needed..
Thanks in advance..
~~~~~~~~~~~~~~~~~~~~~~~~ Fresh HJT Log ~~~~~~~~~~~~~~~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:34 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\EASY FILE & FOLDER PROTECTOR\EFPAP.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\DOCUME~1\Aditya\LOCALS~1\Temp\2007102817140_mcinfo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
D:\Software\Mobile Software\Spy_and_ad_killer\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Aditya\LOCALS~1\Temp\2007102817140_mcinfo.exe /insfin
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8A2-850A-101B-AFC0-4210102A8DA7} (Microsoft TreeView Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/shared/COMCTL32/6,0,80,22/ComCtl32.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Easy File & Folder Protector (ACDService) - Unknown owner - C:\PROGRAM FILES\EASY FILE & FOLDER PROTECTOR\EFPAP.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
--
End of file - 7409 bytes
~~~~~~~~~~~~~~~~ Jotti results ~~~~~~~~~~~~~~~~~
File: rundll32.exe
Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Packers detected: -
Bit9 reports: No threat detected (more info)
Jotti
Scanner results
Scan taken on 08 Nov 2007 09:23:26 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
Arc
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
~~~~~~~~~~~~ Kaspersky Online Scanner Report ~~~~~~~~~~~~~~~~~
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 08, 2007 7:34:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/11/2007
Kaspersky Anti-Virus database records: 454659
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 71555
Number of viruses found: 16
Number of infected objects: 63
Number of suspicious objects: 0
Duration of the scan process: 03:46:55
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Aditya\Application Data\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Documents and Settings\Aditya\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Aditya\Desktop\Fix With HJT.docx Object is locked skipped
C:\Documents and Settings\Aditya\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Aditya\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Aditya\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aditya\Local Settings\Temp\~DF22E7.tmp Object is locked skipped
C:\Documents and Settings\Aditya\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aditya\Local Settings\Temporary Internet Files\Content.Word\~WRF{FD38190A-2899-4DF1-B08A-2E6F0B93042F}.tmp Object is locked skipped
C:\Documents and Settings\Aditya\Local Settings\Temporary Internet Files\Content.Word\~WRS{415919C7-5319-4584-985F-6C5CAB8C0F68}.tmp Object is locked skipped
C:\Documents and Settings\Aditya\Local Settings\Temporary Internet Files\Content.Word\~WRS{59A87308-9DB0-449D-BF8E-82419A1EB5C7}.tmp Object is locked skipped
C:\Documents and Settings\Aditya\Local Settings\Temporary Internet Files\Content.Word\~WRS{9D705184-D216-406A-81D7-190ECC8F7AC8}.tmp Object is locked skipped
C:\Documents and Settings\Aditya\Local Settings\Temporary Internet Files\Content.Word\~WRS{B93CFA90-C1FD-414E-9E7F-B034BF00A069}.tmp Object is locked skipped
C:\Documents and Settings\Aditya\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Aditya\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\46F44D88.txt Infected: Trojan.Win32.Agent.aoe skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\46F87784.txt Infected: Trojan.Win32.AutoHK.a skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A9C378C.exe Infected: Worm.Win32.Muha.a skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AA20B85.txt Infected: Virus.Win32.AutoHK.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP12\A0004745.exe Infected: Worm.Win32.Muha.a skipped
C:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP23\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\FDCBNT.SYS Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Software\Mobile Software\p2p software\WarezP2P.exe/data0003/Cabs.w1.cab/HyperbarSS3.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b skipped
D:\Software\Mobile Software\p2p software\WarezP2P.exe/data0003/Cabs.w1.cab/Hyperbar.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b skipped
D:\Software\Mobile Software\p2p software\WarezP2P.exe/data0003/Cabs.w1.cab Infected: not-a-virus:AdWare.Win32.HyperBar.b skipped
D:\Software\Mobile Software\p2p software\WarezP2P.exe/data0003 Infected: not-a-virus:AdWare.Win32.HyperBar.b skipped
D:\Software\Mobile Software\p2p software\WarezP2P.exe NSIS: infected - 4 skipped
D:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP23\change.log Object is locked skipped
D:\Games\Gameflash\Software\Advanced dvd setup.exe/data0015 Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k skipped
D:\Games\Gameflash\Software\Advanced dvd setup.exe/data0022/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
D:\Games\Gameflash\Software\Advanced dvd setup.exe/data0022/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
D:\Games\Gameflash\Software\Advanced dvd setup.exe/data0022 Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
D:\Games\Gameflash\Software\Advanced dvd setup.exe/data0026 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\Games\Gameflash\Software\Advanced dvd setup.exe Inno: infected - 5 skipped
D:\Games\Gameflash\Software\BolSetup.exe/stream/data0171/stream/data0007 Infected: not-a-virus:AdWare.Win32.MyTool.f skipped
D:\Games\Gameflash\Software\BolSetup.exe/stream/data0171/stream Infected: not-a-virus:AdWare.Win32.MyTool.f skipped
D:\Games\Gameflash\Software\BolSetup.exe/stream/data0171 Infected: not-a-virus:AdWare.Win32.MyTool.f skipped
D:\Games\Gameflash\Software\BolSetup.exe/stream Infected: not-a-virus:AdWare.Win32.MyTool.f skipped
D:\Games\Gameflash\Software\BolSetup.exe NSIS: infected - 4 skipped
D:\Games\Gameflash\Software\shareaza_pro_free.exe/file144/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
D:\Games\Gameflash\Software\shareaza_pro_free.exe/file144/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
D:\Games\Gameflash\Software\shareaza_pro_free.exe/file144/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
D:\Games\Gameflash\Software\shareaza_pro_free.exe/file144/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
D:\Games\Gameflash\Software\shareaza_pro_free.exe/file144/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
D:\Games\Gameflash\Software\shareaza_pro_free.exe/file144 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
D:\Games\Gameflash\Software\shareaza_pro_free.exe Inno: infected - 6 skipped
D:\Games\Gameflash\Software\videoacce21.exe/WISE0009.BIN Infected: not-a-virus:AdTool.Win32.MyWebSearch.bk skipped
D:\Games\Gameflash\Software\videoacce21.exe WiseSFX: infected - 1 skipped
D:\Games\Gameflash\Software\videoacce21.exe WiseSFX Dropper: infected - 1 skipped
D:\Games\Gameflash\Games\GTA-DP-Setup.exe/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Games\Gameflash\Games\GTA-DP-Setup.exe NSIS: infected - 1 skipped
D:\Games\Gameflash\nokia\Games\carmageddon3d.zip/carmageddon3d_free.sis/!:\system\apps\carmageddon3d\cwoutcast.exe Infected: Worm.SymbOS.Comwar.c skipped
D:\Games\Gameflash\nokia\Games\carmageddon3d.zip/carmageddon3d_free.sis Infected: Worm.SymbOS.Comwar.c skipped
D:\Games\Gameflash\nokia\Games\carmageddon3d.zip ZIP: infected - 2 skipped
D:\Games\Gameflash\nokia\Games\carmageddon3d\carmageddon3d_free.sis/!:\system\apps\carmageddon3d\cwoutcast.exe Infected: Worm.SymbOS.Comwar.c skipped
D:\Games\Gameflash\nokia\Games\carmageddon3d\carmageddon3d_free.sis SIS: infected - 1 skipped
D:\Games\Gameflash\nokia\Softies\BlackIcon.SysIconzPack.7610.SIS/E:\System\Apps\FreakMenu\FREAKMENU.APP Infected: not-a-virus:RiskTool.SymbOS.Hidmenu.a skipped
D:\Games\Gameflash\nokia\Softies\BlackIcon.SysIconzPack.7610.SIS SIS: infected - 1 skipped
D:\Games\Gameflash\nokia\Softies\Ckycon_3650_3660.SIS/!:\System\Apps\FreakMenu\FREAKMENU.APP Infected: not-a-virus:RiskTool.SymbOS.Hidmenu.a skipped
D:\Games\Gameflash\nokia\Softies\Ckycon_3650_3660.SIS SIS: infected - 1 skipped
D:\Games\Gameflash\nokia\Softies\Ckycon_Bobo1.SysIconzPack.OcSky.NGAGE.sis/!:\system\apps\FreakMenu\FREAKMENU.APP Infected: not-a-virus:RiskTool.SymbOS.Hidmenu.a skipped
D:\Games\Gameflash\nokia\Softies\Ckycon_Bobo1.SysIconzPack.OcSky.NGAGE.sis SIS: infected - 1 skipped
D:\Games\Gameflash\nokia\Softies\Ckycon_Box1.SysIconzPack.sis/!:\system\apps\FreakMenu\FREAKMENU.APP Infected: not-a-virus:RiskTool.SymbOS.Hidmenu.a skipped
D:\Games\Gameflash\nokia\Softies\Ckycon_Box1.SysIconzPack.sis SIS: infected - 1 skipped
D:\Games\Gameflash\nokia\Softies\Ckycon_Glass1.SysIconzPack.sis/!:\system\apps\FreakMenu\FREAKMENU.APP Infected: not-a-virus:RiskTool.SymbOS.Hidmenu.a skipped
D:\Games\Gameflash\nokia\Softies\Ckycon_Glass1.SysIconzPack.sis SIS: infected - 1 skipped
D:\Games\Gameflash\nokia\Softies\Ckycon_N-Gage.sis/!:\system\apps\FreakMenu\FREAKMENU.APP Infected: not-a-virus:RiskTool.SymbOS.Hidmenu.a skipped
D:\Games\Gameflash\nokia\Softies\Ckycon_N-Gage.sis SIS: infected - 1 skipped
D:\Games\Gameflash\nokia\Softies\ckycon_QD.sis/!:\System\Apps\FreakMenu\FREAKMENU.APP Infected: not-a-virus:RiskTool.SymbOS.Hidmenu.a skipped
D:\Games\Gameflash\nokia\Softies\ckycon_QD.sis SIS: infected - 1 skipped
D:\Games\Gameflash\nokia\Softies\icandyxptheme.sis/!:\System\Apps\xxMenu\xxMenu.APP Infected: not-a-virus:RiskTool.SymbOS.Hidmenu.a skipped
D:\Games\Gameflash\nokia\Softies\icandyxptheme.sis SIS: infected - 1 skipped
D:\Games\Gameflash\nokia\Softies\Windows[1].XP.Theme.sis/!:\system\apps\xxMenu\xxMenu.APP Infected: not-a-virus:RiskTool.SymbOS.Hidmenu.a skipped
D:\Games\Gameflash\nokia\Softies\Windows[1].XP.Theme.sis SIS: infected - 1 skipped
D:\Games\Miniclip\setup.exe/WISE0067.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
D:\Games\Miniclip\setup.exe/WISE0068.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
D:\Games\Miniclip\setup.exe/WISE0069.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
D:\Games\Miniclip\setup.exe/WISE0070.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
D:\Games\Miniclip\setup.exe/WISE0071.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
D:\Games\Miniclip\setup.exe WiseSFX: infected - 5 skipped
Scan process completed.
Errmm... I may have bad news for you, It is possible that your mobile phone is infected as well.
There are a lot of files in this folder that are infected.
D:\Games\Gameflash
Have you put any of these games/themes on your phone yet ?
Delete Files and Folders
Find and delete the following Files if present
D:\Software\Mobile Software\p2p software\WarezP2P.exe <<< This File
D:\Games\Gameflash\Software\Advanced dvd setup.exe <<< This File
D:\Games\Gameflash\Software\BolSetup.exe <<< This File
D:\Games\Gameflash\Software\shareaza_pro_free.exe <<< This File
D:\Games\Gameflash\Software\videoacce21.exe <<< This File
D:\Games\Gameflash\Games\GTA-DP-Setup.exe <<< This File
D:\Games\Gameflash\nokia\Games\carmageddon3d.zip <<< This File
D:\Games\Miniclip\setup.exe <<< This File
Installed Programs
Please could you give me a list of the programs that are installed. This will help me create a fix for you.
Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
Regarding rundll32.exe, what problem are you having with it ?
Here is the list of progs.:
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Stock Photos 1.0
ADSL USB Driver 1.3
Ask Toolbar
CC_ccProxyExt
ccCommon
ccPxyCore
C-Media 3D Audio
DAEMON Tools
Easy File & Folder Protector v3.0
eMusic - 50 Free MP3 offer
ffdshow
Google Talk (remove only)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Intel(R) Extreme Graphics Driver
Kaspersky Online Scanner
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (1.0.7)
MSRedist
Nero 7 Demo
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
PcBugDoctor 1,0,0,3
PowerDVD
Real Alternative 1.50
Riva FLV Encoder 2.0
RM Converter 3.28
RTLSetup for Realtek RTL8139/810x Family NIC 3.00
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Shockwave
SPBBC
SpeedBit Video Accelerator
Spybot - Search & Destroy 1.3
SpywareBlaster v2.6.1
Symantec Script Blocking Installer
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VideoLAN VLC media player 0.8.6b
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
My rundll32.exe file does not execute when double-clicked.
My friend had the same problem untill all his executable files were unable to execute i.e. when he used to click any *.exe file a "Open With" window used to pop up..
So plz help me before that happens with me..
I have'nt installed any files from the Gameflash folder in my mobile. So Good News.. My mobile is not infected
Here is the picture of my rundll32.exe u'll understand it better:http://images.orkut.com/orkut/albums2/ATgAAAAmA1RzPyB-http://images.orkut.com/orkut/albums2/ATgAAAAmA1RzPyB-
srry i thought the pic will be displayed..
anyways..
shall i send u an image of my rundll32 file?
so that you will know what i'am trying to say..:)
You should never need to click rundll32.exe.
Why are you trying to do that ?
:oops: Is that so?
I dont have rundll32.exe in my process, when i open task manager and see process..
Is it ok? Or there's some problem..?:sad:
Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
Ask Toolbar <<< I would remove this, It has Adware components
eMusic - 50 Free MP3 offer <<< Adware related
Now close the Control Panel.
Delete Files and Folders
( you may need to show hidden files and folders. See HERE (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx) for help)
Find and delete the following Files and Folders if present
D:\Games\Gameflash\nokia\Softies\BlackIcon.SysIconzPack.7610.SIS <<< This File
D:\Games\Gameflash\nokia\Softies\Ckycon_3650_3660.SIS <<< This File
D:\Games\Gameflash\nokia\Softies\Ckycon_Bobo1.SysIconzPack.OcSky.NGAGE.sis <<< This File
D:\Games\Gameflash\nokia\Softies\Ckycon_Box1.SysIconzPack.sis <<< This File
D:\Games\Gameflash\nokia\Softies\Ckycon_Glass1.SysIconzPack.sis <<< This File
D:\Games\Gameflash\nokia\Softies\Ckycon_N-Gage.sis <<< This File
D:\Games\Gameflash\nokia\Softies\ckycon_QD.sis <<< This File
D:\Games\Gameflash\nokia\Softies\icandyxptheme.sis <<< This File
D:\Games\Gameflash\nokia\Softies\Windows[1].XP.Theme.sis <<< This File
Is your rundll32.exe a picture of a skull ??
YOU GUYS ARE DOING A GREAT JOB.. :bow:
Yup i deleted the files and removed the programs as you told me too.. My pc is running fine now..
Everything looks normal.. except for that rundll32.exe file(No, it doesnt look like a skull)
Here's the link to the image of my rundll32.exe file, maybe
you'll get what i'am trying to say.
http://www.orkut.com/AlbumZoom.aspx?uid=7355584181640657164&pid=1
This link will not direct you to an infected page OR an infected file or something..:angel:
Glad to hear that things are running smoothly :)
I still can't see that picture, the link asks me to login.
Skull wasn't a random choice :laugh:
one of the infections you had is able to infect .exe files and alter them to show up as a skull.
Lets run one more scan for safety :D
TotalScan
Please go to this site Link >> TotalScan (http://www.nanoscan.com/as/v1/?) << LINK
Under Scan Now click the Full Scan button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.
Its good if you can see the image below:
http://img219.imageshack.us/img219/4419/rundll32wwkm6.jpg
Otherwise here is another link to that image of mine..:D:
http://img219.imageshack.us/img219/4419/rundll32wwkm6.jpg
Hope there are no problems this time(in viewing the img
I'll scan my pc once again...
And have a cup of tea/coffee and watch TV..
That looks exactly the same as mine :) :bigthumb:
"rundll32" is not in the Processes list in Task Manager, is it normal?
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-11 21:14:33
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Internet Security 2005 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00055522 Eicar.Mod Virus No 0 No No D:\Software\Mobile Software\ANTIVIRUS\KASPERSK\DATA1.CAB[eicar.html]
00117524 Joke/Viagra Jokes No 0 Yes No D:\Games\FUN-2\Viagra.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Application Data\Mozilla\Firefox\Profiles\db2trxc4.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Cookies\aditya@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Cookies\aditya@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Application Data\Mozilla\Firefox\Profiles\db2trxc4.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Application Data\Mozilla\Firefox\Profiles\db2trxc4.default\cookies.txt[.fastclick.net/]
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Cookies\aditya@2o7[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Cookies\aditya@tribalfusion[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Application Data\Mozilla\Firefox\Profiles\db2trxc4.default\cookies.txt[.xiti.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Application Data\Mozilla\Firefox\Profiles\db2trxc4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Application Data\Mozilla\Firefox\Profiles\db2trxc4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Cookies\aditya@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Application Data\Mozilla\Firefox\Profiles\db2trxc4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Application Data\Mozilla\Firefox\Profiles\db2trxc4.default\cookies.txt[ad.yieldmanager.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Aditya\Cookies\aditya@advertising[2].txt
00263737 Adware/nCase Adware No 0 No No D:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP24\A0009160.EXE[saap.exe]
00285804 Joke/Shakedown Jokes No 0 Yes No D:\Games\FUN-2\shakedown.exe
00352595 Trj/Banker.FTI Virus/Trojan No 1 Yes No D:\Games\Miniclip\super-gerball.exe
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP22\A0008068.exe
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Aditya\Desktop\Flash_Disinfector.exe[nircmd.exe]
00378583 Adware/Pics-Factory Adware No 0 No No D:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP24\A0009157.EXE[RediffToolbar.exe][redifftoolbar.dll]
00889180 Generic Backdoor Virus/Trojan No 0 No No D:\Software\Mobile Software\ANTIVIRUS\KASPERSK\DATA1.CAB[klif.sys]
00902180 Generic Malware Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP12\A0004746.EXE
01244608 W32/AHKHeap.A.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP12\A0004745.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP22\A0008031.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP22\A0008032.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Aditya\Desktop\ComboFix.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Aditya\Desktop\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP14\A0006619.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP22\A0008031.exe[nircmd.cfexe]
01650305 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP24\A0009234.dll
01650305 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP24\A0009226.DLL
01717736 W32/AHKHeap.A.worm Virus/Worm No 0 No No C:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP12\A0004745.exe[MicrosoftPowerPoint\Install.txt]
01851551 Adware/WebHancer Adware No 0 Yes No D:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP24\A0009158.EXE
02681124 W32/Muha.A.worm Virus/Worm No 0 No No C:\System Volume Information\_restore{DC6223AC-B1AB-4ED7-BDDF-B801532BBFC8}\RP12\A0004745.exe[MicrosoftPowerPoint\svchost.exe]
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
"rundll32" is not in the Processes list in Task Manager, is it normal?
Perfectly normal :)
Find and delete the following files
D:\Games\FUN-2\Viagra.exe << This File
D:\Games\FUN-2\shakedown.exe << This File
D:\Games\Miniclip\super-gerball.exe << This File
Are you having any problems now ? or is everything running OK ?
Everything is normal dude..
Thankyou very much:bigthumb:
Deleted the files you told me to..:2thumb:
Are there any more tests??
I'am waiting for your final approval..
Congratulations your logs look clean :D
Let's see if I can help you keep it that way
First lets tidy up :D
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
You can also delete any logs we have produced.
Empty your Recycle bin.
Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.
Also PLEASE read this article
So How Did I Get Infected In The First Place (http://forums.spybot.info/showthread.php?t=279)
It has some very useful information on how to stay safe on the internet
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
Everything is working good not only good but much better..
Thanks for giving your time and helping me in getting rid of those unknown & hidden viruses
Keep Up The GOOD WORK :bigthumb:
Maybe its time to archive this thread..
Thanks for everything.. :heart:
AdityA
:ninja: