PDA

View Full Version : Virtumonde Help pls



Cyberman
2008-05-29, 12:35
I have a dual boot system. Vista+XP64 ,it seems that the Vista system is infected by Virtumonde ,I have tried all the usual to disinfect the system. I also reinstaled Vista last week because I totaly lost my Internet connection, This was after a long chat with my isp provider and between us trying to put it right.

Anyway here are the logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:22, on 29/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\unsecapp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\Windows\system32\qpcxnobu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {3ccf7b92-4c9e-0849-0e64-f8555c5dfc06} - {60cfd5c5-558f-46e0-9480-e9c429b7fcc3} - C:\Windows\system32\mtcuyaxo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - C:\Windows\system32\bYoMCuRI.dll (file missing)
O2 - BHO: (no name) - {E793DDC8-3109-436B-9BCB-D73E3DA5190D} - C:\Windows\system32\urqpPHby.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\bYoMCuRI.dll,#1
O4 - HKLM\..\Run: [509598a4] rundll32.exe "C:\Windows\system32\veudwkge.dll",b
O4 - HKLM\..\Run: [BM53a6ab38] Rundll32.exe "C:\Windows\system32\ixtbgdol.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8167] command /c del "C:\Windows\System32\urqpPHby.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6561] cmd /c del "C:\Windows\System32\urqpPHby.dll"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Darrell\AppData\Local\Temp\vtUMcYpq.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9305 bytes
-----------------------------------------------------------------------

-----------------------------------------------------------------------
ComboFix 08-05-28.4 - Darrell 2008-05-29 10:00:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1265 [GMT 1:00]
Running from: C:\Users\Darrell\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\cookies.ini
C:\Windows\system32\eebkwwkl.dll
C:\Windows\System32\egkwduev.ini
C:\Windows\system32\eqrlusfx.dll
C:\Windows\System32\gumrouyu.ini
C:\Windows\system32\ipitdses.dll
C:\Windows\system32\ixtbgdol.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mtcuyaxo.dll
C:\Windows\system32\psbntdxk.ini
C:\Windows\system32\urqpPHby.dll
C:\Windows\system32\veudwkge.dll
C:\Windows\system32\xfjwaxao.dll
C:\Windows\system32\xfsulrqe.ini
C:\Windows\system32\xsdeqbur.dll
C:\Windows\System32\ybHPpqru.ini
C:\Windows\System32\ybHPpqru.ini2

----- BITS: Possible infected sites -----

hxxp://theinstalls.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_iprip


((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-29 09:40 . 2008-05-29 09:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-29 08:40 . 2008-05-29 08:40 92,160 --a------ C:\Windows\System32\qpcxnobu.dll
2008-05-28 22:44 . 2008-05-28 22:53 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-28 22:44 . 2008-05-28 22:53 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-28 22:44 . 2008-05-28 22:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-28 22:42 . 2008-05-28 22:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 19:29 . 2008-05-28 19:29 1,160 --a------ C:\Windows\mozver.dat
2008-05-28 08:54 . 2008-05-28 09:13 23 --a------ C:\Windows\popcinfot.dat
2008-05-28 08:37 . 2008-05-28 08:37 92,160 --a------ C:\Windows\System32\obfxrdtv.dll
2008-05-27 22:25 . 2008-05-27 22:25 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-05-27 22:25 . 2008-05-27 22:25 <DIR> d-------- C:\ProgramData\FLEXnet
2008-05-27 21:30 . 2008-05-27 21:03 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-27 21:30 . 2008-05-27 21:03 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-27 21:18 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-05-27 21:18 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-05-27 21:17 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-27 21:17 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-05-27 21:17 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-05-27 21:13 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-05-27 21:11 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-05-27 21:05 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-05-27 21:03 . 2008-05-27 21:32 196,608 --a------ C:\Windows\SPInstall.etl
2008-05-27 20:46 . 2008-05-27 20:46 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-27 19:46 . 2008-05-27 19:46 0 --a------ C:\Windows\nsreg.dat
2008-05-27 19:40 . 2008-05-27 19:40 <DIR> d-------- C:\Windows\Sun
2008-05-27 17:38 . 2008-05-27 17:38 <DIR> d-------- C:\Users\All Users\ALM
2008-05-27 17:38 . 2008-05-27 17:38 <DIR> d-------- C:\ProgramData\ALM
2008-05-27 17:15 . 2008-05-27 17:15 <DIR> d-------- C:\Program Files\QuickTime
2008-05-27 17:10 . 2006-09-29 06:56 28,248 -ra------ C:\Windows\System32\AdobePDF.dll
2008-05-27 17:01 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
2008-05-27 17:01 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
2008-05-27 16:55 . 2008-05-27 22:24 <DIR> d-------- C:\Users\All Users\Adobe
2008-05-27 16:46 . 2008-05-27 16:46 <DIR> d-------- C:\Program Files\Bonjour
2008-05-27 16:32 . 2008-05-27 16:32 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-27 16:29 . 2008-05-27 17:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 16:15 . 2008-05-27 16:15 <DIR> d-------- C:\Program Files\MagicISO
2008-05-27 07:19 . 2008-05-27 07:19 418,480 --a------ C:\Windows\System32\wrap_oal.dll
2008-05-27 07:19 . 2008-05-27 07:19 115,432 --a------ C:\Windows\System32\OpenAL32.dll
2008-05-27 06:53 . 2008-05-27 06:53 92,160 --a------ C:\Windows\System32\daoodekf.dll
2008-05-27 02:05 . 2008-05-27 02:05 <DIR> d-------- C:\Program Files\OpenAL
2008-05-27 01:52 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-05-27 01:52 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-05-27 01:52 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-05-27 01:41 . 2008-05-28 19:07 <DIR> d-------- C:\Program Files\Steam
2008-05-27 01:41 . 2008-05-27 23:45 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-05-26 20:10 . 2008-05-26 20:10 <DIR> d-------- C:\Program Files\Disney
2008-05-26 19:30 . 2008-05-29 09:14 360 --a------ C:\Windows\wininit.ini
2008-05-26 19:04 . 2008-05-26 19:44 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-26 19:04 . 2008-05-26 19:44 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-26 19:04 . 2008-05-26 19:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-26 12:46 . 2008-05-26 12:46 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-05-26 12:46 . 2008-05-26 12:46 <DIR> d-------- C:\ProgramData\WLInstaller
2008-05-26 10:52 . 2008-05-26 10:54 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-05-26 10:34 . 2008-05-26 10:34 94,208 --a------ C:\Windows\DIIUnin.exe
2008-05-26 10:34 . 2008-05-26 10:52 46,731 --a------ C:\Windows\DIIUnin.dat
2008-05-26 10:34 . 2008-05-26 10:34 2,829 --a------ C:\Windows\DIIUnin.pif
2008-05-26 09:56 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-05-26 09:49 . 2008-05-26 09:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-26 09:44 . 2008-05-26 09:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-26 09:39 . 2008-05-26 09:39 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-26 09:36 . 2008-05-26 09:58 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-05-26 09:36 . 2008-05-26 09:58 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-05-26 09:27 . 2008-05-26 09:27 <DIR> d-------- C:\Program Files\PowerISO
2008-05-26 09:16 . 2008-05-26 18:52 <DIR> d-------- C:\Users\Darrell\AppData\Roaming\Azureus
2008-05-26 09:16 . 2008-05-26 09:16 <DIR> d-------- C:\Users\All Users\Azureus
2008-05-26 09:16 . 2008-05-26 09:16 <DIR> d-------- C:\ProgramData\Azureus
2008-05-26 09:12 . 2008-05-26 09:13 <DIR> d-------- C:\Program Files\Azureus
2008-05-26 09:01 . 2008-05-27 19:20 <DIR> d-------- C:\Users\Darrell\AppData\Roaming\StumbleUpon
2008-05-26 09:01 . 2008-05-26 09:01 <DIR> d-------- C:\Program Files\StumbleUpon
2008-05-26 08:56 . 2008-05-26 08:57 <DIR> d-------- C:\Program Files\Java
2008-05-26 08:55 . 2008-05-26 08:55 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-26 01:19 . 2008-05-26 01:19 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2008-05-26 01:17 . 2008-05-26 01:17 <DIR> d-------- C:\Program Files\Veoh Networks
2008-05-26 01:16 . 2008-05-26 01:16 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-26 00:56 . 2008-05-26 10:18 249,856 --------- C:\Windows\Setup1.exe
2008-05-26 00:56 . 2008-05-26 10:18 73,216 --a------ C:\Windows\ST6UNST.EXE
2008-05-26 00:42 . 2008-05-26 00:42 <DIR> d-------- C:\Users\All Users\CCP
2008-05-26 00:42 . 2008-05-26 00:42 <DIR> d-------- C:\ProgramData\CCP
2008-05-26 00:42 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-05-23 09:10 . 2008-05-23 00:36 <DIR> d-------- C:\Windows\Panther
2008-05-23 08:46 . 2008-05-27 01:36 <DIR> d-------- C:\Windows.old
2008-05-23 08:12 . 2008-05-23 08:12 <DIR> d-------- C:\Windows\PCHEALTH
2008-05-23 08:12 . 2008-05-27 22:25 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-23 07:34 . 2008-05-23 07:34 <DIR> d-------- C:\Users\Darrell\AppData\Roaming\Yahoo!
2008-05-23 02:39 . 2008-05-23 07:23 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-05-23 02:39 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll
2008-05-23 02:39 . 2008-05-23 07:23 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-05-23 02:39 . 2006-11-02 01:46 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-05-23 02:39 . 2008-05-23 07:23 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-05-23 02:36 . 2008-05-23 02:36 988,216 --a------ C:\Windows\System32\winload.exe
2008-05-23 02:36 . 2008-05-23 02:36 927,288 --a------ C:\Windows\System32\winresume.exe
2008-05-23 02:36 . 2008-05-23 02:36 615,992 --a------ C:\Windows\System32\ci.dll
2008-05-23 02:36 . 2008-05-23 02:36 378,368 --a------ C:\Windows\System32\srcore.dll
2008-05-23 02:36 . 2008-05-23 02:36 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-05-23 02:36 . 2008-05-23 02:36 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-05-23 02:36 . 2008-05-23 02:36 40,960 --a------ C:\Windows\System32\srclient.dll
2008-05-23 02:36 . 2008-05-23 02:36 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-05-23 02:36 . 2008-05-23 02:36 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-05-23 02:36 . 2008-05-23 02:36 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-23 02:34 . 2008-05-28 22:45 <DIR> d--hs---- C:\Windows\Installer
2008-05-23 02:34 . 2008-05-27 01:52 <DIR> d-------- C:\Users\All Users\Symantec
2008-05-23 02:34 . 2008-05-27 01:52 <DIR> d-------- C:\ProgramData\Symantec
2008-05-23 02:34 . 2008-05-27 01:52 <DIR> d-------- C:\Program Files\Symantec
2008-05-23 02:34 . 2008-05-23 07:27 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-23 02:34 . 2008-05-23 02:34 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-05-23 02:33 . 2008-05-23 07:14 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-05-23 02:33 . 2008-05-23 07:14 <DIR> d-------- C:\ProgramData\Yahoo!
2008-05-23 02:29 . 2008-05-23 02:33 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-23 02:21 . 2008-05-23 02:21 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-05-23 02:21 . 2008-05-23 02:21 <DIR> d-------- C:\ProgramData\NVIDIA
2008-05-23 02:17 . 2008-05-23 02:17 209,775,274 --a------ C:\Windows\MEMORY.DMP
2008-05-23 02:02 . 2008-05-23 02:02 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-05-23 01:51 . 2008-05-23 01:51 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-05-23 01:40 . 2008-05-23 01:40 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-05-23 01:40 . 2008-05-23 01:40 826,880 --a------ C:\Windows\System32\wininet.dll
2008-05-23 01:32 . 2008-05-23 01:32 <DIR> d-------- C:\Windows\nvidia icons
2008-05-23 01:31 . 2008-05-02 22:46 768,544 --a------ C:\Windows\System32\nvcplui.exe
2008-05-23 01:31 . 2008-05-02 22:46 420,384 --a------ C:\Windows\System32\nvcpl.cpl
2008-05-23 01:31 . 2008-05-02 22:46 313,888 --a------ C:\Windows\System32\nvexpbar.dll
2008-05-23 01:28 . 2008-05-23 01:28 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-23 01:28 . 2008-04-30 17:27 442,368 --a------ C:\Windows\System32\NVUNINST.EXE
2008-05-23 01:22 . 2008-05-23 01:22 <DIR> d-------- C:\Windows\System32\Macromed
2008-05-23 01:21 . 2008-05-23 01:21 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-05-23 01:15 . 2008-05-23 01:15 92 --a------ C:\Windows\Lexstat.ini
2008-05-23 01:08 . 2008-05-23 01:18 <DIR> d-------- C:\Program Files\Lexmark 2200 Series

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 21:20 174 --sha-w C:\Program Files\desktop.ini
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Journal
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Defender
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Calendar
2008-05-26 08:48 --------- d-----w C:\Program Files\MSBuild
2008-05-02 21:46 7,460,320 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2008-04-15 01:05 118,784 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
2008-05-29 08:40 92160 --a------ C:\Windows\system32\qpcxnobu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD714BC-D36C-487B-8142-8BA020FB6535}]
C:\Windows\system32\bYoMCuRI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46 92704]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]
"MSServer"="C:\Windows\system32\bYoMCuRI.dll" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"= C:\Windows\system32\bYoMCuRI.dll [ ]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\509598a4]
C:\Windows\system32\eqrlusfx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM53a6ab38]
C:\Windows\system32\xfjwaxao.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\bYoMCuRI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-03-09 16:28 598016 C:\Windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-27 01:43 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-05-15 16:11 3644464 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-18 23:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-10-26 15:42 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5E1D1A10-19E9-4FFB-BA7C-13915A912FD4}"= UDP:C:\Windows\System32\lxbvcoms.exe:Lexmark Communications System
"{1E9A4DF2-FD24-4F6A-94E1-C05360990646}"= TCP:C:\Windows\System32\lxbvcoms.exe:Lexmark Communications System
"{C93F7871-F726-4F5E-B1AB-9E733A271E25}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbvpswx.exe:Printer Status Window
"{2739C7D7-55FC-435F-9280-AF9316365F7C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbvpswx.exe:Printer Status Window
"{BD0C896B-5FF9-4F5C-A0EC-C1399E81534C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{B981C4D2-6EC9-40E1-81E7-198137E0C6FF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{098AF498-243F-4F57-A091-0DAEC9151312}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1F814303-8575-4DC6-9236-74A2D4758763}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0BA523C6-C6AA-425E-922D-97673970793E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CAE0B778-4458-43C4-AEC0-ADC5C546E254}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F0C8A18-E226-44C5-B313-BA4914224178}"= UDP:3703:Adobe Version Cue CS3 Server
"{4FD8DF8B-E256-4227-9060-46134795362C}"= UDP:3704:Adobe Version Cue CS3 Server
"{0CF7C1EF-3882-4E61-99C1-03A5BCDE5EED}"= UDP:50900:Adobe Version Cue CS3 Server
"{23B6E0E6-DD46-41A1-8AFD-22083D4D36C7}"= UDP:50901:Adobe Version Cue CS3 Server
"{6E8ABFA6-0ED0-44D3-B571-458DC0CA2409}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{81C44303-E4F1-4C3A-BB92-4768224207D1}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{062EE761-22DF-413F-8892-CEE6842D19CC}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080528.001\IDSvix86.sys [2008-05-13 00:27]
R2 lxbv_device;lxbv_device;C:\Windows\system32\lxbvcoms.exe [2007-04-25 13:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-09-28 13:37]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 23:32]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-27 23:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ipripsvc REG_MULTI_SZ iprip

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\SETUP.EXE
\shell\configure\command - J:\SETUP.EXE
\shell\install\command - J:\SETUP.EXE

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 19:00:33 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Darrell.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-28 22:38:24 C:\Windows\Tasks\User_Feed_Synchronization-{2DFB7FA5-F9B8-4B7A-845D-E71F24B802C6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 10:08:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\CISVC.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\TCPSVCS.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-05-29 10:16:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-29 09:16:38

Pre-Run: 90,161,430,528 bytes free
Post-Run: 90,421,112,832 bytes free

331 --- E O F --- 2008-05-23 06:18:50

Cyberman
2008-05-29, 12:39
I have to add that when I try to run Microsoft Update I get an error ,and all sorts starts to go wrong when i try to run this.

Blade81
2008-05-30, 10:30
Hi

Looks like you missed Do NOT run 'fixes' before helpers have analyzed HJT/KAV scans (http://forums.spybot.info/showthread.php?t=16806) (ran ComboFix though it shouldn't be used without supervision) sticky. ;)


Open notepad and copy/paste the text in the quotebox below into it:



File::
C:\Windows\System32\qpcxnobu.dll
C:\Windows\System32\obfxrdtv.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD714BC-D36C-487B-8142-8BA020FB6535}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\509598a4]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM53a6ab38]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]



Save this as
CFScript


http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner). You will be prompted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings and select the following:
Scan using the following Anti-Virus database:
Extended (If available, otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK.
Under
select a target to scan
, select My Computer.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.Once the scan is complete:
Click on the Save as Text button.
Save the file to your desktop.
Copy and paste that information into your next post if the AV content will fit into one post only. Post a fresh hjt log (without forgetting above meantioned ComboFix resultant log) too.
If the results of the anti virus scan itself will take more than one post to contain, you may upload it to http://rapidshare.com


Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

Blade81
2008-06-05, 11:43
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.