windows advanced user patch [Archive] - Safer-Networking Forums

View Full Version : windows advanced user patch

street

2012-05-09, 10:32

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by greg at 2:18:56 on 2012-05-09
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2002.1088 [GMT -5:00]
.
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcccoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
C:\Windows\vVX3000.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\greg\AppData\Roaming\Protector-bbhp.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - c:\program files\i want this\I Want This.dll
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\mediabar\datamngr\IEBHO.dll
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - c:\progra~1\appgra~1\APPGRA~1.DLL
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: HopSurf toolbar: {e9fab13d-4600-49e1-90d1-ee961c859d39} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Inspector] c:\users\greg\appdata\roaming\Protector-bbhp.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\\SetRefresh.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DataMngr] c:\progra~1\imesha~1\mediabar\datamngr\DataMngrUI.exe
mRun: [cftmon] c:\windows\system32\xvpqa.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\users\greg\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{8A10A571-81C7-4B43-86CA-B16426A68BE4} : DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{B1D87634-7122-401C-952D-B3A45AD3AC56} : DhcpNameServer = 24.116.2.50 24.116.2.34
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll c:\windows\system32\guard32.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: ackwin32.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-4-9 19600]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 38616]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2010-5-8 75040]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [2001-8-17 37120]
R3 Linksys_adapter;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500vista.sys [2012-4-24 1073216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-30 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-30 116648]
SUnknown WPFFontCache_v0400;WPFFontCache_v0400; [x]
.
=============== Created Last 30 ================
.
2012-05-09 07:00:46 -------- d-----w- c:\programdata\Malwarebytes
2012-05-09 07:00:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-09 07:00:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-08 11:39:46 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-05-08 11:04:39 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{abd415d0-1fcb-47e8-a68b-52295565e04b}\mpengine.dll
2012-05-07 19:00:13 2279424 ----a-w- c:\users\greg\appdata\roaming\Protector-bbhp.exe
2012-05-07 16:46:19 -------- d-----w- c:\program files\Produtools_Manuals_2.1
2012-05-07 16:02:37 233888 ----a-w- c:\windows\system32\DreamScene.dll
2012-05-07 16:00:50 1496912 ----a-w- c:\program files\microsoft games\holdem\HoldEm.exe
2012-05-06 04:17:38 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-05-06 04:17:35 -------- d-----w- c:\program files\W3i, LLC
2012-05-06 04:17:27 -------- d-----w- c:\programdata\WeCareReminder
2012-05-06 04:10:55 -------- d-----w- c:\program files\MyWebSearch
2012-05-06 03:38:53 -------- d-----w- c:\program files\VideoDownloadConverter_4zEI
2012-05-06 03:28:40 149088 ----a-w- c:\users\greg\PopularScreenSavers.exe
2012-05-06 03:25:42 -------- d---a-w- c:\program files\FunWebProducts
2012-05-03 23:21:57 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-05-03 23:00:10 411368 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-03 05:49:49 -------- d-----w- c:\users\greg\appdata\local\{9F653960-4FEF-4237-8C20-2BFD614F6FF1}
2012-05-03 03:54:11 -------- d-----w- c:\program files\common files\Windows Live
2012-05-03 03:54:03 -------- d-----w- c:\users\greg\appdata\local\{5C10F6AC-02A8-4898-8FFC-8218C1086B94}
2012-05-03 03:19:44 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-05-03 03:19:43 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-05-01 21:14:22 -------- d-----w- c:\program files\AppGraffiti
2012-04-30 04:14:17 -------- d-----w- c:\programdata\814f5f
2012-04-30 00:52:51 -------- d-----w- c:\program files\Shop To Win
2012-04-30 00:52:20 -------- d-----w- c:\programdata\blekko toolbars
2012-04-30 00:52:11 -------- d-----w- c:\program files\blekkotb_soc
2012-04-30 00:51:51 -------- d-----w- c:\program files\Free Download Manager
2012-04-30 00:41:00 -------- d-----w- c:\users\greg\appdata\local\FileTypeAssistant
2012-04-30 00:31:07 -------- d-----w- c:\program files\File Type Assistant
2012-04-29 22:24:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 22:24:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-28 01:50:16 -------- d-----w- c:\users\greg\appdata\roaming\MusicOasis
2012-04-28 01:49:12 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-04-28 01:49:05 -------- d-----w- c:\users\greg\appdata\local\I Want This
2012-04-28 01:48:55 -------- d-----w- c:\program files\I Want This
2012-04-27 23:17:55 -------- d-----w- c:\users\greg\appdata\local\Deployment
2012-04-27 23:17:55 -------- d-----w- c:\users\greg\appdata\local\Apps
2012-04-27 17:22:48 231936 ----a-w- c:\windows\system32\msshsq.dll
2012-04-26 02:24:12 80896 ----a-w- c:\windows\system32\MSNP.ax
2012-04-26 02:24:08 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-26 02:24:07 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-26 00:46:56 -------- d-----w- c:\program files\Yontoo
2012-04-26 00:46:53 -------- d-----w- c:\programdata\Tarma Installer
2012-04-26 00:45:41 -------- d-----w- c:\users\greg\appdata\local\Babylon
2012-04-26 00:45:38 -------- d-----w- c:\users\greg\appdata\roaming\Babylon
2012-04-26 00:45:38 -------- d-----w- c:\programdata\Babylon
2012-04-26 00:15:59 -------- d-----w- c:\users\greg\FrostWire
2012-04-26 00:15:54 -------- d-----w- c:\users\greg\.frostwire5
2012-04-25 22:26:20 -------- d-----w- c:\users\greg\appdata\local\Google
2012-04-25 21:45:34 -------- d-----w- c:\windows\system32\MpEngineStore
2012-04-25 21:36:48 -------- d-----w- C:\9655842a29609b3be2b737ae5678f3
2012-04-25 21:26:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-25 21:26:34 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-25 21:26:34 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-04-25 21:26:34 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-25 21:26:34 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-04-25 21:22:45 409600 ----a-w- c:\windows\system32\odbc32.dll
2012-04-25 21:20:56 126464 ----a-w- c:\windows\system32\spoolsv.exe
2012-04-25 21:19:57 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-25 06:16:36 68224 ----a-r- c:\windows\system32\WanPacket.dll
2012-04-25 06:16:36 53299 ----a-r- c:\windows\system32\pthreadVC.dll
2012-04-25 06:16:36 34064 ----a-r- c:\windows\system32\drivers\npf.sys
2012-04-25 06:16:36 240248 ----a-r- c:\windows\system32\wpcap.dll
2012-04-25 00:20:05 -------- d-----w- C:\PerfLogs
2012-04-25 00:07:37 1073216 ----a-w- c:\windows\system32\drivers\AE2500vista.sys
2012-04-25 00:07:36 3874816 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-04-25 00:07:35 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-04-25 00:07:35 3563520 ----a-w- c:\windows\system32\bcmihvui.dll
2012-04-25 00:07:35 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
.
==================== Find3M ====================
.
2012-04-25 00:05:03 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-04-25 00:05:01 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-03-11 21:13:28 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13:26 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13:25 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13:18 301224 ----a-w- c:\windows\system32\guard32.dll
2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
1999-03-25 18:30:40 2336256 ----a-w- c:\program files\DATA1.MSI
1999-03-01 22:00:24 165376 ----a-w- c:\program files\MSOWC.MSI
1999-02-11 19:11:06 262415 ----a-w- c:\program files\SETUP.EXE
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: ST3160815AS rev.3.CHF -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-2
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x861F5CEC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x84eed846; SUB DWORD [EBP-0x4], 0x84eed12e; PUSH EDI; CALL 0xffffffffffffe10c; }
1 ntkrnlpa!IofCallDriver[0x8230BFEF] -> \Device\Harddisk0\DR0[0x853ECAC8]
3 CLASSPNP[0x87FCC745] -> ntkrnlpa!IofCallDriver[0x8230BFEF] -> [0x84BBEA78]
5 acpi[0x8069E6A0] -> ntkrnlpa!IofCallDriver[0x8230BFEF] -> [0x84BB8BA0]
[0x8613A4D8] -> IRP_MJ_CREATE -> 0x861F5CEC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-2 -> \??\IDE#DiskST3160815AS_____________________________3.CHF___#5&14544e82&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x861F5AEA
user & kernel MBR OK
sectors 312581806 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 2:19:59.73 ===============

here is the attach file

Blade81

2012-05-12, 16:05

Hi,

Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

street

2012-05-23, 17:15

heres the gmer log

Blade81

2012-05-23, 23:03

Hi,

Please post fresh DDS logs too.

street

2012-05-30, 16:59

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by greg at 8:34:26 on 2012-05-30
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2002.884 [GMT -5:00]
.
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcccoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Windows\vVX3000.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Inbox Toolbar\Inbox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
\\.\globalroot\systemroot\Installer\{6d8780ba-5523-1055-1958-ce7699bdd4f3}\U
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uSearch Bar = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www2.inbox.com/search/ie.aspx?tbid=80502&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80502
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
mURLSearchHooks: Produtools Manuals 2.1 Toolbar: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - c:\program files\produtools_manuals_2.1\prxtbProd.dll
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - c:\program files\i want this\I Want This.dll
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\mediabar\datamngr\IEBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - c:\progra~1\appgra~1\APPGRA~1.DLL
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~1\datamngr\BROWSE~1.DLL
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
BHO: Produtools Manuals 2.1 Toolbar: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - c:\program files\produtools_manuals_2.1\prxtbProd.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: HopSurf toolbar: {e9fab13d-4600-49e1-90d1-ee961c859d39} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
TB: Produtools Manuals 2.1 Toolbar: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - c:\program files\produtools_manuals_2.1\prxtbProd.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\\SetRefresh.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DataMngr] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [cftmon] c:\windows\system32\xvpqa.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [InboxToolbar] "c:\program files\inbox toolbar\Inbox.exe" /TRAY
StartupFolder: c:\users\greg\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-system: DisableRegedit = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{8A10A571-81C7-4B43-86CA-B16426A68BE4} : DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{B1D87634-7122-401C-952D-B3A45AD3AC56} : DhcpNameServer = 24.116.2.50 24.116.2.34
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Notify: igfxcui - igfxdev.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: ackwin32.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-4-9 19600]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 38616]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2010-5-8 75040]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [2001-8-17 37120]
R3 Linksys_adapter;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500vista.sys [2012-4-24 1073216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-30 116648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-11 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-30 116648]
SUnknown WPFFontCache_v0400;WPFFontCache_v0400; [x]
.
=============== Created Last 30 ================
.
2012-05-30 13:34:26 761 ----a-w- c:\programdata\oroiaaa.tmp
2012-05-30 07:41:56 772 ----a-w- c:\programdata\qkjraaa.tmp
2012-05-30 07:21:01 758 ----a-w- c:\programdata\jmkfbaa.tmp
2012-05-30 07:21:00 767 ----a-w- c:\programdata\ovcnaaa.tmp
2012-05-30 07:20:59 762 ----a-w- c:\programdata\kvzsaaa.tmp
2012-05-30 07:15:25 1008 ----a-w- c:\programdata\lvzsaaa.tmp
2012-05-30 07:08:36 784 ----a-w- c:\programdata\gxhraaa.tmp
2012-05-30 07:07:45 993 ----a-w- c:\programdata\cxinaaa.tmp
2012-05-30 07:07:45 990 ----a-w- c:\programdata\hxhraaa.tmp
2012-05-30 07:02:10 983 ----a-w- c:\programdata\dxinaaa.tmp
2012-05-29 05:16:31 985 ----a-w- c:\programdata\jsriaaa.tmp
2012-05-29 05:05:21 767 ----a-w- c:\programdata\llqhaaa.tmp
2012-05-29 05:05:18 1010 ----a-w- c:\programdata\klqhaaa.tmp
2012-05-29 05:05:12 991 ----a-w- c:\programdata\rgfacaa.tmp
2012-05-29 05:00:46 992 ----a-w- c:\programdata\bcdmaaa.tmp
2012-05-29 04:22:29 999 ----a-w- c:\programdata\rcdsaaa.tmp
2012-05-29 04:22:25 991 ----a-w- c:\programdata\iqgqaaa.tmp
2012-05-29 03:23:00 791 ----a-w- c:\programdata\vcgmaaa.tmp
2012-05-29 01:55:08 600 ----a-w- c:\programdata\ewctaaa.tmp
2012-05-27 11:09:39 772 ----a-w- c:\programdata\vsskaaa.tmp
2012-05-27 04:04:36 768 ----a-w- c:\programdata\cbxraaa.tmp
2012-05-27 02:02:23 789 ----a-w- c:\programdata\noyraaa.tmp
2012-05-27 01:43:19 761 ----a-w- c:\programdata\hdleaaa.tmp
2012-05-27 00:46:27 986 ----a-w- c:\programdata\boxpaaa.tmp
2012-05-26 19:44:19 -------- d-----w- c:\program files\Inbox Toolbar
2012-05-26 19:38:50 756 ----a-w- c:\programdata\eccqaaa.tmp
2012-05-26 18:42:25 766 ----a-w- c:\programdata\pfueaaa.tmp
2012-05-26 18:42:11 779 ----a-w- c:\programdata\xbasaaa.tmp
2012-05-23 21:42:23 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2012-05-23 21:37:44 -------- d-----w- c:\users\greg\appdata\local\{B2E96B74-51FD-42A7-BB1F-B9D0E35681DC}
2012-05-23 21:34:55 -------- d-----w- c:\users\greg\appdata\local\{7037BA06-7AD0-4607-85D0-2910D5526FE7}
2012-05-23 14:23:20 -------- d-----w- c:\users\greg\appdata\roaming\SpeedyPC Software
2012-05-23 14:23:20 -------- d-----w- c:\users\greg\appdata\roaming\DriverCure
2012-05-23 14:23:09 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-20 23:36:51 -------- d-----w- c:\users\greg\appdata\local\Ilivid Player
2012-05-20 23:36:40 -------- d-----w- c:\program files\iLivid
2012-05-20 23:34:49 -------- d-----w- c:\programdata\boost_interprocess
2012-05-20 23:34:48 -------- d-----w- c:\program files\Searchqu Toolbar
2012-05-20 23:33:18 -------- d-----w- c:\program files\Conduit
2012-05-20 23:33:14 -------- d-----w- c:\users\greg\appdata\local\Conduit
2012-05-15 17:21:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-15 16:39:03 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f5310fcd-83ce-4191-b183-45ca680eed51}\mpengine.dll
2012-05-11 21:55:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-11 21:55:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-10 23:02:34 -------- d-----w- c:\windows\system32\EventProviders
2012-05-09 07:00:46 -------- d-----w- c:\programdata\Malwarebytes
2012-05-08 11:39:46 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-05-07 16:46:19 -------- d-----w- c:\program files\Produtools_Manuals_2.1
2012-05-07 16:02:37 233888 ----a-w- c:\windows\system32\DreamScene.dll
2012-05-07 16:00:50 1496912 ----a-w- c:\program files\microsoft games\holdem\HoldEm.exe
2012-05-06 04:17:35 -------- d-----w- c:\program files\W3i, LLC
2012-05-06 04:17:27 -------- d-----w- c:\programdata\WeCareReminder
2012-05-06 03:38:53 -------- d-----w- c:\program files\VideoDownloadConverter_4zEI
2012-05-06 03:28:40 149088 ----a-w- c:\users\greg\PopularScreenSavers.exe
2012-05-03 23:21:57 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-05-03 23:00:10 411368 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-03 05:49:49 -------- d-----w- c:\users\greg\appdata\local\{9F653960-4FEF-4237-8C20-2BFD614F6FF1}
2012-05-03 03:54:11 -------- d-----w- c:\program files\common files\Windows Live
2012-05-03 03:54:03 -------- d-----w- c:\users\greg\appdata\local\{5C10F6AC-02A8-4898-8FFC-8218C1086B94}
2012-05-03 03:19:44 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-05-03 03:19:43 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-05-01 21:14:22 -------- d-----w- c:\program files\AppGraffiti
.
==================== Find3M ====================
.
2012-05-30 13:34:42 762 ----a-w- c:\programdata\khymaaa.tmp
2012-05-05 02:25:25 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 02:25:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-25 00:05:03 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-04-25 00:05:01 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-03-11 21:13:28 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13:26 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13:25 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13:18 301224 ----a-w- c:\windows\system32\guard32.dll
1999-03-25 18:30:40 2336256 ----a-w- c:\program files\DATA1.MSI
1999-03-01 22:00:24 165376 ----a-w- c:\program files\MSOWC.MSI
1999-02-11 19:11:06 262415 ----a-w- c:\program files\SETUP.EXE
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: ST3160815AS rev.3.CHF -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-2
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86231CEC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x84eed846; SUB DWORD [EBP-0x4], 0x84eed12e; PUSH EDI; CALL 0xffffffffffffe10c; }
1 ntkrnlpa!IofCallDriver[0x8230BFEF] -> \Device\Harddisk0\DR0[0x8528C1B0]
3 CLASSPNP[0x87FC3745] -> ntkrnlpa!IofCallDriver[0x8230BFEF] -> [0x84BBAA78]
5 acpi[0x806966A0] -> ntkrnlpa!IofCallDriver[0x8230BFEF] -> [0x84BB4BA0]
[0x8608B318] -> IRP_MJ_CREATE -> 0x86231CEC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-2 -> \??\IDE#DiskST3160815AS_____________________________3.CHF___#5&14544e82&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86231AEA
user & kernel MBR OK
sectors 312581806 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 8:36:14.73 ===============

Blade81

2012-05-30, 19:09

Hi

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

street

2012-06-01, 12:59

my internet explorer keeps cutting me off saying error code 643 and something about windows host process (Rundll32) stopped working and was closed. a problem caused the application to stop working correctly. windows will notify you if a solution is available. i dont get whats going on. it wont allow me to download combo fix. when i try downloading it it dosnt show up then i try downloading again and it makes my computer go to a blue screen and says something then restarts the computer. when the computer restarts it keeps going on like a loop it wont hit the login screen it says like hit f9 to setup. please help

Blade81

2012-06-01, 18:47

Hi,

Would it be possible to use other system to download ComboFix file to removable media and transfer it from that to the desktop of affected system?

Blade81

2012-06-20, 08:32

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.