Results 1 to 5 of 5

Thread: Virtumonde Victim

  1. 2009-03-08, 18:55 #1
    Chasdal
    Chasdal is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    2

    Default Virtumonde Victim

    somehow got a virtumonde infection. believe i have followed all the instructions in the sticky properly. here is the HJT log


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:49:38 PM, on 3/8/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft LifeChat\LifeChat.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\runonce.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [A00F2F5DADD.exe] C:\DOCUME~1\Chas\LOCALS~1\Temp\_A00F2F5DADD.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2532] command.com /c del "C:\WINDOWS\system32\__c007A624.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5401] cmd.exe /c del "C:\WINDOWS\system32\__c007A624.dat_old"
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1217137050546
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1217102527176
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: __c007A624 - C:\WINDOWS\system32\__c007A624.dat (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 10699 bytes
  2. 2009-03-09, 15:48 #2
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,


    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2009-03-10, 01:05 #3
    Chasdal
    Chasdal is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    2

    Default

    DDS (Ver_09-02-01.01) - NTFSx86
    Run by Chas at 19:03:48.96 on Mon 03/09/2009
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2844 [GMT -5:00]

    AV: Norton AntiVirus *On-access scanning enabled* (Outdated)
    FW: Norton AntiVirus *enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft LifeChat\LifeChat.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Documents and Settings\Chas\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    uStart Page = hxxp://www.yahoo.com/
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [A00F2F5DADD.exe] c:\docume~1\chas\locals~1\temp\_A00F2F5DADD.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [SkyTel] SkyTel.EXE
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [<NO NAME>]
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
    StartupFolder: c:\docume~1\chas\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217137050546
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217102527176
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ============= SERVICES / DRIVERS ===============

    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
    R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-2 99376]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090222.018\NAVENG.SYS [2009-2-22 89104]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090222.018\NAVEX15.SYS [2009-2-22 876144]
    R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-7-27 1245064]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]

    =============== Created Last 30 ================

    2009-03-08 12:41 <DIR> --d----- c:\program files\Trend Micro
    2009-03-08 11:28 97 a------- c:\windows\wininit.ini
    2009-03-08 11:12 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2009-03-08 11:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2009-02-28 14:59 438,272 a------- c:\windows\system32\vp6vfw.dll
    2009-02-28 14:59 327,680 a------- c:\windows\system32\vp6dec.ax
    2009-02-28 14:59 118,832 a------- c:\windows\system32\SHW32.DLL
    2009-02-28 14:40 <DIR> --d----- c:\program files\EA SPORTS
    2009-02-19 12:03 579,464 a------- c:\windows\system32\SymNeti.dll
    2009-02-19 12:03 207,240 a------- c:\windows\system32\SymRedir.dll
    2009-02-19 11:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
    2009-02-19 11:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
    2009-02-19 11:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
    2009-02-19 11:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
    2009-02-19 11:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
    2009-02-19 11:31 38,576 a------- c:\windows\system32\drivers\symids.sys
    2009-02-19 11:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
    2009-02-19 11:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
    2009-02-19 11:31 13,616 a------- c:\windows\system32\drivers\symdns.sys

    ==================== Find3M ====================

    2009-03-08 11:30 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-03-08 11:30 60,808 a------- c:\windows\system32\S32EVNT1.DLL
    2009-03-08 11:30 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-03-08 11:30 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
    2009-02-19 11:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
    2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
    2008-12-16 01:38 2,710 a------- c:\windows\system32\TDSSqqcn.dll
    2008-12-12 19:13 410,984 a------- c:\windows\system32\deploytk.dll
    2008-07-27 02:42 1,570,816 a------- c:\docume~1\chas\applic~1\tsdnwin.dll
    1997-07-21 19:30 1,045,776 a--sh--- c:\windows\system32\Msjet35.dll
    1997-06-23 03:00 123,664 a--sh--- c:\windows\system32\Msjint35.dll
    1997-06-23 12:06 24,848 a--sh--- c:\windows\system32\Msjter35.dll
    1997-06-23 12:06 252,176 a--sh--- c:\windows\system32\Msrd2x35.dll
    1997-06-23 12:06 287,504 a--sh--- c:\windows\system32\Msxbse35.dll

    ============= FINISH: 19:04:14.53 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-02-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/26/2008 11:43:02 PM
    System Uptime: 3/9/2009 5:08:30 PM (2 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | P35-S3G
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 699 GiB total, 634.751 GiB free.
    D: is FIXED (NTFS) - 279 GiB total, 196.579 GiB free.
    E: is CDROM (UDF)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP76: 12/9/2008 6:58:58 PM - Software Distribution Service 3.0
    RP77: 12/10/2008 8:35:31 PM - Software Distribution Service 3.0
    RP78: 12/12/2008 6:13:37 PM - Installed Java(TM) 6 Update 11
    RP79: 12/13/2008 6:54:03 PM - System Checkpoint
    RP80: 12/16/2008 2:18:34 AM - System Checkpoint
    RP81: 12/18/2008 12:20:16 AM - Software Distribution Service 3.0
    RP82: 12/19/2008 8:42:23 PM - System Checkpoint
    RP83: 12/21/2008 4:27:26 PM - System Checkpoint
    RP84: 12/22/2008 7:50:29 PM - System Checkpoint
    RP85: 12/23/2008 7:50:51 PM - System Checkpoint
    RP86: 12/25/2008 12:53:41 AM - System Checkpoint
    RP87: 12/26/2008 11:54:20 AM - System Checkpoint
    RP88: 12/28/2008 5:34:50 PM - System Checkpoint
    RP89: 12/30/2008 8:50:41 PM - System Checkpoint
    RP90: 1/1/2009 9:55:39 AM - System Checkpoint
    RP91: 1/2/2009 11:16:29 AM - System Checkpoint
    RP92: 1/3/2009 4:04:15 PM - System Checkpoint
    RP93: 1/4/2009 4:23:29 PM - System Checkpoint
    RP94: 1/10/2009 6:53:18 PM - System Checkpoint
    RP95: 1/14/2009 11:52:52 PM - Software Distribution Service 3.0
    RP96: 1/16/2009 3:51:25 PM - System Checkpoint
    RP97: 1/17/2009 6:57:53 PM - System Checkpoint
    RP98: 1/18/2009 10:16:44 PM - System Checkpoint
    RP99: 1/20/2009 6:29:51 PM - System Checkpoint
    RP100: 1/22/2009 8:33:44 PM - System Checkpoint
    RP101: 1/22/2009 9:20:06 PM - Software Distribution Service 3.0
    RP102: 1/24/2009 3:25:38 AM - System Checkpoint
    RP103: 1/25/2009 3:30:50 AM - System Checkpoint
    RP104: 1/26/2009 6:36:13 PM - System Checkpoint
    RP105: 1/28/2009 12:43:15 AM - System Checkpoint
    RP106: 1/29/2009 7:21:41 PM - System Checkpoint
    RP107: 1/30/2009 7:49:38 PM - System Checkpoint
    RP108: 2/1/2009 1:13:23 AM - System Checkpoint
    RP109: 2/2/2009 6:45:15 PM - System Checkpoint
    RP110: 2/4/2009 7:04:42 PM - System Checkpoint
    RP111: 2/5/2009 8:02:23 PM -
    RP112: 2/5/2009 8:02:43 PM - Shockwave Player
    RP113: 2/5/2009 8:03:02 PM - Shockwave Player
    RP114: 2/6/2009 10:33:08 PM - System Checkpoint
    RP115: 2/8/2009 12:00:35 AM - System Checkpoint
    RP116: 2/9/2009 12:13:55 AM - System Checkpoint
    RP117: 2/10/2009 7:19:50 PM - System Checkpoint
    RP118: 2/10/2009 9:22:07 PM - Software Distribution Service 3.0
    RP119: 2/11/2009 9:55:02 PM - System Checkpoint
    RP120: 2/12/2009 10:27:23 PM - System Checkpoint
    RP121: 2/13/2009 10:59:32 PM - System Checkpoint
    RP122: 2/15/2009 1:16:25 AM - System Checkpoint
    RP123: 2/16/2009 7:39:49 PM - System Checkpoint
    RP124: 2/17/2009 9:20:45 PM - System Checkpoint
    RP125: 2/19/2009 6:59:38 PM - System Checkpoint
    RP126: 2/21/2009 2:16:44 AM - System Checkpoint
    RP127: 2/22/2009 12:15:00 PM - System Checkpoint
    RP128: 2/23/2009 6:39:48 PM - System Checkpoint
    RP129: 2/24/2009 11:57:04 PM - Software Distribution Service 3.0
    RP130: 2/25/2009 6:25:29 PM - Software Distribution Service 3.0
    RP131: 2/26/2009 7:59:44 PM - System Checkpoint
    RP132: 2/27/2009 8:50:02 PM - System Checkpoint
    RP133: 2/28/2009 1:39:28 PM - Installed DirectX
    RP134: 2/28/2009 1:59:36 PM - Installed Tiger Woods PGA TOUR 08
    RP135: 3/1/2009 2:02:02 PM - System Checkpoint
    RP136: 3/2/2009 7:53:33 PM - System Checkpoint
    RP137: 3/3/2009 8:34:41 PM - System Checkpoint
    RP138: 3/4/2009 9:17:39 PM - System Checkpoint
    RP139: 3/5/2009 7:08:17 PM - Installed Microsoft Streets & Trips 2008 Construction Download
    RP140: 3/6/2009 9:31:54 PM - System Checkpoint
    RP141: 3/7/2009 9:49:37 PM - System Checkpoint
    RP142: 3/9/2009 5:24:28 PM - System Checkpoint

    ==== Installed Programs ======================

    1701 A.D.
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    5600
    5600_Help
    5600Trb
    Adobe Acrobat 6.0 Professional
    Adobe Flash Player 10 ActiveX
    Adobe Shockwave Player
    Adobe SVG Viewer 3.0
    AiO_Scan
    AiOSoftware
    AppCore
    Applian FLV Player
    AutoCAD Express Tools Volumes 1-9
    Autodesk Express Viewer
    Autodesk Map 2004
    Autodesk Raster Design 2004
    BufferChm
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    ccCommon
    Component Framework
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    CueTour
    CustomerResearchQFolder
    DeLorme Street Atlas USA 2009 Plus
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    Diskeeper Professional Edition
    DocProc
    DocumentViewer
    DocumentViewerQFolder
    Download Manager 2.3.6
    EA SPORTS online 2008
    ERUNT 1.1j
    eSupportQFolder
    EVGA Display Driver
    Fax
    FullDPAppQFolder
    FW LiveUpdate
    Google Earth
    Google Updater
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    HP Document Viewer 5.3
    HP Extended Capabilities 5.3
    HP Image Zone 5.3
    HP Imaging Device Functions 5.3
    HP PSC & OfficeJet 5.3.B
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.3
    HPProductAssistant
    InstantShareDevices
    Java(TM) 6 Update 11
    Java(TM) 6 Update 7
    League Manager 2007
    LightScribe 1.4.97.1
    LiveUpdate (Symantec Corporation)
    MarketResearch
    MetaFrame Presentation Server Web Client for Win32
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft English TTS Engine
    Microsoft IntelliPoint 6.01
    Microsoft IntelliType Pro 6.01
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft LifeChat
    Microsoft MSN MoneyCentral Stock Quotes Add-In for Excel
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Streets & Trips 2008
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Move Networks Media Player for Internet Explorer
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Namo FreeMotion 2006
    Namo WebCanvas 2006
    Namo WebEditor 2006
    Namo WebUtilities 2006
    Nero Suite
    NewCopy
    Norton AntiVirus
    Norton AntiVirus (Symantec Corporation)
    Norton AntiVirus Help
    Norton Protection Center
    NVIDIA Drivers
    PanoStandAlone
    PhotoGallery
    ProductContext
    Quicken 2006
    RandMap
    Random Generator for Excel 1.2
    Readme
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Rhapsody
    Rhapsody Player Engine
    SAPI Wrapper
    Scan
    ScannerCopy
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB958439)
    Security Update for Microsoft Office Excel 2007 (KB958437)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB956828)
    Security Update for Microsoft Office Word 2007 (KB956358)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB960715)
    ShotOnline International
    SkinsHP1
    SolutionCenter
    Sonic_PrimoSDK
    SPBBC 32bit
    Spybot - Search & Destroy
    Status
    Symantec Real Time Storage Protection Component
    SymNet
    The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
    Tiger Woods PGA TOUR 08
    TrayApp
    TTS Wrapper
    Unload
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Office 2007 (KB946691)
    Update for Outlook 2007 Junk Email Filter (kb959634)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Ventrilo Client
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    3/7/2009 9:46:20 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The

    system cannot find the file specified.

    ==== End Of File ===========================
  4. 2009-03-10, 08:42 #4
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds.txt log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  5. 2009-03-17, 18:49 #5
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules