Jump to content

Unable to get rid of malware,


Recommended Posts

Unable to get rid of malware. Am using the latest free version This has been going on since Jan. I have ran a full virus scan with McAfee and these are the log files from MB and HJ this.. Please help. Thank you, pat

Malwarebytes' Anti-Malware 1.37

Database version: 2190

Windows 5.1.2600 Service Pack 3

5/28/2009 6:46:48 PM

mbam-log-2009-05-28 (18-46-33).txt two

Scan type: Quick Scan

Objects scanned: 88446

Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 59

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\explore.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\services.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\comploader.dll (Adware.BHO) -> No action taken.

C:\WINDOWS\SYSTEM32\socul.dll (Adware.BHO) -> No action taken.

C:\WINDOWS\SYSTEM32\sodahk.dll (Adware.BHO) -> No action taken.

C:\WINDOWS\SYSTEM32\unsocul.exe (Adware.BHO) -> No action taken.

C:\WINDOWS\SYSTEM32\rundll.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\winhost.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\server.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\winupd.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\sksdrvr2.sys (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\svhost.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\winsys.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\csrss.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\SYSTEM32\msupdate.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\SYSTEM32\win32.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\SYSTEM32\msmsgs.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\SYSTEM32\skybot.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.

C:\csrss.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\svchost32.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\0.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\windll.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\smss.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\SYSTEM32\iexplorer.exe (Trojan.Downloader) -> No action taken.

C:\winstall.exe (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\SYSTEM32\klo5.sys (Stolen.Data) -> No action taken.

C:\WINDOWS\SYSTEM32\draw32.dll (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\c3.dll (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\cm.dll (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\sdmapi.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\boot32.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\vdnt32.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\memlow.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\c3.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\c4.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\hm.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\wd.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\winxp.exe (Backdoor.Poison) -> No action taken.

C:\WINDOWS\SYSTEM32\servises.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\msnmsgrs.exe (Trojan.Banker) -> No action taken.

C:\hellmsn.exe (Worm.Mytob) -> No action taken.

C:\WINDOWS\SYSTEM32\taskgmr32.exe (Worm.Mytob) -> No action taken.

C:\WINDOWS\SYSTEM32\svshost.exe (Adware.EasySearch) -> No action taken.

C:\WINDOWS\SYSTEM32\censored.exe (Backdoor.Hupigon) -> No action taken.

C:\WINDOWS\SYSTEM32\mswins.exe (Backdoor.Sdbot) -> No action taken.

C:\WINDOWS\skynetave.exe (Worm.Sasser) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:40:01 PM, on 5/28/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\CapsUnlock\CapsUnlock.exe

C:\PROGRA~1\Webshots\webshots.scr

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Outlook Express\MSIMN.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 11112 bytes

Link to post
Share on other sites

  • Root Admin

The logs show that you did not tell MBAM to fix it. You need to tell MBAM to fix the problem.

Please follow the directions below and make sure you MBAM fix it.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Link to post
Share on other sites

The logs show that you did not tell MBAM to fix it. You need to tell MBAM to fix the problem.

Please follow the directions below and make sure you MBAM fix it.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)

  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.

    • Update Malwarebytes' Anti-Malware

    • Select the Update tab

    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:

    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log. Thanks for your patience

Sorry about sending the wrong copy.. These were just done this a.m.

Malwarebytes' Anti-Malware 1.37

Database version: 2190

Windows 5.1.2600 Service Pack 3

5/30/2009 8:02:35 AM

mbam-log-2009-05-30 (08-02-35).txt

Scan type: Quick Scan

Objects scanned: 90318

Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 59

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\explore.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\services.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\comploader.dll (Adware.BHO) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\socul.dll (Adware.BHO) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\sodahk.dll (Adware.BHO) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\unsocul.exe (Adware.BHO) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\rundll.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\winhost.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\server.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\winupd.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\sksdrvr2.sys (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\svhost.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\winsys.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\csrss.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\msupdate.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\win32.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\msmsgs.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\skybot.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Delete on reboot.

C:\csrss.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\svchost32.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\0.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\windll.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\smss.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\iexplorer.exe (Trojan.Downloader) -> Delete on reboot.

C:\winstall.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\klo5.sys (Stolen.Data) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\draw32.dll (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\c3.dll (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\cm.dll (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\sdmapi.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\boot32.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\vdnt32.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\memlow.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\c3.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\c4.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\hm.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\wd.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\winxp.exe (Backdoor.Poison) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\servises.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\msnmsgrs.exe (Trojan.Banker) -> Delete on reboot.

C:\hellmsn.exe (Worm.Mytob) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\taskgmr32.exe (Worm.Mytob) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\svshost.exe (Adware.EasySearch) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\censored.exe (Backdoor.Hupigon) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\mswins.exe (Backdoor.Sdbot) -> Delete on reboot.

C:\WINDOWS\skynetave.exe (Worm.Sasser) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:10:31 AM, on 5/30/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\CapsUnlock\CapsUnlock.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

C:\PROGRA~1\Webshots\webshots.scr

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

Link to post
Share on other sites

  • Root Admin

Please REBOOT as requested. Run MBAM again and check for updates again, then do another QUICK SCAN and post back the NEW log.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

Please REBOOT as requested. Run MBAM again and check for updates again, then do another QUICK SCAN and post back the NEW log.
Download
DDS
and save it to your desktop

http://download.bleepingcomputer.com/sUBs/dds.scr' rel="external nofollow">
Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click
dds.scr
to run the tool.
When done, the
DDS.txt
will open.
Click Yes at the next prompt for Optional Scan.
  • When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

I downloaded updates and ran scan, deleted all files and a restart with another scan..Also a copy of the DDS.txt and the Attach.txt is enclosed. Thank you for you help and patience

Link to post
Share on other sites

Looks like one my Duh days..

Malwarebytes' Anti-Malware 1.37

Database version: 2203

Windows 5.1.2600 Service Pack 3

5/31/2009 2:27:08 PM

mbam-log-2009-05-31 (14-26-39).txt may 31

Scan type: Quick Scan

Objects scanned: 90631

Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 59

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\explore.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\services.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\comploader.dll (Adware.BHO) -> No action taken.

C:\WINDOWS\SYSTEM32\socul.dll (Adware.BHO) -> No action taken.

C:\WINDOWS\SYSTEM32\sodahk.dll (Adware.BHO) -> No action taken.

C:\WINDOWS\SYSTEM32\unsocul.exe (Adware.BHO) -> No action taken.

C:\WINDOWS\SYSTEM32\rundll.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\winhost.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\server.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\winupd.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\sksdrvr2.sys (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\svhost.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\winsys.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\csrss.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\SYSTEM32\msupdate.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\SYSTEM32\win32.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\SYSTEM32\msmsgs.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\SYSTEM32\skybot.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.

C:\csrss.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\svchost32.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\0.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\SYSTEM32\windll.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\smss.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\SYSTEM32\iexplorer.exe (Trojan.Downloader) -> No action taken.

C:\winstall.exe (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\SYSTEM32\klo5.sys (Stolen.Data) -> No action taken.

C:\WINDOWS\SYSTEM32\draw32.dll (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\c3.dll (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\cm.dll (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\sdmapi.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\boot32.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\vdnt32.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\memlow.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\c3.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\c4.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\hm.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\wd.sys (Rootkit.Haxdor) -> No action taken.

C:\WINDOWS\SYSTEM32\winxp.exe (Backdoor.Poison) -> No action taken.

C:\WINDOWS\SYSTEM32\servises.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\msnmsgrs.exe (Trojan.Banker) -> No action taken.

C:\hellmsn.exe (Worm.Mytob) -> No action taken.

C:\WINDOWS\SYSTEM32\taskgmr32.exe (Worm.Mytob) -> No action taken.

C:\WINDOWS\SYSTEM32\svshost.exe (Adware.EasySearch) -> No action taken.

C:\WINDOWS\SYSTEM32\censored.exe (Backdoor.Hupigon) -> No action taken.

C:\WINDOWS\SYSTEM32\mswins.exe (Backdoor.Sdbot) -> No action taken.

C:\WINDOWS\skynetave.exe (Worm.Sasser) -> No action taken.

Malwarebytes' Anti-Malware 1.37

Database version: 2203

Windows 5.1.2600 Service Pack 3

5/31/2009 2:58:47 PM

mbam-log-2009-05-31 (14-58-47).txt

Scan type: Quick Scan

Objects scanned: 90632

Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 59

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\explore.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\services.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\comploader.dll (Adware.BHO) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\socul.dll (Adware.BHO) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\sodahk.dll (Adware.BHO) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\unsocul.exe (Adware.BHO) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\rundll.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\winhost.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\server.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\winupd.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\sksdrvr2.sys (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\svhost.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\winsys.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\csrss.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\msupdate.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\win32.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\msmsgs.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\skybot.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Delete on reboot.

C:\csrss.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\svchost32.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\0.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\windll.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\smss.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\iexplorer.exe (Trojan.Downloader) -> Delete on reboot.

C:\winstall.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\klo5.sys (Stolen.Data) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\draw32.dll (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\c3.dll (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\cm.dll (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\sdmapi.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\boot32.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\vdnt32.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\memlow.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\c3.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\c4.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\hm.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\wd.sys (Rootkit.Haxdor) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\winxp.exe (Backdoor.Poison) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\servises.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\msnmsgrs.exe (Trojan.Banker) -> Delete on reboot.

C:\hellmsn.exe (Worm.Mytob) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\taskgmr32.exe (Worm.Mytob) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\svshost.exe (Adware.EasySearch) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\censored.exe (Backdoor.Hupigon) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\mswins.exe (Backdoor.Sdbot) -> Delete on reboot.

C:\WINDOWS\skynetave.exe (Worm.Sasser) -> Delete on reboot.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 1/28/2005 10:31:54 PM

System Uptime: 5/31/2009 3:02:42 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0F8403

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 34 GiB total, 19.043 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP116: 4/29/2009 5:55:01 PM - System Checkpoint

RP117: 4/30/2009 6:13:51 PM - System Checkpoint

RP118: 5/1/2009 6:24:51 PM - System Checkpoint

RP119: 5/2/2009 9:08:03 PM - System Checkpoint

RP120: 5/4/2009 9:49:01 AM - System Checkpoint

RP121: 5/5/2009 2:08:36 PM - System Checkpoint

RP122: 5/6/2009 2:56:37 PM - System Checkpoint

RP123: 5/7/2009 3:59:17 PM - System Checkpoint

RP124: 5/8/2009 4:23:46 PM - System Checkpoint

RP125: 5/9/2009 5:00:01 PM - System Checkpoint

RP126: 5/11/2009 6:31:25 AM - Installed Do not compress old files for Disk Cleanup Tool

RP127: 5/11/2009 8:51:20 AM - Installed MediaImpression

RP128: 5/11/2009 8:54:00 AM - Installed Connect Service

RP129: 5/11/2009 9:48:13 AM - Installed MediaImpression

RP130: 5/12/2009 10:09:40 AM - System Checkpoint

RP131: 5/13/2009 8:53:20 AM - Software Distribution Service 3.0

RP132: 5/13/2009 10:26:36 AM - Installed Windows Media Player 11

RP133: 5/13/2009 10:30:08 AM - Installed Windows XP MSCompPackV1.

RP134: 5/13/2009 4:40:40 PM - Removed MediaImpression

RP135: 5/14/2009 5:59:04 PM - System Checkpoint

RP136: 5/15/2009 7:07:21 PM - System Checkpoint

RP137: 5/16/2009 7:34:18 PM - System Checkpoint

RP138: 5/17/2009 7:36:57 PM - System Checkpoint

RP139: 5/19/2009 10:04:53 AM - System Checkpoint

RP140: 5/20/2009 10:18:08 AM - System Checkpoint

RP141: 5/21/2009 11:44:41 AM - System Checkpoint

RP142: 5/22/2009 12:11:04 PM - System Checkpoint

RP143: 5/23/2009 1:00:28 PM - System Checkpoint

RP144: 5/24/2009 1:12:10 PM - System Checkpoint

RP145: 5/25/2009 2:23:00 PM - System Checkpoint

RP146: 5/26/2009 2:33:52 PM - System Checkpoint

RP147: 5/27/2009 2:43:43 PM - System Checkpoint

RP148: 5/27/2009 9:24:58 PM - Software Distribution Service 3.0

RP149: 5/28/2009 7:25:46 AM - Installed Windows Internet Explorer 8.

RP150: 5/28/2009 7:27:17 AM - Software Distribution Service 3.0

RP151: 5/29/2009 8:26:39 AM - System Checkpoint

RP152: 5/30/2009 8:35:19 AM - System Checkpoint

RP153: 5/31/2009 1:54:28 PM - System Checkpoint

==== Installed Programs ======================

2004 Mahjongg Lite

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.4

Adobe Shockwave Player 11.5

Advanced Audio FX Engine

Advanced Video FX Engine

Advanced WindowsCare

AiO_Scan_CDA

AiOSoftwareNPI

AnalogX SuperShredder

Anark Client 4

Apple Mobile Device Support

Apple Software Update

ARP++

Banctec Service Agreement

BufferChm

C3100

c3100_Help

Camera Support Core Library

Canon Camera Support Core Library

CCleaner (remove only)

Creative Software AutoUpdate

CustomerResearchQFolder

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Media Experience

Dell Support 5.0.0 (630)

Dell System Restore

Destinations

DeviceManagementQFolder

Digital Line Detect

DirectX for Managed Code Update (December 2004)

DocProc

DocProcQFolder

DriverAgent by TouchStone Software

eSupportQFolder

Fax_CDA

Get High Speed Internet!

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB954550-v5)

HP Photosmart Essential

HP Update

HPPhotoSmartExpress

HPProductAssistant

ieSpell

Inpaint

InstantShareDevicesMFC

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet for Wired Connections

Internet Explorer Default Page

Java 6 Update 12

Java 6 Update 5

Java 6 Update 6

Java 6 Update 7

Jing

KeyScrambler

Learn2 Player (Uninstall Only)

MAGIX FunPix Maker 1.0.0.0 (US)

Malwarebytes' Anti-Malware

MarketResearch

McAfee SecurityCenter

MFC RunTime files

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Managed DirectX (1126)

Microsoft Plus! Digital Media Edition Installer

Microsoft Visual C++ 2005 Redistributable

Modem Helper

Moraff's MomJongg 1.00

Move Networks Media Player for Internet Explorer

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

Musicmatch for Windows Media Player

Musicmatch

Link to post
Share on other sites

  • Root Admin

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

I downloaded "ComboFix" to the desktop and read all of the directions. It then installed the Windows Recovery Console. It did run a scan but I could never locate the report... It would say "deleting folders" and then restart my computer but there was never a report anywhere. I tried a "search" last night and let it run all night...it was still searching this a.m. I tried downloading and installing ComboFix from another of the suggested sites, with the same results.. What to do??

Link to post
Share on other sites

  • Root Admin

Please let me know what's going on or if you need to run a different scanner.

If you can not find this log file then please run this AV scanner.

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.