Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

microsoft and antivirus websites not opening [Solved]


  • This topic is locked This topic is locked

#1
Sehaj M

Sehaj M

    Member

  • Member
  • PipPip
  • 11 posts
I tired to go to an antivirus site and i could not even open them. pls help me out.
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#3
Sehaj M

Sehaj M

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix 09-07-28.04 - a 07/29/2009 16:43.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.631.471 [GMT 5.5:30]
Running from: c:\documents and settings\a\Desktop\Combo-Fix.exe
AV: Total Security 10.00 *On-access scanning enabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\Installer\WMEncoder.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-29 10:27 . 2009-07-29 10:27 -------- d-----w- C:\Rooter$
2009-07-28 09:43 . 2009-07-28 09:43 -------- d-----w- c:\windows\Sun
2009-07-28 09:33 . 2009-07-28 09:33 -------- d-----w- c:\documents and settings\a\Application Data\JonDo
2009-07-28 09:13 . 2009-07-28 09:13 -------- d-----w- c:\program files\JAP
2009-07-28 04:23 . 2009-07-28 04:23 -------- d-sh--w- C:\FOUND.019
2009-07-27 07:11 . 2009-07-27 07:11 -------- d-sh--w- C:\FOUND.018
2009-07-26 10:25 . 2009-07-26 10:25 -------- d-sh--w- C:\FOUND.017
2009-07-24 05:13 . 2009-07-24 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2009-07-24 05:12 . 2009-07-24 05:12 -------- d-----w- c:\program files\PopCap Games
2009-07-22 12:51 . 2009-07-22 12:51 -------- d-----w- c:\windows\system32\Lang
2009-07-22 12:35 . 2009-07-22 12:35 -------- d-sh--w- C:\FOUND.016
2009-07-22 03:50 . 2009-07-22 03:50 -------- d-sh--w- C:\FOUND.015
2009-07-21 07:55 . 2009-07-21 07:55 -------- d-----w- c:\documents and settings\a\Local Settings\Application Data\The Weather Channel
2009-07-17 07:15 . 2009-07-17 07:15 -------- d-sh--w- C:\FOUND.014
2009-07-17 04:15 . 2009-07-17 04:15 -------- d-sh--w- C:\FOUND.013
2009-07-16 06:13 . 2009-07-16 06:13 -------- d-----w- c:\documents and settings\a\Application Data\ARGELA
2009-07-15 06:57 . 2009-07-15 06:57 -------- d--h--r- C:\MSOCache
2009-07-15 05:01 . 2009-07-15 05:01 -------- d-sh--w- C:\FOUND.012
2009-07-14 15:50 . 2009-07-14 15:50 -------- d-----w- c:\program files\Realtek AC97
2009-07-14 15:49 . 2005-05-02 19:43 69632 ----a-w- c:\windows\Alcmtr.exe
2009-07-14 15:49 . 2006-05-03 17:26 2808832 ----a-w- c:\windows\alcwzrd.exe
2009-07-14 15:49 . 2006-09-11 17:58 16264192 ----a-w- c:\windows\RTHDCPL.exe
2009-07-14 15:49 . 2006-09-11 16:12 2155008 ----a-w- c:\windows\MicCal.exe
2009-07-14 15:49 . 2006-05-15 19:04 2879488 ----a-w- c:\windows\SkyTel.exe
2009-07-14 15:49 . 2009-07-14 15:49 -------- d-----w- c:\windows\system32\RTCOM
2009-07-14 15:49 . 2006-08-31 15:35 364544 ----a-w- c:\windows\RtlUpd.exe
2009-07-14 15:49 . 2006-05-03 17:35 9709568 ----a-w- c:\windows\RTLCPL.exe
2009-07-14 15:49 . 2005-07-15 11:18 40960 ----a-w- c:\windows\system32\ChCfg.exe
2009-07-14 15:49 . 2006-09-11 20:27 4381184 ----a-w- c:\windows\system32\drivers\RtkHDAud.Sys
2009-07-14 15:47 . 2009-07-14 15:47 -------- d-----w- c:\program files\Realtek
2009-07-14 15:47 . 2006-09-11 15:34 499712 ----a-w- c:\windows\RtlExUpd.dll
2009-07-13 15:20 . 2009-07-13 15:20 -------- d-----w- C:\DriveKey
2009-07-12 05:53 . 2009-07-12 05:53 -------- d-sh--w- C:\FOUND.011
2009-07-09 04:33 . 2009-07-09 04:33 28664 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2009-07-09 04:32 . 2009-07-09 04:33 65024 ----a-w- c:\windows\system32\drivers\catflt.sys
2009-07-06 11:56 . 2005-07-22 09:30 81920 ----a-w- c:\windows\SoundMan.exe
2009-07-06 11:56 . 2004-09-07 08:53 156672 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-07-06 11:13 . 2005-07-22 09:29 10458112 ----a-w- c:\windows\system32\RTLCPL.EXE
2009-07-06 11:03 . 2009-07-06 11:03 -------- d-----w- c:\program files\Intel
2009-07-06 05:46 . 2001-12-31 18:29 312 ----a-w- c:\windows\system32\drivers\HDACfg.dat
2009-07-06 05:45 . 2004-11-18 05:12 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-04 13:04 . 2009-07-04 13:04 -------- d-sh--w- C:\FOUND.010
2009-07-04 08:47 . 2009-07-04 08:47 -------- d-sh--w- C:\FOUND.009
2009-07-04 05:36 . 2009-07-04 05:36 0 ----a-w- c:\windows\nsreg.dat
2009-07-04 05:36 . 2009-07-04 05:36 -------- d-----w- c:\documents and settings\a\Local Settings\Application Data\Mozilla
2009-07-04 01:59 . 2009-07-04 01:59 -------- d-sh--w- C:\FOUND.008
2009-07-03 16:09 . 2009-07-03 16:09 -------- d-----w- c:\documents and settings\a\Application Data\BitTorrent
2009-07-03 16:08 . 2009-07-03 16:09 -------- d-----w- c:\program files\BitTorrent
2009-07-03 16:08 . 2009-07-03 16:08 -------- d-----w- c:\program files\AskSearch
2009-07-03 04:40 . 2009-07-03 04:40 -------- d-sh--w- C:\FOUND.007
2009-07-02 11:48 . 2009-07-02 11:48 -------- d-sh--w- C:\FOUND.006
2009-07-02 10:54 . 2009-07-02 10:54 -------- d-----w- c:\documents and settings\a\Application Data\ESTSoft
2009-07-02 10:24 . 2005-07-26 11:33 3644032 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2009-07-02 10:24 . 2004-02-24 05:38 400384 ----a-w- c:\windows\system32\drivers\ALCXSENS.SYS
2009-07-02 10:24 . 2005-06-02 11:13 200704 ----a-w- c:\windows\alcrmv.exe
2009-07-02 10:24 . 2005-06-02 11:01 294912 ----a-w- c:\windows\alcupd.exe
2009-07-02 08:46 . 2009-07-02 08:46 -------- d-----w- c:\windows\system32\DRVSTORE
2009-07-02 04:05 . 2009-07-02 04:05 -------- d-sh--w- C:\FOUND.005
2009-07-01 11:40 . 2009-07-01 11:40 -------- d-sh--w- C:\FOUND.004
2009-07-01 04:27 . 2009-07-01 04:27 -------- d-sh--w- C:\FOUND.003

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 05:59 . 2009-07-26 05:59 2215936 ----a-w- c:\documents and settings\a\ntuser.tmp
2009-07-04 15:23 . 2009-07-04 15:23 10528768 ----a-w- c:\windows\system32\SET72.tmp
2009-07-01 06:17 . 2009-06-23 01:53 65144 ----a-w- c:\documents and settings\a\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-28 04:18 . 2009-06-28 04:17 -------- d-----w- c:\program files\Windows Media Components
2009-06-28 04:17 . 2009-06-28 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Huelix Solutions
2009-06-27 20:25 . 2009-06-27 20:21 79051 ----a-w- c:\windows\hpfins05.dat
2009-06-27 20:24 . 2009-06-27 20:24 -------- d-----w- c:\program files\Common Files\HP
2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-27 20:21 . 2009-06-27 20:21 -------- d-----w- c:\program files\HP
2009-06-27 20:13 . 2009-06-27 20:13 -------- d-----w- c:\documents and settings\a\Application Data\HP
2009-06-25 05:09 . 2009-06-25 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-24 10:57 . 2009-06-24 10:57 -------- d-----w- c:\program files\Quick Heal
2009-06-24 10:55 . 2009-06-24 10:55 -------- d-----w- c:\program files\Google
2009-06-24 09:40 . 2009-06-24 09:40 -------- d-----w- c:\program files\ESTsoft
2009-06-24 09:28 . 2009-06-24 09:28 -------- d-----w- c:\program files\directx
2009-06-23 15:08 . 2009-06-23 15:08 -------- d-----w- c:\documents and settings\a\Application Data\vlc
2009-06-23 13:45 . 2009-06-23 13:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-23 13:45 . 2009-06-23 13:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-23 06:15 . 2009-06-23 01:18 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-23 02:11 . 2009-06-23 02:11 10968576 ----a-r- c:\windows\system32\SET11C.tmp
2009-06-23 02:11 . 2009-06-23 02:11 4114400 ----a-r- c:\windows\system32\drivers\SET118.tmp
2009-06-23 01:58 . 2009-06-23 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-23 01:57 . 2009-06-23 01:57 -------- d-----w- c:\program files\Yahoo!
2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\Java
2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\Common Files\Java
2009-06-23 01:52 . 2009-06-23 01:52 88064 ----a-w- c:\windows\system32\AudioExCtl.dll
2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\Mjuice Media Player
2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\Winamp
2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\VideoLAN
2009-06-23 01:51 . 2009-06-23 01:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-23 01:51 . 2009-06-23 01:51 -------- d-----w- c:\documents and settings\a\Application Data\InterTrust
2009-06-23 01:42 . 2009-06-23 01:42 -------- d-----w- c:\program files\Common Files\L&H
2009-06-23 01:41 . 2009-06-23 01:41 -------- d-----w- c:\program files\Microsoft.NET
2009-06-23 01:41 . 2009-06-23 01:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-23 01:40 . 2009-06-23 01:40 -------- d-----w- c:\program files\Microsoft Works
2009-06-23 01:20 . 2009-06-23 01:20 -------- d-----w- c:\program files\microsoft frontpage
2009-06-23 01:16 . 2009-06-23 01:16 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-17 12:37 . 2009-07-04 05:36 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2004-08-03 14:56 . 2004-08-03 14:56 174326 --sh--r- c:\windows\system32\lvkjwi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Email Protection"="c:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE" [2009-07-09 267648]
"Update Scheduler"="c:\progra~1\QUICKH~1\QUICKH~1\UPSCHD.EXE" [2009-07-09 95616]
"On-Line Protection"="c:\progra~1\QUICKH~1\QUICKH~1\cateye.exe" [2009-07-09 206208]
"Startup Scan"="c:\progra~1\QUICKH~1\QUICKH~1\Sensor.EXE" [2009-07-09 144768]
"ResumeQuickupDownload"="c:\progra~1\QUICKH~1\QUICKH~1\acappaa.exe" [2009-07-09 95616]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c9f727759f6d5c"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6763:TCP"= 6763:TCP:wccee

R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [7/9/2009 10:02 AM 65024]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [7/9/2009 10:03 AM 28664]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [6/23/2009 7:15 PM 18004]
S2 Online Protection System;Online Protection System;c:\progra~1\QUICKH~1\QUICKH~1\opssvc.exe [7/9/2009 10:02 AM 17280]
S2 Quick Heal Total Security Mail Protection;Quick Heal Total Security Mail Protection;c:\progra~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE [7/9/2009 10:02 AM 50560]
S2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~1\QUICKH~1\quhlpsvc.exe [7/9/2009 10:02 AM 58752]
S2 rlqhrqgnb;Server Config;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 8:26 PM 14336]
S2 Startup Handler;Quick Heal Total Security Startup Handler;c:\progra~1\QUICKH~1\QUICKH~1\strtsvc.exe [7/9/2009 10:02 AM 54656]
S4 gupdate1c9f727759f6d5c;Google Update Service (gupdate1c9f727759f6d5c);c:\program files\Google\Update\GoogleUpdate.exe [6/27/2009 6:31 PM 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rlqhrqgnb
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-27 12:57]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-27 12:57]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1229272821-725345543-1003Core.job
- c:\documents and settings\a\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 14:52]

2009-07-24 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-07-24 06:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\a\Application Data\Mozilla\Firefox\Profiles\9vugicid.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - plugin: c:\documents and settings\a\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJPI142_06.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 16:47
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rlqhrqgnb]
"ServiceDll"="c:\windows\system32\lvkjwi.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\l3codeca.acm
.
Completion time: 2009-07-29 16:48
ComboFix-quarantined-files.txt 2009-07-29 11:18

Pre-Run: 6,942,736,384 bytes free
Post-Run: 7,243,341,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

268

Attached Files


  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DirLook::
c:\program files\JAP

Folder::
C:\FOUND.019
C:\FOUND.018
C:\FOUND.017
C:\FOUND.016
C:\FOUND.015
C:\FOUND.014
C:\FOUND.013
C:\FOUND.012
C:\FOUND.011
C:\FOUND.010
C:\FOUND.009
C:\FOUND.008
C:\FOUND.007
C:\FOUND.006
C:\FOUND.005
C:\FOUND.004
C:\FOUND.003

File::
c:\windows\system32\SET72.tmp
c:\windows\system32\SET11C.tmp
c:\windows\system32\drivers\SET118.tmp
c:\windows\system32\lvkjwi.dll

Driver::
rlqhrqgnb

NetSvc::
rlqhrqgnb

KillAll::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#5
Sehaj M

Sehaj M

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix 09-07-28.04 - a 07/29/2009 19:46.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.631.470 [GMT 5.5:30]
Running from: c:\documents and settings\a\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\a\Desktop\CFScript.txt
AV: Total Security 10.00 *On-access scanning disabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\SET118.tmp"
"c:\windows\system32\lvkjwi.dll"
"c:\windows\system32\SET11C.tmp"
"c:\windows\system32\SET72.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.003
c:\found.003\FILE0000.CHK
c:\found.003\FILE0001.CHK
C:\FOUND.004
c:\found.004\FILE0000.CHK
c:\found.004\FILE0001.CHK
c:\found.004\FILE0002.CHK
c:\found.004\FILE0003.CHK
c:\found.004\FILE0004.CHK
c:\found.004\FILE0005.CHK
c:\found.004\FILE0006.CHK
c:\found.004\FILE0007.CHK
c:\found.004\FILE0008.CHK
c:\found.004\FILE0009.CHK
C:\FOUND.005
c:\found.005\FILE0000.CHK
c:\found.005\FILE0001.CHK
C:\FOUND.006
c:\found.006\FILE0000.CHK
c:\found.006\FILE0001.CHK
c:\found.006\FILE0002.CHK
C:\FOUND.007
c:\found.007\FILE0000.CHK
c:\found.007\FILE0001.CHK
c:\found.007\FILE0002.CHK
c:\found.007\FILE0003.CHK
c:\found.007\FILE0004.CHK
c:\found.007\FILE0005.CHK
c:\found.007\FILE0006.CHK
c:\found.007\FILE0007.CHK
C:\FOUND.008
c:\found.008\FILE0000.CHK
c:\found.008\FILE0001.CHK
c:\found.008\FILE0002.CHK
c:\found.008\FILE0003.CHK
c:\found.008\FILE0004.CHK
c:\found.008\FILE0005.CHK
C:\FOUND.009
c:\found.009\FILE0000.CHK
c:\found.009\FILE0001.CHK
c:\found.009\FILE0002.CHK
c:\found.009\FILE0003.CHK
C:\FOUND.010
c:\found.010\FILE0000.CHK
c:\found.010\FILE0001.CHK
C:\FOUND.011
c:\found.011\FILE0000.CHK
c:\found.011\FILE0001.CHK
c:\found.011\FILE0002.CHK
c:\found.011\FILE0003.CHK
c:\found.011\FILE0004.CHK
c:\found.011\FILE0005.CHK
c:\found.011\FILE0006.CHK
c:\found.011\FILE0007.CHK
c:\found.011\FILE0008.CHK
c:\found.011\FILE0009.CHK
c:\found.011\FILE0010.CHK
c:\found.011\FILE0011.CHK
c:\found.011\FILE0012.CHK
c:\found.011\FILE0013.CHK
c:\found.011\FILE0014.CHK
c:\found.011\FILE0015.CHK
c:\found.011\FILE0016.CHK
c:\found.011\FILE0017.CHK
c:\found.011\FILE0018.CHK
c:\found.011\FILE0019.CHK
c:\found.011\FILE0020.CHK
c:\found.011\FILE0021.CHK
c:\found.011\FILE0022.CHK
c:\found.011\FILE0023.CHK
c:\found.011\FILE0024.CHK
c:\found.011\FILE0025.CHK
c:\found.011\FILE0026.CHK
c:\found.011\FILE0027.CHK
c:\found.011\FILE0028.CHK
c:\found.011\FILE0029.CHK
c:\found.011\FILE0030.CHK
c:\found.011\FILE0031.CHK
c:\found.011\FILE0032.CHK
c:\found.011\FILE0033.CHK
c:\found.011\FILE0034.CHK
C:\FOUND.012
c:\found.012\FILE0000.CHK
c:\found.012\FILE0001.CHK
c:\found.012\FILE0002.CHK
c:\found.012\FILE0003.CHK
c:\found.012\FILE0004.CHK
c:\found.012\FILE0005.CHK
c:\found.012\FILE0006.CHK
c:\found.012\FILE0007.CHK
c:\found.012\FILE0008.CHK
c:\found.012\FILE0009.CHK
c:\found.012\FILE0010.CHK
c:\found.012\FILE0011.CHK
c:\found.012\FILE0012.CHK
c:\found.012\FILE0013.CHK
c:\found.012\FILE0014.CHK
c:\found.012\FILE0015.CHK
c:\found.012\FILE0016.CHK
c:\found.012\FILE0017.CHK
c:\found.012\FILE0018.CHK
c:\found.012\FILE0019.CHK
c:\found.012\FILE0020.CHK
c:\found.012\FILE0021.CHK
c:\found.012\FILE0022.CHK
c:\found.012\FILE0023.CHK
c:\found.012\FILE0024.CHK
c:\found.012\FILE0025.CHK
c:\found.012\FILE0026.CHK
c:\found.012\FILE0027.CHK
c:\found.012\FILE0028.CHK
c:\found.012\FILE0029.CHK
c:\found.012\FILE0030.CHK
c:\found.012\FILE0031.CHK
c:\found.012\FILE0032.CHK
c:\found.012\FILE0033.CHK
c:\found.012\FILE0034.CHK
c:\found.012\FILE0035.CHK
c:\found.012\FILE0036.CHK
c:\found.012\FILE0037.CHK
c:\found.012\FILE0038.CHK
c:\found.012\FILE0039.CHK
c:\found.012\FILE0040.CHK
c:\found.012\FILE0041.CHK
C:\FOUND.013
c:\found.013\FILE0000.CHK
c:\found.013\FILE0001.CHK
c:\found.013\FILE0002.CHK
c:\found.013\FILE0003.CHK
c:\found.013\FILE0004.CHK
c:\found.013\FILE0005.CHK
C:\FOUND.014
c:\found.014\FILE0000.CHK
C:\FOUND.015
c:\found.015\FILE0000.CHK
c:\found.015\FILE0001.CHK
c:\found.015\FILE0002.CHK
c:\found.015\FILE0003.CHK
c:\found.015\FILE0004.CHK
c:\found.015\FILE0005.CHK
c:\found.015\FILE0006.CHK
c:\found.015\FILE0007.CHK
c:\found.015\FILE0008.CHK
c:\found.015\FILE0009.CHK
c:\found.015\FILE0010.CHK
c:\found.015\FILE0011.CHK
c:\found.015\FILE0012.CHK
c:\found.015\FILE0013.CHK
c:\found.015\FILE0014.CHK
c:\found.015\FILE0015.CHK
c:\found.015\FILE0016.CHK
c:\found.015\FILE0017.CHK
c:\found.015\FILE0018.CHK
c:\found.015\FILE0019.CHK
c:\found.015\FILE0020.CHK
c:\found.015\FILE0021.CHK
c:\found.015\FILE0022.CHK
c:\found.015\FILE0023.CHK
c:\found.015\FILE0024.CHK
c:\found.015\FILE0025.CHK
c:\found.015\FILE0026.CHK
c:\found.015\FILE0027.CHK
c:\found.015\FILE0028.CHK
c:\found.015\FILE0029.CHK
c:\found.015\FILE0030.CHK
c:\found.015\FILE0031.CHK
c:\found.015\FILE0032.CHK
c:\found.015\FILE0033.CHK
c:\found.015\FILE0034.CHK
c:\found.015\FILE0035.CHK
c:\found.015\FILE0036.CHK
c:\found.015\FILE0037.CHK
c:\found.015\FILE0038.CHK
c:\found.015\FILE0039.CHK
c:\found.015\FILE0040.CHK
c:\found.015\FILE0041.CHK
c:\found.015\FILE0042.CHK
c:\found.015\FILE0043.CHK
c:\found.015\FILE0044.CHK
c:\found.015\FILE0045.CHK
c:\found.015\FILE0046.CHK
c:\found.015\FILE0047.CHK
c:\found.015\FILE0048.CHK
c:\found.015\FILE0049.CHK
c:\found.015\FILE0050.CHK
c:\found.015\FILE0051.CHK
c:\found.015\FILE0052.CHK
c:\found.015\FILE0053.CHK
c:\found.015\FILE0054.CHK
c:\found.015\FILE0055.CHK
c:\found.015\FILE0056.CHK
c:\found.015\FILE0057.CHK
c:\found.015\FILE0058.CHK
c:\found.015\FILE0059.CHK
c:\found.015\FILE0060.CHK
c:\found.015\FILE0061.CHK
c:\found.015\FILE0062.CHK
c:\found.015\FILE0063.CHK
c:\found.015\FILE0064.CHK
c:\found.015\FILE0065.CHK
c:\found.015\FILE0066.CHK
c:\found.015\FILE0067.CHK
c:\found.015\FILE0068.CHK
c:\found.015\FILE0069.CHK
c:\found.015\FILE0070.CHK
c:\found.015\FILE0071.CHK
c:\found.015\FILE0072.CHK
c:\found.015\FILE0073.CHK
c:\found.015\FILE0074.CHK
c:\found.015\FILE0075.CHK
c:\found.015\FILE0076.CHK
c:\found.015\FILE0077.CHK
c:\found.015\FILE0078.CHK
c:\found.015\FILE0079.CHK
c:\found.015\FILE0080.CHK
c:\found.015\FILE0081.CHK
c:\found.015\FILE0082.CHK
c:\found.015\FILE0083.CHK
c:\found.015\FILE0084.CHK
c:\found.015\FILE0085.CHK
c:\found.015\FILE0086.CHK
c:\found.015\FILE0087.CHK
c:\found.015\FILE0088.CHK
c:\found.015\FILE0089.CHK
c:\found.015\FILE0090.CHK
c:\found.015\FILE0091.CHK
c:\found.015\FILE0092.CHK
c:\found.015\FILE0093.CHK
c:\found.015\FILE0094.CHK
c:\found.015\FILE0095.CHK
c:\found.015\FILE0096.CHK
c:\found.015\FILE0097.CHK
c:\found.015\FILE0098.CHK
c:\found.015\FILE0099.CHK
c:\found.015\FILE0100.CHK
c:\found.015\FILE0101.CHK
c:\found.015\FILE0102.CHK
c:\found.015\FILE0103.CHK
c:\found.015\FILE0104.CHK
c:\found.015\FILE0105.CHK
c:\found.015\FILE0106.CHK
c:\found.015\FILE0107.CHK
c:\found.015\FILE0108.CHK
c:\found.015\FILE0109.CHK
c:\found.015\FILE0110.CHK
c:\found.015\FILE0111.CHK
c:\found.015\FILE0112.CHK
c:\found.015\FILE0113.CHK
c:\found.015\FILE0114.CHK
c:\found.015\FILE0115.CHK
c:\found.015\FILE0116.CHK
c:\found.015\FILE0117.CHK
c:\found.015\FILE0118.CHK
c:\found.015\FILE0119.CHK
c:\found.015\FILE0120.CHK
c:\found.015\FILE0121.CHK
c:\found.015\FILE0122.CHK
c:\found.015\FILE0123.CHK
c:\found.015\FILE0124.CHK
c:\found.015\FILE0125.CHK
c:\found.015\FILE0126.CHK
c:\found.015\FILE0127.CHK
c:\found.015\FILE0128.CHK
c:\found.015\FILE0129.CHK
c:\found.015\FILE0130.CHK
c:\found.015\FILE0131.CHK
c:\found.015\FILE0132.CHK
c:\found.015\FILE0133.CHK
c:\found.015\FILE0134.CHK
c:\found.015\FILE0135.CHK
c:\found.015\FILE0136.CHK
c:\found.015\FILE0137.CHK
c:\found.015\FILE0138.CHK
c:\found.015\FILE0139.CHK
c:\found.015\FILE0140.CHK
c:\found.015\FILE0141.CHK
c:\found.015\FILE0142.CHK
c:\found.015\FILE0143.CHK
c:\found.015\FILE0144.CHK
c:\found.015\FILE0145.CHK
c:\found.015\FILE0146.CHK
c:\found.015\FILE0147.CHK
c:\found.015\FILE0148.CHK
c:\found.015\FILE0149.CHK
c:\found.015\FILE0150.CHK
c:\found.015\FILE0151.CHK
c:\found.015\FILE0152.CHK
c:\found.015\FILE0153.CHK
c:\found.015\FILE0154.CHK
c:\found.015\FILE0155.CHK
c:\found.015\FILE0156.CHK
c:\found.015\FILE0157.CHK
c:\found.015\FILE0158.CHK
c:\found.015\FILE0159.CHK
c:\found.015\FILE0160.CHK
c:\found.015\FILE0161.CHK
c:\found.015\FILE0162.CHK
c:\found.015\FILE0163.CHK
c:\found.015\FILE0164.CHK
c:\found.015\FILE0165.CHK
C:\FOUND.016
c:\found.016\FILE0000.CHK
c:\found.016\FILE0001.CHK
C:\FOUND.017
c:\found.017\FILE0000.CHK
c:\found.017\FILE0001.CHK
c:\found.017\FILE0002.CHK
c:\found.017\FILE0003.CHK
c:\found.017\FILE0004.CHK
c:\found.017\FILE0005.CHK
c:\found.017\FILE0006.CHK
c:\found.017\FILE0007.CHK
c:\found.017\FILE0008.CHK
c:\found.017\FILE0009.CHK
c:\found.017\FILE0010.CHK
c:\found.017\FILE0011.CHK
c:\found.017\FILE0012.CHK
c:\found.017\FILE0013.CHK
c:\found.017\FILE0014.CHK
c:\found.017\FILE0015.CHK
c:\found.017\FILE0016.CHK
c:\found.017\FILE0017.CHK
c:\found.017\FILE0018.CHK
c:\found.017\FILE0019.CHK
c:\found.017\FILE0020.CHK
c:\found.017\FILE0021.CHK
c:\found.017\FILE0022.CHK
c:\found.017\FILE0023.CHK
c:\found.017\FILE0024.CHK
c:\found.017\FILE0025.CHK
c:\found.017\FILE0026.CHK
c:\found.017\FILE0027.CHK
C:\FOUND.018
c:\found.018\FILE0000.CHK
c:\found.018\FILE0001.CHK
c:\found.018\FILE0002.CHK
c:\found.018\FILE0003.CHK
C:\FOUND.019
c:\found.019\FILE0000.CHK
c:\found.019\FILE0001.CHK
c:\found.019\FILE0002.CHK
c:\found.019\FILE0003.CHK
c:\found.019\FILE0004.CHK
c:\windows\system32\drivers\SET118.tmp
c:\windows\system32\lvkjwi.dll
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET72.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RLQHRQGNB
-------\Service_rlqhrqgnb


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-29 10:27 . 2009-07-29 10:27 -------- d-----w- C:\Rooter$
2009-07-28 09:43 . 2009-07-28 09:43 -------- d-----w- c:\windows\Sun
2009-07-28 09:33 . 2009-07-28 09:33 -------- d-----w- c:\documents and settings\a\Application Data\JonDo
2009-07-28 09:13 . 2009-07-28 09:13 -------- d-----w- c:\program files\JAP
2009-07-24 05:13 . 2009-07-24 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2009-07-24 05:12 . 2009-07-24 05:12 -------- d-----w- c:\program files\PopCap Games
2009-07-22 12:51 . 2009-07-22 12:51 -------- d-----w- c:\windows\system32\Lang
2009-07-21 07:55 . 2009-07-21 07:55 -------- d-----w- c:\documents and settings\a\Local Settings\Application Data\The Weather Channel
2009-07-16 06:13 . 2009-07-16 06:13 -------- d-----w- c:\documents and settings\a\Application Data\ARGELA
2009-07-15 06:57 . 2009-07-15 06:57 -------- d--h--r- C:\MSOCache
2009-07-14 15:50 . 2009-07-14 15:50 -------- d-----w- c:\program files\Realtek AC97
2009-07-14 15:49 . 2005-05-02 19:43 69632 ----a-w- c:\windows\Alcmtr.exe
2009-07-14 15:49 . 2006-05-03 17:26 2808832 ----a-w- c:\windows\alcwzrd.exe
2009-07-14 15:49 . 2006-09-11 17:58 16264192 ----a-w- c:\windows\RTHDCPL.exe
2009-07-14 15:49 . 2006-09-11 16:12 2155008 ----a-w- c:\windows\MicCal.exe
2009-07-14 15:49 . 2006-05-15 19:04 2879488 ----a-w- c:\windows\SkyTel.exe
2009-07-14 15:49 . 2009-07-14 15:49 -------- d-----w- c:\windows\system32\RTCOM
2009-07-14 15:49 . 2006-08-31 15:35 364544 ----a-w- c:\windows\RtlUpd.exe
2009-07-14 15:49 . 2006-05-03 17:35 9709568 ----a-w- c:\windows\RTLCPL.exe
2009-07-14 15:49 . 2005-07-15 11:18 40960 ----a-w- c:\windows\system32\ChCfg.exe
2009-07-14 15:49 . 2006-09-11 20:27 4381184 ----a-w- c:\windows\system32\drivers\RtkHDAud.Sys
2009-07-14 15:47 . 2009-07-14 15:47 -------- d-----w- c:\program files\Realtek
2009-07-14 15:47 . 2006-09-11 15:34 499712 ----a-w- c:\windows\RtlExUpd.dll
2009-07-13 15:20 . 2009-07-13 15:20 -------- d-----w- C:\DriveKey
2009-07-09 04:33 . 2009-07-09 04:33 28664 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2009-07-09 04:32 . 2009-07-09 04:33 65024 ----a-w- c:\windows\system32\drivers\catflt.sys
2009-07-06 11:56 . 2005-07-22 09:30 81920 ----a-w- c:\windows\SoundMan.exe
2009-07-06 11:56 . 2004-09-07 08:53 156672 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-07-06 11:13 . 2005-07-22 09:29 10458112 ----a-w- c:\windows\system32\RTLCPL.EXE
2009-07-06 11:03 . 2009-07-06 11:03 -------- d-----w- c:\program files\Intel
2009-07-06 05:46 . 2001-12-31 18:29 312 ----a-w- c:\windows\system32\drivers\HDACfg.dat
2009-07-06 05:45 . 2004-11-18 05:12 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-04 05:36 . 2009-07-04 05:36 0 ----a-w- c:\windows\nsreg.dat
2009-07-04 05:36 . 2009-07-04 05:36 -------- d-----w- c:\documents and settings\a\Local Settings\Application Data\Mozilla
2009-07-03 16:09 . 2009-07-03 16:09 -------- d-----w- c:\documents and settings\a\Application Data\BitTorrent
2009-07-03 16:08 . 2009-07-03 16:09 -------- d-----w- c:\program files\BitTorrent
2009-07-03 16:08 . 2009-07-03 16:08 -------- d-----w- c:\program files\AskSearch
2009-07-02 10:54 . 2009-07-02 10:54 -------- d-----w- c:\documents and settings\a\Application Data\ESTSoft
2009-07-02 10:24 . 2005-07-26 11:33 3644032 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2009-07-02 10:24 . 2004-02-24 05:38 400384 ----a-w- c:\windows\system32\drivers\ALCXSENS.SYS
2009-07-02 10:24 . 2005-06-02 11:13 200704 ----a-w- c:\windows\alcrmv.exe
2009-07-02 10:24 . 2005-06-02 11:01 294912 ----a-w- c:\windows\alcupd.exe
2009-07-02 08:46 . 2009-07-02 08:46 -------- d-----w- c:\windows\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 05:59 . 2009-07-26 05:59 2215936 ----a-w- c:\documents and settings\a\ntuser.tmp
2009-07-01 06:17 . 2009-06-23 01:53 65144 ----a-w- c:\documents and settings\a\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-28 04:18 . 2009-06-28 04:17 -------- d-----w- c:\program files\Windows Media Components
2009-06-28 04:17 . 2009-06-28 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Huelix Solutions
2009-06-27 20:25 . 2009-06-27 20:21 79051 ----a-w- c:\windows\hpfins05.dat
2009-06-27 20:24 . 2009-06-27 20:24 -------- d-----w- c:\program files\Common Files\HP
2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-27 20:21 . 2009-06-27 20:21 -------- d-----w- c:\program files\HP
2009-06-27 20:13 . 2009-06-27 20:13 -------- d-----w- c:\documents and settings\a\Application Data\HP
2009-06-25 05:09 . 2009-06-25 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-24 10:57 . 2009-06-24 10:57 -------- d-----w- c:\program files\Quick Heal
2009-06-24 10:55 . 2009-06-24 10:55 -------- d-----w- c:\program files\Google
2009-06-24 09:40 . 2009-06-24 09:40 -------- d-----w- c:\program files\ESTsoft
2009-06-24 09:28 . 2009-06-24 09:28 -------- d-----w- c:\program files\directx
2009-06-23 15:08 . 2009-06-23 15:08 -------- d-----w- c:\documents and settings\a\Application Data\vlc
2009-06-23 13:45 . 2009-06-23 13:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-23 13:45 . 2009-06-23 13:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-23 06:15 . 2009-06-23 01:18 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-23 01:58 . 2009-06-23 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-23 01:57 . 2009-06-23 01:57 -------- d-----w- c:\program files\Yahoo!
2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\Java
2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\Common Files\Java
2009-06-23 01:52 . 2009-06-23 01:52 88064 ----a-w- c:\windows\system32\AudioExCtl.dll
2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\Mjuice Media Player
2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\Winamp
2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\VideoLAN
2009-06-23 01:51 . 2009-06-23 01:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-23 01:51 . 2009-06-23 01:51 -------- d-----w- c:\documents and settings\a\Application Data\InterTrust
2009-06-23 01:42 . 2009-06-23 01:42 -------- d-----w- c:\program files\Common Files\L&H
2009-06-23 01:41 . 2009-06-23 01:41 -------- d-----w- c:\program files\Microsoft.NET
2009-06-23 01:41 . 2009-06-23 01:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-23 01:40 . 2009-06-23 01:40 -------- d-----w- c:\program files\Microsoft Works
2009-06-23 01:20 . 2009-06-23 01:20 -------- d-----w- c:\program files\microsoft frontpage
2009-06-23 01:16 . 2009-06-23 01:16 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-24 13:26 . 2009-07-04 05:36 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\JAP ----

2009-07-28 09:33 . 2009-07-28 09:33 64966 ----a-w- c:\program files\JAP\uninstall.exe
2009-07-28 09:33 . 2009-07-28 09:33 35552 ----a-w- c:\program files\JAP\japdll.dll
2009-07-28 09:33 . 2009-07-28 09:33 40608 ----a-w- c:\program files\JAP\jap.exe
2009-07-28 09:13 . 2009-07-28 09:33 8237243 ----a-w- c:\program files\JAP\JAP.jar


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Email Protection"="c:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE" [2009-07-09 267648]
"Update Scheduler"="c:\progra~1\QUICKH~1\QUICKH~1\UPSCHD.EXE" [2009-07-09 95616]
"On-Line Protection"="c:\progra~1\QUICKH~1\QUICKH~1\cateye.exe" [2009-07-09 206208]
"Startup Scan"="c:\progra~1\QUICKH~1\QUICKH~1\Sensor.EXE" [2009-07-09 144768]
"ResumeQuickupDownload"="c:\progra~1\QUICKH~1\QUICKH~1\acappaa.exe" [2009-07-09 95616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Startup Scan"="c:\progra~1\QUICKH~1\QUICKH~1\Sensor.EXE" [2009-07-09 144768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c9f727759f6d5c"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6763:TCP"= 6763:TCP:wccee

R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [7/9/2009 10:02 AM 65024]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [7/9/2009 10:03 AM 28664]
R2 Online Protection System;Online Protection System;c:\progra~1\QUICKH~1\QUICKH~1\opssvc.exe [7/9/2009 10:02 AM 17280]
R2 Quick Heal Total Security Mail Protection;Quick Heal Total Security Mail Protection;c:\progra~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE [7/9/2009 10:02 AM 50560]
R2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~1\QUICKH~1\quhlpsvc.exe [7/9/2009 10:02 AM 58752]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [6/23/2009 7:15 PM 18004]
S2 Startup Handler;Quick Heal Total Security Startup Handler;c:\progra~1\QUICKH~1\QUICKH~1\strtsvc.exe [7/9/2009 10:02 AM 54656]
S4 gupdate1c9f727759f6d5c;Google Update Service (gupdate1c9f727759f6d5c);c:\program files\Google\Update\GoogleUpdate.exe [6/27/2009 6:31 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-27 12:57]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-27 12:57]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1229272821-725345543-1003Core.job
- c:\documents and settings\a\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 14:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\a\Application Data\Mozilla\Firefox\Profiles\9vugicid.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - plugin: c:\documents and settings\a\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJPI142_06.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 19:55
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(2364)
c:\windows\system32\l3codeca.acm
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\QUICKH~1\QUICKH~1\scanwscs.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\progra~1\QUICKH~1\QUICKH~1\OnlineNT.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-29 19:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-29 14:28
ComboFix2.txt 2009-07-29 11:18

Pre-Run: 7,200,792,576 bytes free
Post-Run: 7,093,731,328 bytes free

608
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#7
Sehaj M

Sehaj M

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

7/30/2009 11:57:14 AM
mbam-log-2009-07-30 (11-57-14).txt

Scan type: Quick Scan
Objects scanned: 65159
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Sehaj M

Sehaj M

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
KASPERSKY WEBSITE STILL NOT OPENING
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
try this

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left unneutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#10
Sehaj M

Sehaj M

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
THANKS Rorschach112 Sir!!!!!!!!!

Thank you very very very much.......Now my system is live again....

You Rocks
You really rockzzzzzzzzzzzz...

KEEP IT UP
:)
  • 0

#11
Sehaj M

Sehaj M

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
MY PROBLEM IS SOLVED NOW
THANK YOU VERY MUCH FOR YOUR KIND SUPPORT.

  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP