Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: A Bad Rootkit Problem  (Read 15832 times)

0 Members and 1 Guest are viewing this topic.

lonewolf

    Topic Starter


    Rookie

    Re: A Bad Rootkit Problem
    « Reply #15 on: October 02, 2008, 04:06:05 PM »
    ComboFix 08-10-01.06 - Lone Wolf 2008-10-02 15:54:58.6 - NTFSx86
    Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1125 [GMT -5:00]
    Running from: C:\Documents and Settings\Lone Wolf\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Lone Wolf\Desktop\CFScript.txt
     * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((   Files Created from 2008-09-02 to 2008-10-02  )))))))))))))))))))))))))))))))
    .

    2008-10-01 15:00 . 2008-10-01 15:01   <DIR>   d--------   C:\327882R2FWJFW
    2008-10-01 01:33 . 2008-10-01 01:33   <DIR>   d--------   C:\Documents and Settings\Lone Wolf\Application Data\Avira
    2008-09-30 21:05 . 2008-10-02 02:09   <DIR>   d--------   C:\Program Files\qdacqzc
    2008-09-30 21:05 . 2008-09-30 21:45   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\nqrobmhw
    2008-09-30 19:24 . 2008-09-30 19:24   <DIR>   d--------   C:\Program Files\Common Files\DirectX
    2008-09-29 21:31 . 2008-09-29 21:31   <DIR>   d--------   C:\WINDOWS\system32\QuickTime
    2008-09-29 21:31 . 2008-09-29 21:31   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\TechSmith
    2008-09-29 21:31 . 2008-01-18 03:36   107,864   --a------   C:\WINDOWS\system32\tsccvid.dll
    2008-09-29 21:30 . 2008-09-29 21:30   <DIR>   d--------   C:\Program Files\TechSmith
    2008-09-29 21:30 . 2008-09-29 21:30   <DIR>   d--------   C:\Program Files\Common Files\TechSmith Shared
    2008-09-29 19:12 . 2008-09-15 02:19   389   -rahs----   C:\BOOT.INI.backup
    2008-09-29 19:10 . 2008-09-29 19:10   <DIR>   d--------   C:\symserver
    2008-09-29 19:10 . 2008-09-29 19:10   <DIR>   d--------   C:\Program Files\Compuware
    2008-09-29 19:10 . 2008-09-29 19:10   <DIR>   d--------   C:\Program Files\Common Files\Compuware
    2008-09-29 19:08 . 2005-02-09 01:15   1,457   --a------   C:\WINDOWS\system32\drivers\compuware.dat
    2008-09-29 18:18 . 2008-09-29 18:18   <DIR>   d--------   C:\Program Files\Novasoft Inc
    2008-09-27 01:00 . 2008-09-27 01:08   <DIR>   d--------   C:\Program Files\AnMing
    2008-09-26 15:38 . 2008-09-26 15:38   <DIR>   d--------   C:\Documents and Settings\Lone Wolf\Application Data\TypingMaster7
    2008-09-22 11:48 . 2008-09-22 11:48   203   --a------   C:\WINDOWS\GSdx9 sse2.INI
    2008-09-21 20:56 . 2008-09-21 20:56   33,368   --a------   C:\Documents and Settings\Lone Wolf\Application Data\GDIPFONTCACHEV1.DAT
    2008-09-21 18:11 . 2008-09-21 18:11   <DIR>   d--------   C:\Documents and Settings\Lone Wolf\Application Data\fltk.org
    2008-09-21 11:38 . 2008-09-21 11:38   107,888   --a------   C:\WINDOWS\system32\CmdLineExt.dll
    2008-09-21 02:56 . 2008-09-21 02:56   <DIR>   d--------   C:\ProgramData
    2008-09-21 02:56 . 2008-09-21 02:56   662   --a------   C:\WINDOWS\system32\ealregsnapshot1.reg
    2008-09-21 02:53 . 2008-09-21 02:53   <DIR>   d--------   C:\WINDOWS\Logs
    2008-09-17 02:25 . 2008-07-01 09:00   1,642,496   --a------   C:\WINDOWS\system32\ChilkatMail_v7_9.dll
    2008-09-17 02:25 . 2008-03-12 22:55   1,294,336   --a------   C:\WINDOWS\system32\ChilkatXml.dll
    2008-09-17 02:25 . 2007-12-28 13:16   1,122,304   --a------   C:\WINDOWS\system32\ChilkatHttp.dll
    2008-09-17 02:25 . 2008-03-12 22:54   1,085,440   --a------   C:\WINDOWS\system32\ChilkatSocket.dll
    2008-09-17 02:25 . 2006-10-26 22:17   765,736   --a------   C:\WINDOWS\system32\MSWORD.OLB
    2008-09-17 02:25 . 2008-07-01 11:04   659,456   --a------   C:\WINDOWS\system32\ChilkatCharset.dll
    2008-09-17 02:25 . 2008-03-26 08:20   569,344   --a------   C:\WINDOWS\system32\CkString.dll
    2008-09-17 02:25 . 2008-01-29 04:32   140,488   --a-s----   C:\WINDOWS\system32\comdlg32.ocx
    2008-09-15 14:39 . 2008-09-15 14:39   <DIR>   d--------   C:\Program Files\Avira
    2008-09-15 14:39 . 2008-09-15 14:40   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-14 15:22 . 2008-10-01 17:35   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-14 15:22 . 2008-09-14 15:22   <DIR>   d--------   C:\Documents and Settings\Lone Wolf\Application Data\Malwarebytes
    2008-09-14 15:22 . 2008-09-14 15:22   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-14 15:22 . 2008-09-10 00:04   38,528   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-14 15:22 . 2008-09-10 00:03   17,200   --a------   C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-14 04:46 . 2008-09-14 04:46   <DIR>   d--------   C:\Program Files\UberIcon
    2008-09-14 04:28 . 2008-09-14 04:28   <DIR>   d--------   C:\Program Files\RocketDock
    2008-09-14 04:26 . 2008-09-14 04:26   0   --a------   C:\WINDOWS\WB.ini
    2008-09-14 04:23 . 2008-09-15 01:30   27   --a------   C:\WINDOWS\SDAddressBox16827d0561119.ini
    2008-09-14 03:51 . 2008-09-14 04:17   27   --a------   C:\WINDOWS\SDAddressBox1633cb8581916.ini
    2008-09-14 02:49 . 2008-09-14 02:49   2,359,350   --a------   C:\WINDOWS\Quest1024.bmp
    2008-09-14 02:46 . 2008-09-14 02:46   7,852   --a------   C:\WINDOWS\system32\mcdmsg7.dll
    2008-09-14 02:45 . 2008-09-14 02:45   <DIR>   d--------   C:\Program Files\Object Desktop
    2008-09-14 02:38 . 2008-09-14 03:34   <DIR>   d--------   C:\Program Files\Common Files\Stardock
    2008-09-14 02:28 . 2008-09-14 02:49   <DIR>   d--------   C:\Program Files\Stardock
    2008-09-14 02:28 . 2007-07-11 15:06   42,672   --a------   C:\WINDOWS\system32\wbsys.dll
    2008-09-13 01:12 . 2008-09-13 01:12   717,296   --a------   C:\WINDOWS\system32\drivers\sptd.sys
    2008-09-13 01:02 . 2008-09-13 01:02   <DIR>   d--hs----   C:\WINDOWS\ftpcache
    2008-09-13 00:34 . 2008-09-13 19:42   2,328,704   --a------   C:\WINDOWS\system32\TUKernel.exe
    2008-09-12 20:45 . 2008-04-04 14:51   28,416   --a------   C:\WINDOWS\system32\uxtuneup.dll
    2008-09-12 13:33 . 2008-09-12 13:33   50   --a------   C:\WINDOWS\MegaManager.INI
    2008-09-10 17:51 . 2008-09-10 17:51   <DIR>   d--------   C:\Program Files\iTunes
    2008-09-10 17:51 . 2008-09-10 17:51   <DIR>   d--------   C:\Program Files\iPod
    2008-09-10 17:51 . 2008-09-10 17:51   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-09-10 17:51 . 2008-04-17 13:12   107,368   --a------   C:\WINDOWS\system32\GEARAspi.dll
    2008-09-10 17:51 . 2008-04-17 13:12   15,464   --a------   C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2008-09-10 17:49 . 2008-09-10 17:50   <DIR>   d--------   C:\Program Files\QuickTime
    2008-09-08 21:05 . 1998-06-18 00:00   89,360   --a------   C:\WINDOWS\system32\VB5DB.DLL
    2008-09-08 20:32 . 2008-09-08 20:32   <DIR>   d--------   C:\Documents and Settings\Lone Wolf\Application Data\Notrivia
    2008-09-08 16:51 . 2008-09-08 16:54   41,008   --a------   C:\WINDOWS\system32\DCSysTray.ocx
    2008-09-07 11:03 . 2008-09-07 11:03   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-09-07 10:54 . 2008-09-07 10:54   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
    2008-09-07 10:54 . 2008-09-07 10:54   <DIR>   d--------   C:\Documents and Settings\Lone Wolf\Application Data\SUPERAntiSpyware.com
    2008-09-07 01:00 . 2008-09-07 01:07   <DIR>   d--------   C:\Program Files\CommentKahuna
    2008-09-07 00:05 . 2008-09-07 00:05   <DIR>   d--------   C:\VersalSoft
    2008-09-07 00:05 . 2008-09-07 00:05   <DIR>   d--------   C:\Program Files\VersalSoft
    2008-09-07 00:05 . 2008-09-07 00:05   <DIR>   d--------   C:\Program Files\Universal
    2008-09-06 22:42 . 2008-09-06 22:42   <DIR>   d--------   C:\Program Files\Trend Micro
    2008-09-06 15:09 . 2008-09-06 15:09   90,112   --a------   C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-09-06 15:09 . 2008-09-06 15:09   57,344   --a------   C:\WINDOWS\system32\QuickTime.qts
    2008-09-06 14:10 . 2004-02-10 23:32   491,520   --a------   C:\WINDOWS\system32\vbalSGrid6.ocx
    2008-09-06 14:10 . 2006-01-11 04:13   69,632   --a------   C:\WINDOWS\system32\sfFrameControl.ocx
    2008-09-05 22:40 . 2008-09-06 01:08   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Trend Micro
    2008-09-05 18:20 . 2008-09-05 18:20   <DIR>   d--------   C:\Program Files\Panda Security
    2008-09-05 18:08 . 2008-09-05 18:08   <DIR>   d--------   C:\Program Files\EdwinSoft
    2008-09-05 14:18 . 2008-09-05 14:18   70   --ah-----   C:\aaw7boot.cmd
    2008-09-05 12:57 . 2008-09-12 20:44   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-05 12:57 . 2008-09-05 13:02   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-05 01:19 . 2003-06-25 16:05   266,360   --a------   C:\WINDOWS\system32\TweakUI.exe
    2008-09-05 01:19 . 2002-06-21 15:09   160,217   --a------   C:\WINDOWS\system32\PowerToysLicense.rtf
    2008-09-04 23:03 . 2008-09-04 23:03   <DIR>   d--------   C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
    2008-09-04 23:03 . 2008-10-02 02:04   <DIR>   d--------   C:\WINDOWS\system32\config\systemprofile\Application Data\MEGAUPLOADTOOLBAR
    2008-09-04 23:03 . 2008-09-04 23:03   <DIR>   d--------   C:\WINDOWS\system32\config\systemprofile\Application Data\EmailNotifier

    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-01 22:59   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\Apple Computer
    2008-10-01 22:07   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\CoreFTP
    2008-10-01 21:42   90,112   ----a-w   C:\WINDOWS\DUMP4815.tmp
    2008-10-01 21:41   98,304   ----a-w   C:\WINDOWS\DUMP40b2.tmp
    2008-10-01 21:34   90,112   ----a-w   C:\WINDOWS\DUMP5e6b.tmp
    2008-10-01 21:33   98,304   ----a-w   C:\WINDOWS\DUMP4d54.tmp
    2008-10-01 21:31   98,304   ----a-w   C:\WINDOWS\DUMP5fb5.tmp
    2008-10-01 21:30   98,304   ----a-w   C:\WINDOWS\DUMP5fb4.tmp
    2008-10-01 21:29   98,304   ----a-w   C:\WINDOWS\DUMP613a.tmp
    2008-10-01 05:45   ---------   d-----w   C:\Program Files\G-C
    2008-09-30 20:36   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\MegauploadToolbar
    2008-09-30 07:58   ---------   d-----w   C:\Program Files\SpeedFan
    2008-09-30 00:14   1,757   ----a-w   C:\WINDOWS\system32\drivers\Winice.dat
    2008-09-30 00:14   1,184   ----a-w   C:\WINDOWS\system32\drivers\SIWSYM.SYS
    2008-09-25 19:23   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-09-25 06:50   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-09-21 07:56   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
    2008-09-20 09:36   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\Microsoft Corporation
    2008-09-12 18:35   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\Viewpoint
    2008-09-12 18:35   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-09-12 18:32   ---------   d-----w   C:\Program Files\Java
    2008-09-10 22:50   ---------   d-----w   C:\Program Files\Bonjour
    2008-09-10 22:49   ---------   d-----w   C:\Program Files\Common Files\Apple
    2008-09-09 01:01   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\mIRC
    2008-09-09 01:00   ---------   d-----w   C:\Program Files\mIRC
    2008-09-07 22:20   ---------   d-----w   C:\Program Files\Windows Media Connect 2
    2008-09-07 22:20   ---------   d-----w   C:\Program Files\WinAVI Video Converter 9.0
    2008-09-07 22:20   ---------   d-----w   C:\Program Files\TVUPlayer
    2008-09-07 22:20   ---------   d-----w   C:\Program Files\ICQ
    2008-09-07 22:20   ---------   d-----w   C:\Program Files\Flock
    2008-09-07 22:19   ---------   d-----w   C:\Program Files\AIMTunes
    2008-09-07 02:23   ---------   d-----w   C:\Program Files\Webcam Feed Finder Full
    2008-09-06 03:34   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
    2008-09-06 03:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Symantec
    2008-09-06 03:30   ---------   d-----w   C:\Program Files\Symantec
    2008-09-06 03:30   ---------   d-----w   C:\Program Files\Norton 360
    2008-09-05 19:18   ---------   d-----w   C:\Program Files\Premium Downloads for PC Full
    2008-09-05 19:18   ---------   d-----w   C:\Program Files\AltoMP3 Gold
    2008-09-04 20:16   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
    2008-09-04 04:38   ---------   d-----w   C:\Program Files\Illusion
    2008-09-02 01:08   ---------   d-----w   C:\Program Files\Internet TV
    2008-09-02 00:57   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\TVU Networks
    2008-09-01 20:59   ---------   d-----w   C:\Program Files\VirtualDub
    2008-09-01 20:43   43,698   ----a-w   C:\WINDOWS\system32\xvid-uninstall.exe
    2008-09-01 20:43   ---------   d-----w   C:\Program Files\AviSynth 2.5
    2008-09-01 20:43   ---------   d-----w   C:\Program Files\AutoGK
    2008-09-01 20:31   ---------   d-----w   C:\Program Files\URUSoft
    2008-08-31 06:20   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\My Games
    2008-08-31 05:52   ---------   d-----w   C:\Program Files\GameSpy
    2008-08-31 05:00   ---------   d-----w   C:\Program Files\Firaxis Games
    2008-08-31 04:58   ---------   d-----w   C:\Program Files\MegauploadToolbar
    2008-08-31 04:58   ---------   d-----w   C:\Program Files\Common Files\InstallShield
    2008-08-30 23:46   ---------   d-----w   C:\Program Files\KeywordsAnalyzer7
    2008-08-30 05:49   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\EmailNotifier
    2008-08-30 05:47   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Megaupload
    2008-08-30 05:47   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\EmailNotifier
    2008-08-29 15:18   87,336   ----a-w   C:\WINDOWS\system32\dns-sd.exe
    2008-08-29 14:53   61,440   ----a-w   C:\WINDOWS\system32\dnssd.dll
    2008-08-28 01:25   434,688   ----a-w   C:\WINDOWS\system32\ss2uinst.exe
    2008-08-25 18:43   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\MSN6
    2008-08-25 18:28   361,600   ----a-w   C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
    2008-08-25 18:28   361,600   ----a-w   C:\WINDOWS\system32\drivers\TCPIP.SYS
    2008-08-25 17:41   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\MSN6
    2008-08-24 05:59   4   ----a-w   C:\results.bin
    2008-08-23 20:59   ---------   d-----w   C:\Program Files\HyperYM
    2008-08-21 02:57   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\Uniblue
    2008-08-21 02:49   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\AVS4YOU
    2008-08-21 02:48   ---------   d-----w   C:\Program Files\AVS4YOU
    2008-08-21 02:48   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2008-08-21 02:47   ---------   d-----w   C:\Program Files\Common Files\AVSMedia
    2008-08-21 02:20   ---------   d-----w   C:\Program Files\Common Files\xing shared
    2008-08-21 02:20   ---------   d-----w   C:\Program Files\Common Files\Real
    2008-08-20 19:05   ---------   d-----w   C:\Program Files\Ubisoft
    2008-08-20 05:44   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\TVU Networks
    2008-08-20 05:42   ---------   d-----w   C:\Program Files\SopCast
    2008-08-20 05:42   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\SopCast
    2008-08-20 05:34   ---------   d-----w   C:\Program Files\Real
    2008-08-20 05:34   ---------   d-----w   C:\Program Files\Common Files\csshare
    2008-08-20 05:03   ---------   d-----w   C:\Program Files\TV Mesh Full
    2008-08-20 04:29   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\TVDAT
    2008-08-20 00:11   ---------   d-----w   C:\Program Files\Managed DirectX (0901)
    2008-08-19 22:33   ---------   d-----w   C:\Documents and Settings\Lone Wolf\Application Data\ScanSoft
    2008-08-19 22:20   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\ScanSoft
    .

    (((((((((((((((((((((((((((((   snapshot@2008-10-02_12.59.56.18   )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-14 00:12:19   1,033,728   ----a-w   C:\WINDOWS\explorer_original.exe
    + 2008-04-14 00:12:19   1,033,728   -c--a-w   C:\WINDOWS\system32\dllcache\explorer.exe
    + 2008-10-02 21:08:46   16,384   ----atw   C:\WINDOWS\temp\Perflib_Perfdata_698.dat
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
    2008-08-04 15:44   1947080   --a------   C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
    [HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2007-08-17 159744]
    "Messenger (Yahoo!)"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-09-19 4347120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
    "Nuance PDF Professional 5-reminder"="C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2007-08-31 328992]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-20 185896]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-09-15 266497]
    "SoundMan"="SOUNDMAN.EXE" [2002-10-02 C:\WINDOWS\SOUNDMAN.EXE]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    Logged

    lonewolf

      Topic Starter


      Rookie

      Re: A Bad Rootkit Problem
      « Reply #16 on: October 02, 2008, 04:06:55 PM »
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
      2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
      2008-09-14 02:37 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "vidc.I420"= i263_32.drv
      "vidc.I263"= I263_32.drv
      "msacm.divxa32"= divxa32.acm
      "VIDC.X264"= x264vfw.dll
      "MSVideo"= CSvidcap.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
      path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
      backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Lone Wolf^Start Menu^Programs^Startup^Stardock Keyboard Launchpad.lnk]
      path=C:\Documents and Settings\Lone Wolf\Start Menu\Programs\Startup\Stardock Keyboard Launchpad.lnk
      backup=C:\WINDOWS\pss\Stardock Keyboard Launchpad.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]
      --a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobeupdater]
      --a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
      --a------ 2008-09-03 20:12 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
      --a------ 2007-05-27 03:19 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
      --a------ 2008-06-10 16:18 785520 C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
      --a------ 2007-12-25 16:25 937984 C:\Program Files\FileZilla Server\FileZilla Server Interface.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hyperym]
      --a------ 2005-11-03 16:59 172032 C:\Program Files\HyperYM\HyperYM.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      --a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
      --a------ 2005-02-16 16:15 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
      --a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a------ 2008-09-08 23:02 289576 C:\Program Files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      --a------ 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
      --a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      -ra------ 2007-04-18 23:26 7700480 C:\WINDOWS\system32\nvcpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      -ra------ 2007-04-18 23:26 86016 C:\WINDOWS\system32\nvmctray.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdf5 registry controller]
      --a------ 2008-02-02 02:19 58656 C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfhook]
      --a------ 2008-03-15 10:55 1626112 C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe]
      --a------ 2008-08-20 21:19 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
      --a------ 2008-09-19 17:34 4347120 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
      --a------ 2002-07-23 14:09 477184 C:\WINDOWS\mHotkey.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      -ra------ 2007-04-18 23:26 1626112 C:\WINDOWS\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      R0 bootcfg;DriverStudio BootTime Configuration;C:\WINDOWS\system32\drivers\bootcfg.sys [2004-12-20 10624]
      R0 CptHook;DriverStudio Hook Driver;C:\WINDOWS\system32\drivers\cpthook.sys [2004-12-20 17024]
      R0 nmfilter;DriverStudio Device Filter;C:\WINDOWS\system32\DRIVERS\nmfilter.sys [2004-12-20 7808]
      R0 OsiData;OsiData;C:\WINDOWS\system32\drivers\OsiData.sys [2004-12-20 728768]
      R0 Siwvid;Siwvid;C:\WINDOWS\system32\drivers\siwvid.sys [2004-12-20 159360]
      R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-09-15 164097]
      R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-09-15 258305]
      R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-09-15 41217]
      R2 DbgMsg;Debug Message;C:\WINDOWS\system32\drivers\DbgMsg.sys [2004-12-20 16000]
      R2 DriverStudio Remote Control;DriverStudio Remote Control;C:\Program Files\Compuware\DriverStudio\Common\Bin\DSRSvc.exe [2004-12-20 41034]
      R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-02 144672]
      R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
      S3 DbgNet;DbgNet;C:\WINDOWS\system32\drivers\DbgNet.sys [2004-12-20 16000]
      S3 EraserUtilDrv10821;EraserUtilDrv10821;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys [ ]
      S3 NTice;NTice;C:\WINDOWS\system32\drivers\NTice.sys [2004-12-20 1874432]
      S3 SiwvidStart;SiwvidStart;C:\Program Files\Compuware\DriverStudio\SoftICE\Setup\siwvid.sys [2004-12-20 159360]
      S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-12 354560]
      S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
      S4 BCHKD;BCHKD;C:\WINDOWS\system32\drivers\BCHKD.sys [2004-12-20 589568]
      S4 SiCore;SICORE;C:\WINDOWS\system32\drivers\SiCore.sys [2004-12-20 224512]
      S4 SIFILE;SIFILE;C:\WINDOWS\system32\drivers\SIFILE.sys [2004-12-20 13824]
      S4 SIKSYM;SIKSYM;C:\WINDOWS\system32\drivers\SIKSYM.sys [2004-12-20 728896]
      S4 Siwsym;Siwsym;C:\WINDOWS\system32\drivers\Siwsym.sys [2008-09-29 1184]
      S4 X9TC;X9TC;C:\WINDOWS\system32\drivers\X9TC.sys [2004-12-20 32768]
      S4 X9TT;X9TT;C:\WINDOWS\system32\drivers\X9TT.sys [2004-12-20 78848]
      S4 X9TTsvc;TrueTime DE System Performance Service;C:\Program Files\Compuware\DriverStudio\DriverWorkbench\TTPerfSvc.exe [2004-12-20 24653]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
      UxTuneUp
      .
      Contents of the 'Scheduled Tasks' folder
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-10-02 16:05:32
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\explorer.exe
      -> C:\Program Files\RocketDock\RocketDock.dll
      -> C:\Program Files\UberIcon\UberIcon.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\FileZilla Server\FileZilla server.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\iPod\bin\iPodService.exe
      .
      **************************************************************************
      .
      Completion time: 2008-10-02 16:22:41 - machine was rebooted
      ComboFix-quarantined-files.txt  2008-10-02 21:22:28
      ComboFix2.txt  2008-10-02 18:00:39

      Pre-Run: 14,583,066,624 bytes free
      Post-Run: 14,569,488,384 bytes free

      443   --- E O F ---   2008-10-02 07:15:04
      Logged

      evilfantasy

      • Malware Removal Specialist
      • Moderator


        • Genius
      • Calm like a bomb
        • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: A Bad Rootkit Problem
      « Reply #17 on: October 03, 2008, 09:06:32 AM »
      Looks good. How is everything now?

      • Click START then RUN
      • Now type Combofix /u in the runbox
      • Make sure there's a space between Combofix and /u
      • Then hit Enter.
      .
      .
      The above procedure will:
      • Delete:
        • ComboFix and its associated files and folders.
        • VundoFix backups, if present
        • The C:\Deckard folder, if present
        • The C:_OtMoveIt folder, if present
        • Reset the clock settings.
        • Hide file extensions, if required.
        • Hide System/Hidden files, if required.
        • Set a new, clean Restore Point.
        .
        ----------

        Download OTCleanIt.exe and save it to your Desktop.
        • Double-click OTCleanIt.exe.
        • Click the CleanUp! button.
        • Select Yes when the "Begin cleanup Process?" prompt appears.
        • If you are prompted to Reboot during the cleanup, select Yes.
        • The tool will delete itself once it finishes, if not delete it yourself.
        .
        -----------

        Set a New Restore Point to prevent possible reinfection from an old one
        Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
        • Go to Start > Programs > Accessories > System Tools and click System Restore
        • Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
        • The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
        • Next go to Start > Run and type Cleanmgr
        • Click OK
        • Click the More Options Tab.
        • Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
        You can find instructions on how to enable and re-enable system restore here:

        Windows XP System Restore Guide or Windows Vista System Restore Guide
        .
        ----------

        Use the Secunia Software Inspector to check for out of date software.
        • Click Start Now
        • Check the box next to Enable thorough system inspection.
        • Click Start
        • Allow the scan to finish and scroll down to see if any updates are needed.
        • Update anything listed.
        .
        ----------

        Go to Microsoft Windows Update and get all critical updates.

        ----------

        Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

        Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

        To prevent unknown applications from being installed on your computer install WinPatrol 2008
        * Using Winpatrol to protect your computer from malicious software

        I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

        SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
        * Using SpywareBlaster to protect your computer from Spyware and Malware
        * If you don't know what ActiveX controls are, see here

        Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

        Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
        Logged

        lonewolf

          Topic Starter


          Rookie

          Re: A Bad Rootkit Problem
          « Reply #18 on: October 03, 2008, 10:21:26 AM »
          Hello,

          Thank you for all your help! Computer seems to be normal now. Only problem I have now is awhile back, I accidentally deleted the system restore. I can't get system restore to work anymore. Any ideas?

          Once again Thank You for all your help  ;D !!
          Logged

          evilfantasy

          • Malware Removal Specialist
          • Moderator


            • Genius
          • Calm like a bomb
            • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: A Bad Rootkit Problem
          « Reply #19 on: October 03, 2008, 10:31:03 AM »
          Repair System Restore

          Go to Start > Run and type notepad.exe then click OK

          Copy and paste the text in the Quote box below to Notepad and save as fixme.reg to Your Desktop

          Code: [Select]
          Windows Registry Editor Version 5.00

          [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
          "DisableConfig"=dword:00000000
          "DisableSR"=dword:00000000

          [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
          "NoSaveSettings"=dword:00000000

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
          "Type"=dword:00000002
          "Start"=dword:00000000
          "ErrorControl"=dword:00000001
          "Tag"=dword:00000004
          "ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
            52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,72,00,2e,00,73,00,79,00,73,\
            00,00,00
          "DisplayName"="System Restore Filter Driver"
          "Group"="FSFilter System Recovery"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]
          "FirstRun"=dword:00000000
          "DontBackup"=dword:00000000
          "MachineGuid"="{EAAFAEEC-4AFE-42BE-83D9-C12FDD4942A6}"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security]
          "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
            00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
            00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
            05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
            20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
            00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
            00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum]
          "0"="Root\\LEGACY_SR\\0000"
          "Count"=dword:00000001
          "NextInstance"=dword:00000001

          [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
          "DisableSR"=dword:00000000

          [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
          "DisableConfig"=dword:00000000

          [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
          [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
          [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
          Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

          Accept any warnings.
          Logged

          lonewolf

            Topic Starter


            Rookie

            Re: A Bad Rootkit Problem
            « Reply #20 on: October 03, 2008, 11:24:21 AM »
             ;D Thank You  ;D
            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: A Bad Rootkit Problem
            « Reply #21 on: October 03, 2008, 11:41:02 AM »
            Your welcome.

            Safe surfing.....
            Logged
            Pages: 1 [2]  All   Go Up
            « previous next »