GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Also need help getting rid of MD

View previous topic View next topic Go down

Also need help getting rid of MD

Post by salofdeath on Thu Jun 11, 2009 4:23 pm

I got tthat stupid file last week and cant get rid of it how do i do it?

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by Belahzur on Thu Jun 11, 2009 4:24 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Thu Jun 11, 2009 4:29 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:27:46 p.m., on 11/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Archivos de programa\Winamp\winampa.exe
C:\Archivos de programa\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LightScribeControlPanel.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Ares\Ares.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe
C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
c:\archivos de programa\winamp toolbar\WinampTbServer.exe
C:\Archivos de programa\Windows Live\Toolbar\wltuser.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Archivos de programa\shARES\tbshA0.dll
O1 - Hosts: 24.173.86.145 [You must be registered and logged in to see this link.]
O1 - Hosts: 24.173.86.145 Safe.google.com
O1 - Hosts: 24.173.86.145 [You must be registered and logged in to see this link.]
O1 - Hosts: 24.173.86.145 safe.google.com 24.173.86.145 [You must be registered and logged in to see this link.]
O1 - Hosts: 24.173.86.145 safe.google.com 24.173.86.145 [You must be registered and logged in to see this link.]
O1 - Hosts: 24.173.86.145 safe.google.com 24.173.86.145 [You must be registered and logged in to see this link.]
O1 - Hosts: 24.173.86.145 safe.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Archivos de programa\shARES\tbshA0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
O2 - BHO: MP3 es Toolbar - {f6f53201-ac60-4790-b385-405df25c4335} - C:\Archivos de programa\MP3_es\tbMP30.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll
O3 - Toolbar: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Archivos de programa\shARES\tbshA0.dll
O3 - Toolbar: MP3 es Toolbar - {f6f53201-ac60-4790-b385-405df25c4335} - C:\Archivos de programa\MP3_es\tbMP30.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\PC01B6~1\CONFIG~1\Temp\{B925E183-FF06-4A82-88EA-CB4363D96B5E}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x000a"
O4 - HKLM\..\Run: [kav] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Archivos de programa\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Archivos de programa\Archivos comunes\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\CONI\Datos de programa\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar a Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - [You must be registered and logged in to see this link.]
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Servicio de transferencia inteligente en segundo plano (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Actualizaciones automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10902 bytes

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by Belahzur on Thu Jun 11, 2009 4:37 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: 24.173.86.145 [You must be registered and logged in to see this link.]
    O1 - Hosts: 24.173.86.145 Safe.google.com
    O1 - Hosts: 24.173.86.145 [You must be registered and logged in to see this link.]
    O1 - Hosts: 24.173.86.145 safe.google.com 24.173.86.145 [You must be registered and logged in to see this link.]
    O1 - Hosts: 24.173.86.145 safe.google.com 24.173.86.145 [You must be registered and logged in to see this link.]
    O1 - Hosts: 24.173.86.145 safe.google.com 24.173.86.145 [You must be registered and logged in to see this link.]
    O1 - Hosts: 24.173.86.145 safe.google.com
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\PC01B6~1\CONFIG~1\Temp\{B925E183-FF06-4A82-88EA-CB4363D96B5E}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x000a"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Thu Jun 11, 2009 5:07 pm

thanks for the quick respose.
after I run the scan and remove and restart . should that fix the problem and I´m good to go?

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by Belahzur on Thu Jun 11, 2009 5:10 pm

Nope, I just want to remove MBAM to deal with most of the stuff, some of the leftovers will still remain.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Thu Jun 11, 2009 5:16 pm

so now what do i need to do to completely fix the problem

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by Belahzur on Thu Jun 11, 2009 5:23 pm

Can you start by posting the MBAM log please? Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Thu Jun 11, 2009 5:34 pm

Malwarebytes' Anti-Malware 1.37
Database version: 2262
Windows 5.1.2600 Service Pack 2

11/06/2009 07:00:05 p.m.
mbam-log-2009-06-11 (19-00-05).txt

Scan type: Quick Scan
Objects scanned: 104624
Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 110

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Archivos de programa\Internet Explorer\setupapi.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\wsnpoema (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\rnqmzdp(2)(2).dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\1aa3bac6.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\2195a281.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\25fd9912.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\26d4ea73.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\2be049b.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\4960b515.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\5387b4c1.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\6bd4e489.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\76fedc49.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\79cc0808.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\7dc5f5d1.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\8c8d1ef.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\9d5d71c3.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\a21b7303.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\aaf465ee.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\d225f8a0.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\d36d16be.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\e2a916ab.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\ea7490a.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\eb2979cf.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\f4a0be95.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\f644810c.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\f76d200c.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\beep(3).sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\dkde.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\pquaenmq.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\waryluei.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrador\configuración local\Temp\~TM12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrador\configuración local\Temp\~TM19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrador\configuración local\Temp\~TM4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrador.julissa\configuración local\Temp\srfnsfgbsvdsafggrtymujtgb37.log (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\administrador.julissa\configuración local\Temp\srfnsfgbsvdsafggrtymujtgb38.log (Trojan.Banker) -> Quarantined and deleted successfully.
c:\documents and settings\administrador.julissa\configuración local\Temp\~TM4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrador.julissa\configuración local\Temp\~TM44.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrador.julissa\configuración local\Temp\~TM4D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrador.julissa\configuración local\Temp\~TM55.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrador.julissa\configuración local\Temp\~TM5C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrador.julissa\configuración local\Temp\~TMB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\103.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\280.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\401.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\~TM11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\~TM14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\~TM5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\~TM9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\~TMA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\985.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\538.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\549.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\579.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\629.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\configuración local\Temp\753.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\10.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\11.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\12.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\13.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\15.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\19.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\6.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv801241292389.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\winde32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq(2).exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\Configuración local\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\Configuración local\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\Configuración local\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv531243627542.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN3E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN3F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\Archivos de programa\Internet Explorer\setupapi.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Administrador\Datos de programa\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Administrador.JULISSA\Datos de programa\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\Datos de programa\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3361\mlog (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Administrador\Datos de programa\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Administrador.JULISSA\Datos de programa\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\CONI\Datos de programa\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by Belahzur on Thu Jun 11, 2009 5:39 pm

Hello.


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Kaspersky)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Thu Jun 11, 2009 7:35 pm

ComboFix 09-06-11.05 - CONI 11/06/2009 21:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.52.3082.18.502.157 [GMT 2:00]
Running from: c:\documents and settings\CONI\Mis documentos\ComboFix2.exe
AV: Kaspersky Anti-Virus 6.0 *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\archivos de programa\Internet Explorer\setupapi.dll
c:\documents and settings\CONI\Datos de programa\wiaserva.log
c:\documents and settings\CONI\Datos de programa\wiaservg.log
c:\documents and settings\LocalService\Datos de programa\1301700638.exe
c:\documents and settings\LocalService\Datos de programa\1361538659.exe
c:\documents and settings\LocalService\Datos de programa\1458931097.exe
c:\windows\system32\avast!Antivirus.exe
c:\windows\system32\avast!AVSControlService.exe
c:\windows\system32\jbnmck.dll
c:\windows\system32\kr_done1
c:\windows\system32\rnqmzdp.dll
c:\windows\system32\sft.res

c:\windows\system32\drivers\null.sys was missing
Restored copy from - c:\windows\system32\dllcache\null.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVAST!ANTIVIRUS


((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-11 19:19 . 2001-09-28 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys
2009-06-11 19:19 . 2001-09-28 12:00 2944 ----a-w- c:\windows\system32\drivers\null.sys
2009-06-11 19:03 . 2009-06-11 19:20 99422 ----a-w- c:\windows\system32\drivers\ad801f46.sys
2009-06-11 18:53 . 2009-06-11 19:05 -------- d-s---w- C:\ComboFix1
2009-06-11 18:51 . 2009-06-11 18:51 96768 ----a-w- C:\ucpfyq.exe
2009-06-11 18:51 . 2009-06-11 18:51 36288 ----a-w- c:\windows\system32\drivers\gji53ab.sys
2009-06-11 18:51 . 2009-06-11 18:51 12288 ----a-w- C:\uytgl.exe
2009-06-11 18:51 . 2009-06-11 18:51 9216 ----a-w- C:\sonfj.exe
2009-06-11 18:50 . 2009-06-11 18:50 36288 ----a-w- c:\windows\system32\drivers\lmn8c54.sys
2009-06-11 18:48 . 2009-06-11 18:48 96588 ----a-w- c:\windows\system32\drivers\6c5d703.sys
2009-06-11 18:48 . 2009-06-11 18:50 96768 ----a-w- C:\qdasgh.exe
2009-06-11 18:48 . 2009-06-11 18:48 36288 ----a-w- c:\windows\system32\drivers\drb4fdf.sys
2009-06-11 18:48 . 2009-06-11 18:50 12288 ----a-w- C:\pquaenmq.exe
2009-06-11 17:24 . 2008-12-17 18:39 6529320 ---ha-w- c:\documents and settings\CONI\Datos de programa\mjusbsp\in00000\setup.exe
2009-06-11 17:24 . 2008-12-17 18:37 723120 ---ha-w- c:\documents and settings\CONI\Datos de programa\mjusbsp\ar00000\install.exe
2009-06-11 16:48 . 2009-06-11 16:48 -------- d-----w- c:\documents and settings\CONI\Datos de programa\Malwarebytes
2009-06-11 16:47 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 16:47 . 2009-06-11 16:47 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-06-11 16:47 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 16:47 . 2009-06-11 16:48 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-06-11 16:25 . 2009-06-11 16:25 -------- d-----w- c:\archivos de programa\Trend Micro
2009-06-11 07:52 . 2009-06-11 07:52 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-11 07:43 . 2009-06-11 17:56 -------- d--h--r- c:\documents and settings\CONI\Reciente
2009-06-11 07:01 . 2009-06-11 07:33 -------- d-----w- c:\archivos de programa\Spyware Doctor
2009-06-11 06:50 . 2009-06-11 19:05 -------- d-----w- c:\documents and settings\Administrador.JULISSA\Configuración local
2009-06-11 06:50 . 2009-06-11 07:33 -------- d-s---w- c:\documents and settings\Administrador.JULISSA
2009-06-11 06:50 . 2009-06-11 07:33 -------- d-----w- c:\documents and settings\Administrador.JULISSA\Plantillas
2009-06-11 06:50 . 2009-06-11 07:33 -------- d-----w- c:\documents and settings\Administrador.JULISSA\Datos de programa
2009-06-07 15:23 . 2009-06-11 07:34 -------- d-----w- c:\documents and settings\P C\Datos de programa\mjusbsp(2)
2009-06-07 12:07 . 2009-06-11 07:34 -------- d-----w- c:\documents and settings\CONI\Datos de programa\mjusbsp(2)
2009-06-06 22:11 . 2009-06-11 07:44 -------- d-----w- c:\windows\system32\NtmsData
2009-06-06 08:35 . 2009-06-11 07:49 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\mjusbsp
2009-06-06 07:58 . 2009-06-06 07:58 753 ----a-w- c:\windows\unins000.dat
2009-06-03 06:50 . 2009-06-11 19:05 -------- d-----w- c:\documents and settings\Administrador\Configuración local
2009-06-03 06:50 . 2009-06-11 07:49 -------- d-----w- c:\documents and settings\Administrador\Datos de programa
2009-06-03 06:50 . 2009-06-11 07:49 -------- d-s---w- c:\documents and settings\Administrador
2009-06-03 06:50 . 2009-06-11 07:49 -------- d-----w- c:\documents and settings\Administrador\Plantillas
2009-06-03 06:38 . 2009-06-03 06:38 -------- d-----w- c:\windows\system32\config\systemprofile\Datos de programa\Macromedia
2009-06-02 18:23 . 2009-06-02 18:23 -------- d-----w- c:\windows\system32\config\systemprofile\Datos de programa\Google
2009-06-02 18:22 . 2009-06-02 20:45 0 ----a-w- c:\windows\system32\drivers\64c1ed03.sys
2009-06-02 10:01 . 2008-12-17 18:39 6529320 ---ha-w- c:\documents and settings\P C\Datos de programa\mjusbsp\in00000\setup.exe
2009-06-02 10:01 . 2008-12-17 18:37 723120 ---ha-w- c:\documents and settings\P C\Datos de programa\mjusbsp\ar00000\install.exe
2009-05-25 12:30 . 2008-12-17 18:39 6529320 ---ha-w- c:\documents and settings\CONI\Datos de programa\mjusbsp\Upgrade\setup1.exe
2009-05-25 12:30 . 2008-12-17 18:37 723120 ---ha-w- c:\documents and settings\CONI\Datos de programa\mjusbsp\Upgrade\install1.exe
2009-05-24 10:07 . 2009-05-24 10:07 -------- d-----w- c:\documents and settings\P C\Datos de programa\Apple Computer
2009-05-24 10:02 . 2009-05-24 10:02 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple
2009-05-21 22:54 . 2009-05-21 22:54 -------- d-----w- c:\documents and settings\CONI\Datos de programa\Winamp
2009-05-21 13:22 . 2009-06-11 19:02 -------- d-----w- c:\documents and settings\CONI\Tracing

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 19:22 . 2009-06-11 19:22 524288 ---ha-w- c:\documents and settings\Administrador.JULISSA.000\NTUSER.DAT
2009-06-11 19:22 . 2009-06-11 19:22 -------- d-s---w- c:\documents and settings\Administrador.JULISSA.000\Datos de programa\Microsoft
2009-06-11 19:20 . 2006-11-30 18:22 2417696 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-11 19:20 . 2006-11-30 18:22 2025500 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-11 19:20 . 2006-11-30 18:22 4156424 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-11 19:20 . 2006-11-30 18:22 130586656 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-11 17:24 . 2009-02-21 23:03 -------- d-----w- c:\documents and settings\CONI\Datos de programa\mjusbsp
2009-06-11 15:56 . 2009-01-25 00:52 -------- d-----w- c:\archivos de programa\shARES
2009-06-11 07:45 . 2001-09-28 12:00 96588 ----a-w- c:\windows\system32\drivers\beep(5).sys
2009-06-11 07:45 . 2001-09-28 12:00 96588 ----a-w- c:\windows\system32\drivers\beep(4).sys
2009-06-11 07:43 . 2001-09-28 12:00 96588 ----a-w- c:\windows\system32\drivers\beep(2).sys
2009-06-07 08:01 . 2009-06-07 08:01 116812 ----a-w- c:\windows\system32\drivers\OLDA.tmp
2009-06-07 08:01 . 2009-06-07 08:01 116812 ----a-w- c:\windows\system32\drivers\OLD8.tmp
2009-06-07 08:01 . 2009-06-07 08:01 116812 ----a-w- c:\windows\system32\drivers\OLD6.tmp
2009-06-06 22:45 . 2001-09-28 12:00 116812 ----a-w- c:\windows\system32\drivers\null(2).sys
2009-06-03 06:53 . 2008-05-15 21:13 -------- d-----w- c:\archivos de programa\Norton Security Scan
2009-06-02 18:23 . 2006-11-30 01:40 -------- d-s---w- c:\windows\system32\config\systemprofile\Datos de programa\Microsoft
2009-06-02 15:34 . 2004-08-04 06:14 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-02 10:01 . 2008-11-30 15:11 -------- d-----w- c:\documents and settings\P C\Datos de programa\mjusbsp
2009-05-24 10:06 . 2009-05-24 10:05 -------- d-----w- c:\documents and settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-24 10:06 . 2009-05-24 10:05 -------- d-----w- c:\archivos de programa\iTunes
2009-05-24 10:06 . 2009-05-24 10:06 -------- d-----w- c:\archivos de programa\iPod
2009-05-24 10:06 . 2009-05-24 10:03 -------- d-----w- c:\archivos de programa\Archivos comunes\Apple
2009-05-24 10:05 . 2009-05-24 10:04 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple Computer
2009-05-24 10:05 . 2009-05-24 10:05 -------- d-----w- c:\archivos de programa\Bonjour
2009-05-24 10:05 . 2009-05-24 10:04 -------- d-----w- c:\archivos de programa\QuickTime
2009-05-24 10:03 . 2009-05-24 10:03 -------- d-----w- c:\archivos de programa\Apple Software Update
2009-05-24 08:59 . 2009-05-08 15:03 -------- d-----w- c:\documents and settings\P C\Datos de programa\Move Networks
2009-05-13 06:57 . 2007-12-15 12:01 -------- d-----w- c:\archivos de programa\Dl_cats
2009-05-12 09:01 . 2001-09-28 12:00 76700 ----a-w- c:\windows\system32\perfc00A.dat
2009-05-12 09:01 . 2001-09-28 12:00 453322 ----a-w- c:\windows\system32\perfh00A.dat
2009-05-11 15:00 . 2009-05-11 15:00 -------- d-----w- c:\archivos de programa\Microsoft Silverlight
2009-05-11 15:00 . 2009-05-11 14:51 -------- d-----w- c:\archivos de programa\Microsoft
2009-05-11 15:00 . 2009-05-11 14:51 -------- d-----w- c:\archivos de programa\Windows Live
2009-05-11 14:54 . 2009-05-11 14:54 -------- d-----w- c:\archivos de programa\Microsoft Sync Framework
2009-05-11 14:53 . 2009-05-11 14:53 -------- d-----w- c:\archivos de programa\Microsoft SQL Server Compact Edition
2009-05-11 14:51 . 2009-05-11 14:51 -------- d-----w- c:\archivos de programa\Windows Live SkyDrive
2009-05-11 14:06 . 2009-05-11 14:06 -------- d-----w- c:\archivos de programa\Archivos comunes\Windows Live
2009-05-09 15:18 . 2009-05-09 15:18 -------- d-----w- c:\documents and settings\CONI\Datos de programa\PC Suite
2009-05-09 15:18 . 2009-05-09 15:18 -------- d-----w- c:\documents and settings\CONI\Datos de programa\Nokia
2009-05-08 15:05 . 2009-05-08 15:03 34062 ----a-w- c:\documents and settings\P C\Datos de programa\Move Networks\ie_bin\Uninst.exe
2009-05-08 15:05 . 2009-05-08 15:04 1047224 ----a-w- c:\documents and settings\P C\Datos de programa\Move Networks\MoveMediaPlayer_071303000005.exe
2009-05-06 08:35 . 2009-05-06 08:35 -------- d-----w- c:\documents and settings\ULISES\Datos de programa\Winamp
2009-05-05 11:08 . 2009-05-05 11:07 7882936 ---h--w- c:\documents and settings\ULISES\Datos de programa\mjusbsp\ar00000\upgrade.exe
2009-05-05 11:08 . 2009-05-05 11:07 -------- d-----w- c:\documents and settings\ULISES\Datos de programa\mjusbsp
2009-04-28 13:05 . 2009-04-28 13:05 -------- d-----w- c:\documents and settings\P C\Datos de programa\PC Suite
2009-04-28 13:05 . 2009-04-28 13:05 -------- d-----w- c:\documents and settings\P C\Datos de programa\Nokia
2009-04-28 07:53 . 2009-04-28 07:39 -------- d-----w- c:\documents and settings\All Users\Datos de programa\PC Suite
2009-04-28 07:48 . 2009-04-28 07:39 -------- d-----w- c:\documents and settings\ULISES\Datos de programa\Nokia
2009-04-28 07:47 . 2009-04-28 07:47 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Nokia
2009-04-28 07:47 . 2009-04-28 07:47 -------- d-----w- c:\archivos de programa\Archivos comunes\Nokia
2009-04-28 07:47 . 2009-04-28 07:30 -------- d-----w- c:\archivos de programa\Nokia
2009-04-28 07:33 . 2009-04-28 07:33 -------- d-----w- c:\archivos de programa\Archivos comunes\PCSuite
2009-04-28 07:30 . 2009-04-28 07:30 -------- d-----w- c:\archivos de programa\DIFX
2009-04-28 07:30 . 2009-04-28 07:30 -------- d-----w- c:\documents and settings\ULISES\Datos de programa\PC Suite
2009-04-28 07:30 . 2009-04-28 07:30 -------- d-----w- c:\archivos de programa\PC Connectivity Solution
2009-04-02 14:29 . 2009-04-02 14:29 75048 ----a-w- c:\documents and settings\All Users\Datos de programa\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-26 13:23 . 2009-05-24 10:03 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-26 13:23 . 2009-05-24 10:03 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-19 14:32 . 2009-05-24 10:06 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\documents and settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
.

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Thu Jun 11, 2009 7:36 pm

------- Sigcheck -------

[-] 2009-06-02 15:34 212480 1DDCD4F10C093B87A59A0FBA97E8462D c:\windows\system32\dllcache\ndis.sys
[-] 2009-06-02 15:34 212480 1DDCD4F10C093B87A59A0FBA97E8462D c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-30 01:41 . 2009-06-11 19:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-11-30 01:41 . 2009-06-11 19:22 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-11-30 01:41 . 2009-06-11 19:01 32768 c:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\index.dat
+ 2006-11-30 01:41 . 2009-06-11 19:22 32768 c:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\index.dat
+ 2001-09-28 12:00 . 2001-09-28 12:00 4224 c:\windows\system32\drivers\beep.sys
+ 2006-11-30 01:41 . 2009-06-11 19:22 278528 c:\windows\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
- 2006-11-30 01:41 . 2009-06-11 19:01 278528 c:\windows\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c905b42-976e-43c1-bc30-fc5937017909}]
2009-06-11 15:57 2094616 ----a-w- c:\archivos de programa\shARES\tbshA0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f6f53201-ac60-4790-b385-405df25c4335}]
2009-03-13 02:30 1883672 ----a-w- c:\archivos de programa\MP3_es\tbMP30.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\archivos de programa\Archivos comunes\Ahead\Lib\NMFirstStart.exe" [2007-05-04 16432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"kav"="c:\archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-02-20 135271]
"WinampAgent"="c:\archivos de programa\Winamp\winampa.exe" [2008-01-15 37376]
"NSLauncher"="c:\archivos de programa\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\CONI\Men£ Inicio\Programas\Inicio\
fmnupd32.exe [2004-8-20 30720]
zqosys32.exe [2004-8-20 28160]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"c:\\Archivos de programa\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Archivos de programa\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Archivos de programa\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\P C\\Datos de programa\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\CONI\\Datos de programa\\mjusbsp\\magicJack.exe"=

R1 drb4fdf;drb4fdf;c:\windows\system32\drivers\drb4fdf.sys [11/06/2009 08:48 p.m. 36288]
S1 ad801f46;ad801f46;c:\windows\system32\drivers\ad801f46.sys [11/06/2009 09:03 p.m. 99422]
S2 avast!Antivirus;avast!Antivirus;c:\windows\System32\avast!Antivirus.exe -k netsvcs --> c:\windows\System32\avast!Antivirus.exe -k netsvcs [?]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [11/05/2009 05:00 p.m. 55152]
S3 fsssvc;Windows Live Protección Infantil;c:\archivos de programa\Windows Live\Family Safety\fsssvc.exe [06/02/2009 06:08 p.m. 533360]
S3 gji53ab;gji53ab;c:\windows\system32\drivers\gji53ab.sys [11/06/2009 08:51 p.m. 36288]
S3 lmn8c54;lmn8c54;c:\windows\system32\drivers\lmn8c54.sys [11/06/2009 08:50 p.m. 36288]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVAST!ANTIVIRUS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\archivos de programa\Archivos comunes\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C735612}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\winde32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{98ZVD5C0-4FCB-11CF-AAX5-81CX1C635612}]
c:\recycler\S-1-5-21-1482276501-1663491937-6831267430-1013\svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-06-07 c:\windows\Tasks\Norton Security Scan.job
- c:\archivos de programa\Norton Security Scan\Nss.exe [2008-01-09 02:08]
.
- - - - ORPHANS REMOVED - - - -

BHO-{AFF01325-0FC2-4749-8914-FBF0565AD9CC} - jbnmck.dll


.
------- Supplementary Scan -------
.
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-11 21:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\klogon.dll
c:\windows\system32\sirenacm.dll
.
Completion time: 2009-06-11 21:25 - machine was rebooted [Administrador]
ComboFix-quarantined-files.txt 2009-06-11 19:25
ComboFix2.txt 2009-06-11 19:05

Pre-Run: 48,402,796,544 bytes libres
Post-Run: 48,581,562,368 bytes libres

257

I wont be able to continue right now have to get ready for work and then head to work but ill do after come back. thanks for all the help so far

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by Belahzur on Thu Jun 11, 2009 7:42 pm

Hello.
Bad news.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
ad801f46
gji53ab
lmn8c54
6c5d703
drb4fdf
64c1ed03
drb4fdf
avast!Antivirus

Rootkit::
c:\windows\system32\drivers\ad801f46.sys
c:\windows\system32\drivers\gji53ab.sys
c:\windows\system32\drivers\lmn8c54.sys
c:\windows\system32\drivers\6c5d703.sys
c:\windows\system32\drivers\drb4fdf.sys
c:\windows\system32\drivers\64c1ed03.sys
c:\windows\system32\drivers\drb4fdf.sys

File::
C:\ucpfyq.exe
C:\uytgl.exe
C:\sonfj.exe
C:\qdasgh.exe
C:\pquaenmq.exe
c:\windows\system32\drivers\ad801f46.sys
c:\windows\system32\drivers\gji53ab.sys
c:\windows\system32\drivers\lmn8c54.sys
c:\windows\system32\drivers\6c5d703.sys
c:\windows\system32\drivers\drb4fdf.sys
c:\windows\system32\drivers\64c1ed03.sys
c:\documents and settings\CONI\Men£ Inicio\Programas\Inicio\fmnupd32.exe
c:\documents and settings\CONI\Men£ Inicio\Programas\Inicio\zqosys32.exe
c:\windows\system32\drivers\drb4fdf.sys
c:\recycler\S-1-5-21-1482276501-1663491937-6831267430-1013\svchost.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\winde32.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Archivos de programa\\Ares\\Ares.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C735612}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{98ZVD5C0-4FCB-11CF-AAX5-81CX1C635612}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Thu Jun 11, 2009 8:05 pm

do you sugguest i should just reformat my hardnew and start form new?

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by Belahzur on Thu Jun 11, 2009 8:12 pm

That might be a good idea, yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Fri Jun 12, 2009 5:33 am

About formating my HD. I would like to backup some of my files. And Ive heard about doing it online. What online backup files do u recomend. Some safe ones. I do prefer saving them in another computer but thats kinda diffuct for me atm.

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by Belahzur on Fri Jun 12, 2009 8:48 am

As long as you don't back up any infected files, you can zip whatever you need an upload them to hosting websites like megaupload.com, or rapidshare.com.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Sat Jun 13, 2009 4:35 pm

How can I check the files i wanna back up are not infected?

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by Belahzur on Sat Jun 13, 2009 4:39 pm

Depends what type of files they are.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Sat Jun 13, 2009 5:10 pm

they are just pictures and various MS Word files

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by Belahzur on Sat Jun 13, 2009 5:16 pm

.doc/.txt? They are fine. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Sat Jun 13, 2009 5:28 pm

what about JPEG files?

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by Belahzur on Sat Jun 13, 2009 5:30 pm

Fine too.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Sat Jun 13, 2009 5:37 pm

coo thank u

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by salofdeath on Sat Jun 13, 2009 5:38 pm

One more thing I havent formated a computer in a while. How do i do it? I remember some of the steps but i kinda want to make sure i dont forget any

salofdeath
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-06-11
OS : windows xp
Points : 27340
# Likes : 0

View user profile

Back to top Go down

Re: Also need help getting rid of MD

Post by Belahzur on Sat Jun 13, 2009 5:41 pm

Instructions how to format and reinstall Windows can be found [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum