Help please! :(

Scarlet_ · 09-25-2009

Hello good day! My World of warcraft account just got hacked twice recently (i know it has nothing to do with the case but just to start off), so they (blizzard.com) advised me to run a full system scan so i did. then i found out the system have 10 threats, and my anti-virus pops-up every 5 secs that says it has trojan. tried a few different anti virus full scan and an autorun.inf remover (cause it also has autorun.inf) nothing seems to work. im very much confused, ive tried deleting them manually but the "show hidden files" option doesnt work. please help me

thank you and bless you.

Jelly Bean · 09-25-2009

Hello and welcome.

Please follow the instructions of the Prework.

Scarlet_ · 09-26-2009

Ok so these are the logs. Thank you for helping!

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/26 12:37
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF5811000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7D54000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF280E000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\theresa 21\application data\mozilla\firefox\profiles\qvgfvrt1.default\loc alstore.rdf
Status: Size mismatch (API: 2760, Raw: 2586)

Path: C:\Documents and Settings\Theresa 21\Application Data\Mozilla\Firefox\Profiles\qvgfvrt1.default\par ent.lock
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Theresa 21\Application Data\Mozilla\Firefox\Profiles\qvgfvrt1.default\ses sionstore.js
Status: Invisible to the Windows API!

SSDT
-------------------
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8653dcb0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8653e0d0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8653e6d0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8653e4f0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8653dee0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8653e310

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x86460620]
Process: System Address: 0x8653c930 Size: 1000

==EOF==

--------------------------------------------------------

SysProt AntiRootkit v1.0.1.0
by swatkat

************************************************** ****************************************
************************************************** ****************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 448
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 504
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 528
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 572
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 584
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 740
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 796
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 908
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 964
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1236
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1344
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PID: 1468
Hidden: No
Window Visible: No

Name: C:\Program Files\Winamp\winampa.exe
PID: 1476
Hidden: No
Window Visible: No

Name: C:\Program Files\Autorun Eater\oldmcdonald.exe
PID: 1492
Hidden: No
Window Visible: No

Name: C:\Program Files\Autorun Eater\billy.exe
PID: 1640
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PID: 1756
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 832
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wscntfy.exe
PID: 1156
Hidden: No
Window Visible: No

Name: C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PID: 1420
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 380
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Theresa 21\Desktop\RootRepeal.exe
PID: 1600
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\notepad.exe
PID: 2240
Hidden: No
Window Visible: Yes

Name: C:\Program Files\WinRAR\WinRAR.exe
PID: 2408
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Theresa 21\Desktop\SysProt\SysProt.exe
PID: 2452
Hidden: No
Window Visible: Yes

************************************************** ****************************************
************************************************** ****************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Theresa 21\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: F32AC000
Module End: F32B7000
Hidden: No

Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806ED680
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806EE000
Module End: 8070E300
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7D2E000
Module End: F7D30000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7C3E000
Module End: F7C41000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F77DF000
Module End: F780D000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7D30000
Module End: F7D32000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F77CE000
Module End: F77DF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F782E000
Module End: F7838000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PCIIde.sys
Service Name: PCIIde
Module Base: F7DF6000
Module End: F7DF7000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\PCIIDEX.SYS
Service Name: ---
Module Base: F7AAE000
Module End: F7AB5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: F7D32000
Module End: F7D34000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F783E000
Module End: F7849000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F77AF000
Module End: F77CE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F7D34000
Module End: F7D36000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F7789000
Module End: F77AF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F7AB6000
Module End: F7ABB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F784E000
Module End: F785B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F7771000
Module End: F7789000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F785E000
Module End: F7867000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F786E000
Module End: F787B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: F7751000
Module End: F7771000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F773F000
Module End: F7751000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F787E000
Module End: F7888000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7728000
Module End: F773F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F769B000
Module End: F7728000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F766E000
Module End: F769B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7654000
Module End: F766E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agp440.sys
Service Name: agp440
Module Base: F788E000
Module End: F7899000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: F743C000
Module End: F760C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F7428000
Module End: F743C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F7AF6000
Module End: F7AFC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F7404000
Module End: F7428000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7AFE000
Module End: F7B06000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\es1371mp.sys
Service Name: es1371
Module Base: F792E000
Module End: F7938000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F73C9000
Module End: F73ED000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F793E000
Module End: F794D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ks.sys
Service Name: ---
Module Base: F73A6000
Module End: F73C9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
Service Name: rtl8139
Module Base: F7B06000
Module End: F7B0C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F794E000
Module End: F795B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F7B0E000
Module End: F7B14000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7B16000
Module End: F7B1C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F7392000
Module End: F73A6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F795E000
Module End: F796E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F7CBE000
Module End: F7CC2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F796E000
Module End: F797E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F797E000
Module End: F798D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F798E000
Module End: F7997000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7EB7000
Module End: F7EB8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F799E000
Module End: F79AB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7CC6000
Module End: F7CC9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F737B000
Module End: F7392000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F79AE000
Module End: F79B9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F79BE000
Module End: F79CA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F7B26000
Module End: F7B2B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F736A000
Module End: F737B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F79CE000
Module End: F79D7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7B2E000
Module End: F7B33000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7B36000
Module End: F7B3B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F6F10000
Module End: F6F40000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F79DE000
Module End: F79E8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7D3C000
Module End: F7D3E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F6E12000
Module End: F6E70000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7CE2000
Module End: F7CE6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F79EE000
Module End: F79F8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F79FE000
Module End: F7A0D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7D42000
Module End: F7D44000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7D44000
Module End: F7D46000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7E9C000
Module End: F7E9D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7D46000
Module End: F7D48000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Service Name: ehdrv
Module Base: F5A01000
Module End: F5A1E000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F7B4E000
Module End: F7B54000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7D48000
Module End: F7D4A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7D4A000
Module End: F7D4C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F7B56000
Module End: F7B5B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F7B5E000
Module End: F7B66000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F7D1A000
Module End: F7D1D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: F59A6000
Module End: F59B9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: F594D000
Module End: F59A6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: F5925000
Module End: F594D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
Service Name: epfwtdir
Module Base: F590C000
Module End: F5925000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: F58EA000
Module End: F590C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7A1E000
Module End: F7A27000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: F58BF000
Module End: F58EA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: F584F000
Module End: F58BF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7A3E000
Module End: F7A49000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: F5829000
Module End: F584F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7A4E000
Module End: F7A57000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F7A8E000
Module End: F7A9E000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F5811000
Module End: F5829000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7D54000
Module End: F7D56000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F7CBA000
Module End: F7CBD000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F7B76000
Module End: F7B7B000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7F7B000
Module End: F7F7C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\eamon.sys
Service Name: eamon
Module Base: F44AF000
Module End: F456B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: F57FD000
Module End: F5801000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: F3A1A000
Module End: F3A2F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: F43AF000
Module End: F43BE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: F367F000
Module End: F36AC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: F7DF2000
Module End: F7DF4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: F3605000
Module End: F3657000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: F3434000
Module End: F3475000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Service Name: rootrepeal
Module Base: F32DC000
Module End: F32E8000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: F286E000
Module End: F2899000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F7B1E000
Module End: F7B25000
Hidden: No

************************************************** ****************************************
************************************************** ****************************************
SSDT:
Function Name: ZwOpenProcess
Address: 8653DCB0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 8653E0D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendProcess
Address: 8653E6D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 8653E4F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 8653DEE0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 8653E310
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

************************************************** ****************************************
************************************************** ****************************************
No Kernel Hooks found

************************************************** ****************************************
************************************************** ****************************************
No IRP Hooks found

************************************************** ****************************************
************************************************** ****************************************
Ports:
Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1154
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1150
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1148
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1146
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1144
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1140
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1138
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1136
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1134
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1132
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1130
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1128
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1126
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1124
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1122
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1120
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1118
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1116
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1114
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1112
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1108
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1091
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1063
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1061
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1059
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1051
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: LOCALHOST:1049
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:30606
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: LISTENING

Local Address: THERESA-BA04427:1152
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:1140
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1138
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1132
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1130
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1128
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1122
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1120
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1118
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1116
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1114
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1091
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1039
Remote Address: LOCALHOST:1038
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1038
Remote Address: LOCALHOST:1039
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1037
Remote Address: LOCALHOST:1036
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1036
Remote Address: LOCALHOST:1037
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1030
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: THERESA-BA04427:1143
Remote Address: 203.190.124.21:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: THERESA-BA04427:1141
Remote Address: TX-IN-F157.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1139
Remote Address: TX-IN-F157.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1133
Remote Address: TX-IN-F157.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1131
Remote Address: TX-IN-F157.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1129
Remote Address: TX-IN-F167.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1123
Remote Address: MAA03S01-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1121
Remote Address: TX-IN-F105.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1119
Remote Address: TX-IN-F105.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1117
Remote Address: TX-IN-F139.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1115
Remote Address: TX-IN-F139.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:1092
Remote Address: TY-IN-F113.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: ESTABLISHED

Local Address: THERESA-BA04427:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: THERESA-BA04427:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: THERESA-BA04427:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: THERESA-BA04427:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: THERESA-BA04427:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: THERESA-BA04427:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: THERESA-BA04427:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: THERESA-BA04427:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: THERESA-BA04427:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: THERESA-BA04427:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: THERESA-BA04427:1041
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: THERESA-BA04427:1040
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: THERESA-BA04427:1035
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: THERESA-BA04427:1034
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: THERESA-BA04427:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: THERESA-BA04427:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

************************************************** ****************************************
************************************************** ****************************************
Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\_restore{1101621F-9353-40A6-AB22-AAE4BF598C51}
Status: Access denied

Object: D:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}
Status: Access denied

Object: D:\System Volume Information\_restore{34D94B80-A854-4EA2-92F5-7264A88B38E1}
Status: Access denied

Object: D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}
Status: Access denied

Object: D:\System Volume Information\_restore{913F0F59-8A27-47A7-AFFA-0FB77F4E0E46}
Status: Access denied

Object: D:\System Volume Information\_restore{BE35042C-982C-437A-9A1C-B1B79DE3E976}
Status: Access denied

Object: D:\System Volume Information\_restore{F65CE8E5-47BC-496C-8C97-01AD5EDEC561}
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}
Status: Access denied

-------------------------------------------------------------------

Part 1

Scarlet_ · 09-26-2009

Part 2

DDS (Ver_09-09-24.01) - NTFSx86
Run by Theresa 21 at 12:44:35.67 on Sat 09/26/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.699 [GMT -7:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\Autorun Eater\billy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Theresa 21\Desktop\SysProt\SysProt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Theresa 21\Desktop\dds.scr

============== Pseudo HJT Report ===============

uRun: [cdoosoft] c:\docume~1\theres~1\locals~1\temp\herss.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\theres~1\applic~1\mozilla\firefox\prof iles\qvgfvrt1.default\

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2009-3-19 93848]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\theresa 21\desktop\sysprot\SysProtDrv.sys [2009-9-26 44288]

=============== Created Last 30 ================

2009-09-26 03:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-09-26 03:43 82,944 a------- c:\windows\system32\vct3216.acm
2009-09-26 03:43 13,239 a------- c:\windows\system32\Scg726.acm
2009-09-26 03:43 <DIR> --d----- c:\program files\common files\AVSMedia
2009-09-26 03:43 81,920 a------- c:\windows\system32\AC3ACM.acm
2009-09-26 03:43 38,912 a------- c:\windows\system32\alf2cd.acm
2009-09-26 03:42 <DIR> --d----- c:\program files\AVS4YOU
2009-09-26 02:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Autorun Eater
2009-09-26 02:58 <DIR> --d----- c:\program files\Autorun Eater
2009-09-26 02:54 <DIR> --d----- c:\program files\Smart Virus Remover
2009-09-25 23:36 0 a------- c:\windows\YAHELITE_cookie.INI
2009-09-25 23:28 5,290 a------- c:\windows\YAHELITE.INI
2009-09-25 23:23 <DIR> --d----- c:\program files\YahELite
2009-09-25 23:02 <DIR> --d----- c:\program files\ESET
2009-09-25 00:13 <DIR> --d----- c:\program files\Yahoo!
2009-09-25 00:06 <DIR> --ds---- c:\documents and settings\theresa 21\UserData
2009-09-25 00:03 111,956 ---shr-- C:\w9uxx92.exe
2009-09-24 21:50 332,672 a------- c:\windows\system32\wgatray.exe.bak
2009-09-24 21:49 1,488,688 a------- c:\windows\system32\legitcheckcontrol.dll.bak
2009-09-24 21:49 200,064 a------- c:\windows\system32\wgalogon.dll.bak
2009-09-24 21:47 <DIR> --d----- c:\documents and settings\Theresa 21
2009-09-24 21:45 <DIR> --ds---- c:\windows\system32\Microsoft
2009-09-24 21:45 8,192 a------- c:\windows\REGLOCS.OLD
2009-09-24 21:43 101,376 ac------ c:\windows\system32\dllcache\srusbusd.dll
2009-09-24 21:42 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-09-24 21:41 68,608 ac------ c:\windows\system32\dllcache\iisext51.dll
2009-09-24 21:40 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-09-24 21:40 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-09-24 21:40 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-09-24 21:40 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-09-24 21:40 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-09-24 21:39 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-09-24 21:39 <DIR> --d----- c:\program files\common files\MSSoap
2009-09-24 21:37 <DIR> --d----- c:\program files\Online Services
2009-09-24 21:37 <DIR> --d----- c:\program files\Messenger
2009-09-24 21:37 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-09-24 21:36 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-09-24 21:40 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-24 21:37 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 12:44:51.43 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-24.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/24/2009 9:44:32 PM
System Uptime: 9/26/2009 11:56:26 AM (1 hours ago)

Motherboard: Compaq | | 0804h
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | XU1 PROCESSOR | 1992/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 29 GiB total, 25.083 GiB free.
D: is FIXED (NTFS) - 120 GiB total, 26.582 GiB free.
I: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_00910E11&REV_81\4&252 96D99&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_00910E11&REV_81\4&252 96D99&0&40F0
Service:

==== System Restore Points ===================

RP1: 9/24/2009 9:47:46 PM - System Checkpoint
RP2: 9/25/2009 11:02:17 PM - Installed ESET NOD32 Antivirus

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Autorun Eater v2.4
AVS DVD Player version 2.4
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
ESET NOD32 Antivirus
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.3)
WebFldrs XP
Winamp
WinRAR archiver
YahELite 330.1
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

9/26/2009 2:44:37 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv Fips intelppm
9/26/2009 2:43:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/25/2009 12:02:57 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -57825 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.203.79.83:123->207.46.197.32:123) is working properly.

==== End Of File ===========================

Crush · 09-26-2009

Scarlet,

Did you run SecurityCheck? Do you have that log?

Scarlet_ · 09-26-2009

yeah im having trouble posting them. it wont complete. says the execution ran out of time or close to that

1 sec

Crush · 09-26-2009

Scarlet,

Try attaching them. This can be a problem with the bigger logfiles because the forum has a character limit on posts

09-25-2009	#1
Scarlet_ Bronze Member Join Date: Sep 2009 Posts: 27 PC Experience: Some Experience	Help please! :( Hello good day! My World of warcraft account just got hacked twice recently (i know it has nothing to do with the case but just to start off), so they (blizzard.com) advised me to run a full system scan so i did. then i found out the system have 10 threats, and my anti-virus pops-up every 5 secs that says it has trojan. tried a few different anti virus full scan and an autorun.inf remover (cause it also has autorun.inf) nothing seems to work. im very much confused, ive tried deleting them manually but the "show hidden files" option doesnt work. please help me thank you and bless you.

09-25-2009	#2
Jelly Bean Stoooooopid Girl. Join Date: Feb 2008 Location: Swansea Posts: 12,727 PC Experience: None.	Re: Help please! :( Hello and welcome. Please follow the instructions of the Prework. Comments on this post Ankur agrees: Thanks Jelly __________________ Rwy'n ceisio fy ngorau.

09-26-2009	#3
Scarlet_ Bronze Member Join Date: Sep 2009 Posts: 27 PC Experience: Some Experience	Re: Help please! :( Ok so these are the logs. Thank you for helping! ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/09/26 12:37 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF5811000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7D54000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF280E000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: c:\documents and settings\theresa 21\application data\mozilla\firefox\profiles\qvgfvrt1.default\loc alstore.rdf Status: Size mismatch (API: 2760, Raw: 2586) Path: C:\Documents and Settings\Theresa 21\Application Data\Mozilla\Firefox\Profiles\qvgfvrt1.default\par ent.lock Status: Invisible to the Windows API! Path: C:\Documents and Settings\Theresa 21\Application Data\Mozilla\Firefox\Profiles\qvgfvrt1.default\ses sionstore.js Status: Invisible to the Windows API! SSDT ------------------- #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x8653dcb0 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x8653e0d0 #: 253 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x8653e6d0 #: 254 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x8653e4f0 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x8653dee0 #: 258 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x8653e310 Stealth Objects ------------------- Object: Hidden Code [ETHREAD: 0x86460620] Process: System Address: 0x8653c930 Size: 1000 ==EOF== -------------------------------------------------------- SysProt AntiRootkit v1.0.1.0 by swatkat ************************************************ ************************************ ********************************************** ************************************ Process: Name: [System Idle Process] PID: 0 Hidden: No Window Visible: No Name: System PID: 4 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\smss.exe PID: 448 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\csrss.exe PID: 504 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\winlogon.exe PID: 528 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 572 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\lsass.exe PID: 584 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 740 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 796 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 860 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 908 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 964 Hidden: No Window Visible: No Name: C:\WINDOWS\explorer.exe PID: 1236 Hidden: No Window Visible: Yes Name: C:\WINDOWS\system32\spoolsv.exe PID: 1344 Hidden: No Window Visible: No Name: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PID: 1468 Hidden: No Window Visible: No Name: C:\Program Files\Winamp\winampa.exe PID: 1476 Hidden: No Window Visible: No Name: C:\Program Files\Autorun Eater\oldmcdonald.exe PID: 1492 Hidden: No Window Visible: No Name: C:\Program Files\Autorun Eater\billy.exe PID: 1640 Hidden: No Window Visible: No Name: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PID: 1756 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\alg.exe PID: 832 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\wscntfy.exe PID: 1156 Hidden: No Window Visible: No Name: C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe PID: 1420 Hidden: No Window Visible: No Name: C:\Program Files\Mozilla Firefox\firefox.exe PID: 380 Hidden: No Window Visible: No Name: C:\Documents and Settings\Theresa 21\Desktop\RootRepeal.exe PID: 1600 Hidden: No Window Visible: Yes Name: C:\WINDOWS\system32\notepad.exe PID: 2240 Hidden: No Window Visible: Yes Name: C:\Program Files\WinRAR\WinRAR.exe PID: 2408 Hidden: No Window Visible: No Name: C:\Documents and Settings\Theresa 21\Desktop\SysProt\SysProt.exe PID: 2452 Hidden: No Window Visible: Yes ********************************************** ************************************ ********************************************** ************************************ Kernel Modules: Module Name: \??\C:\Documents and Settings\Theresa 21\Desktop\SysProt\SysProtDrv.sys Service Name: SysProtDrv.sys Module Base: F32AC000 Module End: F32B7000 Hidden: No Module Name: \WINDOWS\system32\ntoskrnl.exe Service Name: --- Module Base: 804D7000 Module End: 806ED680 Hidden: No Module Name: \WINDOWS\system32\hal.dll Service Name: --- Module Base: 806EE000 Module End: 8070E300 Hidden: No Module Name: \WINDOWS\system32\KDCOM.DLL Service Name: --- Module Base: F7D2E000 Module End: F7D30000 Hidden: No Module Name: \WINDOWS\system32\BOOTVID.dll Service Name: --- Module Base: F7C3E000 Module End: F7C41000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ACPI.sys Service Name: ACPI Module Base: F77DF000 Module End: F780D000 Hidden: No Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS Service Name: --- Module Base: F7D30000 Module End: F7D32000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\pci.sys Service Name: PCI Module Base: F77CE000 Module End: F77DF000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\isapnp.sys Service Name: isapnp Module Base: F782E000 Module End: F7838000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PCIIde.sys Service Name: PCIIde Module Base: F7DF6000 Module End: F7DF7000 Hidden: No Module Name: \WINDOWS\System32\Drivers\PCIIDEX.SYS Service Name: --- Module Base: F7AAE000 Module End: F7AB5000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\intelide.sys Service Name: IntelIde Module Base: F7D32000 Module End: F7D34000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys Service Name: MountMgr Module Base: F783E000 Module End: F7849000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys Service Name: Disk Module Base: F77AF000 Module End: F77CE000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\dmload.sys Service Name: dmload Module Base: F7D34000 Module End: F7D36000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\dmio.sys Service Name: dmio Module Base: F7789000 Module End: F77AF000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys Service Name: PartMgr Module Base: F7AB6000 Module End: F7ABB000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys Service Name: VolSnap Module Base: F784E000 Module End: F785B000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\atapi.sys Service Name: atapi Module Base: F7771000 Module End: F7789000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\disk.sys Service Name: --- Module Base: F785E000 Module End: F7867000 Hidden: No Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Service Name: --- Module Base: F786E000 Module End: F787B000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys Service Name: FltMgr Module Base: F7751000 Module End: F7771000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sr.sys Service Name: sr Module Base: F773F000 Module End: F7751000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys Service Name: PxHelp20 Module Base: F787E000 Module End: F7888000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys Service Name: KSecDD Module Base: F7728000 Module End: F773F000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys Service Name: Ntfs Module Base: F769B000 Module End: F7728000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\NDIS.sys Service Name: NDIS Module Base: F766E000 Module End: F769B000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\Mup.sys Service Name: Mup Module Base: F7654000 Module End: F766E000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\agp440.sys Service Name: agp440 Module Base: F788E000 Module End: F7899000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys Service Name: nv Module Base: F743C000 Module End: F760C000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Service Name: --- Module Base: F7428000 Module End: F743C000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Service Name: usbuhci Module Base: F7AF6000 Module End: F7AFC000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Service Name: --- Module Base: F7404000 Module End: F7428000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys Service Name: usbehci Module Base: F7AFE000 Module End: F7B06000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\es1371mp.sys Service Name: es1371 Module Base: F792E000 Module End: F7938000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\portcls.sys Service Name: --- Module Base: F73C9000 Module End: F73ED000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\drmk.sys Service Name: --- Module Base: F793E000 Module End: F794D000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ks.sys Service Name: --- Module Base: F73A6000 Module End: F73C9000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\RTL8139.SYS Service Name: rtl8139 Module Base: F7B06000 Module End: F7B0C000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Service Name: i8042prt Module Base: F794E000 Module End: F795B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys Service Name: Mouclass Module Base: F7B0E000 Module End: F7B14000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Service Name: Kbdclass Module Base: F7B16000 Module End: F7B1C000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys Service Name: Parport Module Base: F7392000 Module End: F73A6000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys Service Name: Serial Module Base: F795E000 Module End: F796E000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys Service Name: serenum Module Base: F7CBE000 Module End: F7CC2000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys Service Name: Cdrom Module Base: F796E000 Module End: F797E000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys Service Name: redbook Module Base: F797E000 Module End: F798D000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys Service Name: intelppm Module Base: F798E000 Module End: F7997000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys Service Name: audstub Module Base: F7EB7000 Module End: F7EB8000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Service Name: Rasl2tp Module Base: F799E000 Module End: F79AB000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Service Name: NdisTapi Module Base: F7CC6000 Module End: F7CC9000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Service Name: NdisWan Module Base: F737B000 Module End: F7392000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Service Name: RasPppoe Module Base: F79AE000 Module End: F79B9000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys Service Name: PptpMiniport Module Base: F79BE000 Module End: F79CA000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS Service Name: --- Module Base: F7B26000 Module End: F7B2B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys Service Name: PSched Module Base: F736A000 Module End: F737B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys Service Name: Gpc Module Base: F79CE000 Module End: F79D7000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys Service Name: Ptilink Module Base: F7B2E000 Module End: F7B33000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys Service Name: Raspti Module Base: F7B36000 Module End: F7B3B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Service Name: rdpdr Module Base: F6F10000 Module End: F6F40000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys Service Name: TermDD Module Base: F79DE000 Module End: F79E8000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys Service Name: swenum Module Base: F7D3C000 Module End: F7D3E000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\update.sys Service Name: Update Module Base: F6E12000 Module End: F6E70000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Service Name: mssmbios Module Base: F7CE2000 Module End: F7CE6000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS Service Name: NDProxy Module Base: F79EE000 Module End: F79F8000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys Service Name: usbhub Module Base: F79FE000 Module End: F7A0D000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS Service Name: --- Module Base: F7D42000 Module End: F7D44000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Service Name: Fs_Rec Module Base: F7D44000 Module End: F7D46000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Null.SYS Service Name: Null Module Base: F7E9C000 Module End: F7E9D000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS Service Name: Beep Module Base: F7D46000 Module End: F7D48000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ehdrv.sys Service Name: ehdrv Module Base: F5A01000 Module End: F5A1E000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\vga.sys Service Name: VgaSave Module Base: F7B4E000 Module End: F7B54000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS Service Name: mnmdd Module Base: F7D48000 Module End: F7D4A000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Service Name: RDPCDD Module Base: F7D4A000 Module End: F7D4C000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS Service Name: Msfs Module Base: F7B56000 Module End: F7B5B000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS Service Name: Npfs Module Base: F7B5E000 Module End: F7B66000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys Service Name: RasAcd Module Base: F7D1A000 Module End: F7D1D000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys Service Name: IPSec Module Base: F59A6000 Module End: F59B9000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys Service Name: Tcpip Module Base: F594D000 Module End: F59A6000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys Service Name: NetBT Module Base: F5925000 Module End: F594D000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\epfwtdir.sys Service Name: epfwtdir Module Base: F590C000 Module End: F5925000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\afd.sys Service Name: AFD Module Base: F58EA000 Module End: F590C000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys Service Name: NetBIOS Module Base: F7A1E000 Module End: F7A27000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys Service Name: Rdbss Module Base: F58BF000 Module End: F58EA000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Service Name: MRxSmb Module Base: F584F000 Module End: F58BF000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS Service Name: Fips Module Base: F7A3E000 Module End: F7A49000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys Service Name: IpNat Module Base: F5829000 Module End: F584F000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys Service Name: Wanarp Module Base: F7A4E000 Module End: F7A57000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS Service Name: Cdfs Module Base: F7A8E000 Module End: F7A9E000 Hidden: No Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: F5811000 Module End: F5829000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: F7D54000 Module End: F7D56000 Hidden: Yes Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys Service Name: --- Module Base: F7CBA000 Module End: F7CBD000 Hidden: No Module Name: C:\WINDOWS\System32\watchdog.sys Service Name: --- Module Base: F7B76000 Module End: F7B7B000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys Service Name: --- Module Base: F7F7B000 Module End: F7F7C000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\eamon.sys Service Name: eamon Module Base: F44AF000 Module End: F456B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Service Name: Ndisuio Module Base: F57FD000 Module End: F5801000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys Service Name: wdmaud Module Base: F3A1A000 Module End: F3A2F000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys Service Name: sysaudio Module Base: F43AF000 Module End: F43BE000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Service Name: MRxDAV Module Base: F367F000 Module End: F36AC000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS Service Name: ParVdm Module Base: F7DF2000 Module End: F7DF4000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys Service Name: Srv Module Base: F3605000 Module End: F3657000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys Service Name: HTTP Module Base: F3434000 Module End: F3475000 Hidden: No Module Name: \??\C:\WINDOWS\system32\drivers\rootrepeal.sys Service Name: rootrepeal Module Base: F32DC000 Module End: F32E8000 Hidden: Yes Module Name: C:\WINDOWS\system32\drivers\kmixer.sys Service Name: kmixer Module Base: F286E000 Module End: F2899000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys Service Name: Fdc Module Base: F7B1E000 Module End: F7B25000 Hidden: No ********************************************** ************************************ ********************************************** ************************************ SSDT: Function Name: ZwOpenProcess Address: 8653DCB0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwOpenThread Address: 8653E0D0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwSuspendProcess Address: 8653E6D0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwSuspendThread Address: 8653E4F0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwTerminateProcess Address: 8653DEE0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwTerminateThread Address: 8653E310 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ ********************************************** ************************************ ********************************************** ************************************ No Kernel Hooks found ********************************************** ************************************ ********************************************** ************************************ No IRP Hooks found ********************************************** ************************************ ********************************************** ************************************ Ports: Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1154 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1150 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1148 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1146 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1144 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1140 Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1138 Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1136 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1134 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1132 Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1130 Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1128 Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1126 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1124 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1122 Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1120 Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1118 Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1116 Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1114 Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1112 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1108 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1091 Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1063 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1061 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1059 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1051 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: LOCALHOST:1049 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:30606 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: LISTENING Local Address: THERESA-BA04427:1152 Remote Address: LOCALHOST:30606 Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:1140 Remote Address: LOCALHOST:30606 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1138 Remote Address: LOCALHOST:30606 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1132 Remote Address: LOCALHOST:30606 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1130 Remote Address: LOCALHOST:30606 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1128 Remote Address: LOCALHOST:30606 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1122 Remote Address: LOCALHOST:30606 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1120 Remote Address: LOCALHOST:30606 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1118 Remote Address: LOCALHOST:30606 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1116 Remote Address: LOCALHOST:30606 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1114 Remote Address: LOCALHOST:30606 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1091 Remote Address: LOCALHOST:30606 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1039 Remote Address: LOCALHOST:1038 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1038 Remote Address: LOCALHOST:1039 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1037 Remote Address: LOCALHOST:1036 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1036 Remote Address: LOCALHOST:1037 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: THERESA-BA04427:1030 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\alg.exe State: LISTENING Local Address: THERESA-BA04427:1143 Remote Address: 203.190.124.21:HTTP Type: TCP Process: [System Idle Process] State: TIME_WAIT Local Address: THERESA-BA04427:1141 Remote Address: TX-IN-F157.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:1139 Remote Address: TX-IN-F157.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:1133 Remote Address: TX-IN-F157.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:1131 Remote Address: TX-IN-F157.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:1129 Remote Address: TX-IN-F167.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:1123 Remote Address: MAA03S01-IN-F101.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:1121 Remote Address: TX-IN-F105.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:1119 Remote Address: TX-IN-F105.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:1117 Remote Address: TX-IN-F139.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:1115 Remote Address: TX-IN-F139.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:1092 Remote Address: TY-IN-F113.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe State: ESTABLISHED Local Address: THERESA-BA04427:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: THERESA-BA04427:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: THERESA-BA04427:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: THERESA-BA04427:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: THERESA-BA04427:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: THERESA-BA04427:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: THERESA-BA04427:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: THERESA-BA04427:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: THERESA-BA04427:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: THERESA-BA04427:4500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: THERESA-BA04427:1041 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: THERESA-BA04427:1040 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: THERESA-BA04427:1035 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: THERESA-BA04427:1034 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: THERESA-BA04427:500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: THERESA-BA04427:MICROSOFT-DS Remote Address: NA Type: UDP Process: System State: NA ********************************************** ************************************ ********************************************** ************************************** Hidden files/folders: Object: D:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: D:\System Volume Information\tracking.log Status: Access denied Object: D:\System Volume Information\_restore{1101621F-9353-40A6-AB22-AAE4BF598C51} Status: Access denied Object: D:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4} Status: Access denied Object: D:\System Volume Information\_restore{34D94B80-A854-4EA2-92F5-7264A88B38E1} Status: Access denied Object: D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B} Status: Access denied Object: D:\System Volume Information\_restore{913F0F59-8A27-47A7-AFFA-0FB77F4E0E46} Status: Access denied Object: D:\System Volume Information\_restore{BE35042C-982C-437A-9A1C-B1B79DE3E976} Status: Access denied Object: D:\System Volume Information\_restore{F65CE8E5-47BC-496C-8C97-01AD5EDEC561} Status: Access denied Object: C:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: C:\System Volume Information\tracking.log Status: Access denied Object: C:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4} Status: Access denied ------------------------------------------------------------------- Part 1

09-26-2009	#4
Scarlet_ Bronze Member Join Date: Sep 2009 Posts: 27 PC Experience: Some Experience	Re: Help please! :( Part 2 DDS (Ver_09-09-24.01) - NTFSx86 Run by Theresa 21 at 12:44:35.67 on Sat 09/26/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.699 [GMT -7:00] AV: ESET NOD32 Antivirus 4.0 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Autorun Eater\oldmcdonald.exe C:\Program Files\Autorun Eater\billy.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Theresa 21\Desktop\SysProt\SysProt.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Documents and Settings\Theresa 21\Desktop\dds.scr ============== Pseudo HJT Report =============== uRun: [cdoosoft] c:\docume~1\theres~1\locals~1\temp\herss.exe uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\theres~1\applic~1\mozilla\firefox\prof iles\qvgfvrt1.default\ ============= SERVICES / DRIVERS =============== R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2009-3-19 93848] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840] R3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\theresa 21\desktop\sysprot\SysProtDrv.sys [2009-9-26 44288] =============== Created Last 30 ================ 2009-09-26 03:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU 2009-09-26 03:43 82,944 a------- c:\windows\system32\vct3216.acm 2009-09-26 03:43 13,239 a------- c:\windows\system32\Scg726.acm 2009-09-26 03:43 <DIR> --d----- c:\program files\common files\AVSMedia 2009-09-26 03:43 81,920 a------- c:\windows\system32\AC3ACM.acm 2009-09-26 03:43 38,912 a------- c:\windows\system32\alf2cd.acm 2009-09-26 03:42 <DIR> --d----- c:\program files\AVS4YOU 2009-09-26 02:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Autorun Eater 2009-09-26 02:58 <DIR> --d----- c:\program files\Autorun Eater 2009-09-26 02:54 <DIR> --d----- c:\program files\Smart Virus Remover 2009-09-25 23:36 0 a------- c:\windows\YAHELITE_cookie.INI 2009-09-25 23:28 5,290 a------- c:\windows\YAHELITE.INI 2009-09-25 23:23 <DIR> --d----- c:\program files\YahELite 2009-09-25 23:02 <DIR> --d----- c:\program files\ESET 2009-09-25 00:13 <DIR> --d----- c:\program files\Yahoo! 2009-09-25 00:06 <DIR> --ds---- c:\documents and settings\theresa 21\UserData 2009-09-25 00:03 111,956 ---shr-- C:\w9uxx92.exe 2009-09-24 21:50 332,672 a------- c:\windows\system32\wgatray.exe.bak 2009-09-24 21:49 1,488,688 a------- c:\windows\system32\legitcheckcontrol.dll.bak 2009-09-24 21:49 200,064 a------- c:\windows\system32\wgalogon.dll.bak 2009-09-24 21:47 <DIR> --d----- c:\documents and settings\Theresa 21 2009-09-24 21:45 <DIR> --ds---- c:\windows\system32\Microsoft 2009-09-24 21:45 8,192 a------- c:\windows\REGLOCS.OLD 2009-09-24 21:43 101,376 ac------ c:\windows\system32\dllcache\srusbusd.dll 2009-09-24 21:42 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll 2009-09-24 21:41 68,608 ac------ c:\windows\system32\dllcache\iisext51.dll 2009-09-24 21:40 <DIR> --dsh--- c:\documents and settings\all users\DRM 2009-09-24 21:40 <DIR> --ds---- c:\windows\Downloaded Program Files 2009-09-24 21:40 <DIR> --d--r-- c:\windows\Offline Web Pages 2009-09-24 21:40 488 a---hr-- c:\windows\system32\WindowsLogon.manifest 2009-09-24 21:40 488 a---hr-- c:\windows\system32\logonui.exe.manifest 2009-09-24 21:39 <DIR> --d-h--- c:\program files\WindowsUpdate 2009-09-24 21:39 <DIR> --d----- c:\program files\common files\MSSoap 2009-09-24 21:37 <DIR> --d----- c:\program files\Online Services 2009-09-24 21:37 <DIR> --d----- c:\program files\Messenger 2009-09-24 21:37 <DIR> --d----- c:\program files\MSN Gaming Zone 2009-09-24 21:36 <DIR> --d----- c:\program files\Windows NT ==================== Find3M ==================== 2009-09-24 21:40 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-09-24 21:37 21,640 a------- c:\windows\system32\emptyregdb.dat ============= FINISH: 12:44:51.43 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-24.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 9/24/2009 9:44:32 PM System Uptime: 9/26/2009 11:56:26 AM (1 hours ago) Motherboard: Compaq \| \| 0804h Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz \| XU1 PROCESSOR \| 1992/400mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 29 GiB total, 25.083 GiB free. D: is FIXED (NTFS) - 120 GiB total, 26.582 GiB free. I: is CDROM (CDFS) ==== Disabled Device Manager Items ============= Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Ethernet Controller Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_00910E11&REV_81\4&252 96D99&0&40F0 Manufacturer: Name: Ethernet Controller PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_00910E11&REV_81\4&252 96D99&0&40F0 Service: ==== System Restore Points =================== RP1: 9/24/2009 9:47:46 PM - System Checkpoint RP2: 9/25/2009 11:02:17 PM - Installed ESET NOD32 Antivirus ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Autorun Eater v2.4 AVS DVD Player version 2.4 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.3 ESET NOD32 Antivirus Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.5.3) WebFldrs XP Winamp WinRAR archiver YahELite 330.1 Yahoo! Messenger ==== Event Viewer Messages From Past Week ======== 9/26/2009 2:44:37 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv Fips intelppm 9/26/2009 2:43:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/25/2009 12:02:57 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -57825 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m\|0x1\|112.203.79.83:123->207.46.197.32:123) is working properly. ==== End Of File ===========================

09-26-2009	#5
Crush Tech Support Team Join Date: Sep 2008 Location: Caldwell, New Jersey Posts: 10,112 PC Experience: Always Learning New Things	Re: Help please! :( Scarlet, Did you run SecurityCheck? Do you have that log? __________________ Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this

09-26-2009	#6
Scarlet_ Bronze Member Join Date: Sep 2009 Posts: 27 PC Experience: Some Experience	Re: Help please! :( yeah im having trouble posting them. it wont complete. says the execution ran out of time or close to that 1 sec

09-26-2009	#7
Crush Tech Support Team Join Date: Sep 2008 Location: Caldwell, New Jersey Posts: 10,112 PC Experience: Always Learning New Things	Re: Help please! :( Scarlet, Try attaching them. This can be a problem with the bigger logfiles because the forum has a character limit on posts __________________ Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode