Inactive [InActive] Computer detected several virus task manager disabled

INT 0x73 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B935BB78
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B935BB78
INT 0x74 \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) B9314BD8
INT 0x75 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDB2
INT 0x76 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDBC
INT 0x77 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDC6
INT 0x78 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDD0
INT 0x79 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDDA
INT 0x7A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDE4
INT 0x7B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDEE
INT 0x7C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDF8
INT 0x7D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE02
INT 0x7E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE0C
INT 0x7F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE16
INT 0x80 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE20
INT 0x81 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE2A
INT 0x82 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE34
INT 0x83 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) B9E21E80
INT 0x84 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0x85 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE52
INT 0x86 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE5C
INT 0x87 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE66
INT 0x88 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE70
INT 0x89 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE7A
INT 0x8A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE84
INT 0x8B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE8E
INT 0x8C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE98
INT 0x8D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEA2
INT 0x8E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEAC
INT 0x8F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEB6
INT 0x90 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEC0
INT 0x91 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FECA
INT 0x92 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FED4
INT 0x93 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) BA1F8495
INT 0x94 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0x95 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEF2
INT 0x96 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEFC
INT 0x97 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF06
INT 0x98 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF10
INT 0x99 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF1A
INT 0x9A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF24
INT 0x9B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF2E
INT 0x9C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF38
INT 0x9D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF42
INT 0x9E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF4C
INT 0x9F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF56
INT 0xA0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF60
INT 0xA1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF6A
INT 0xA2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF74
INT 0xA3 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) BA1FFD80
INT 0xA4 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0xA5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF92
INT 0xA6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF9C
INT 0xA7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFA6
INT 0xA8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFB0
INT 0xA9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFBA
INT 0xAA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFC4
INT 0xAB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFCE
INT 0xAC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFD8
INT 0xAD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFE2
INT 0xAE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFEC
INT 0xAF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFF6
INT 0xB0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540000
INT 0xB1 ACPI.sys (ACPI Driver for NT/Microsoft Corporation) B9F8431E
INT 0xB2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540014
INT 0xB3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054001E
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540032
INT 0xB6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054003C
INT 0xB7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540046
INT 0xB8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540050
INT 0xB9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054005A
INT 0xBA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540064
INT 0xBB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054006E
INT 0xBC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540078
INT 0xBD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540082
INT 0xBE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054008C
INT 0xBF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540096
INT 0xC0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400A0
INT 0xC1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E3AC0
INT 0xC2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400B4
INT 0xC3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400BE
INT 0xC4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400C8
INT 0xC5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400D2
INT 0xC6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400DC
INT 0xC7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400E6
INT 0xC8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400F0
INT 0xC9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400FA
INT 0xCA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540104
INT 0xCB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054010E
INT 0xCC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540118
INT 0xCD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540122
INT 0xCE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054012C
INT 0xCF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540136
INT 0xD0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540140
INT 0xD1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E32A0
INT 0xD2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540154
INT 0xD3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054015E
INT 0xD4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540168
INT 0xD5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540172
INT 0xD6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054017C
INT 0xD7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540186
INT 0xD8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540190
INT 0xD9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054019A
INT 0xDA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401A4
INT 0xDB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401AE
INT 0xDC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401B8
INT 0xDD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401C2
INT 0xDE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401CC
INT 0xDF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401D6
INT 0xE0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401E0
INT 0xE1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E4048

 

INT 0x73 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B935BB78
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B935BB78
INT 0x74 \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) B9314BD8
INT 0x75 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDB2
INT 0x76 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDBC
INT 0x77 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDC6
INT 0x78 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDD0
INT 0x79 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDDA
INT 0x7A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDE4
INT 0x7B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDEE
INT 0x7C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDF8
INT 0x7D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE02
INT 0x7E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE0C
INT 0x7F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE16
INT 0x80 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE20
INT 0x81 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE2A
INT 0x82 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE34
INT 0x83 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) B9E21E80
INT 0x84 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0x85 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE52
INT 0x86 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE5C
INT 0x87 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE66
INT 0x88 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE70
INT 0x89 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE7A
INT 0x8A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE84
INT 0x8B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE8E
INT 0x8C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE98
INT 0x8D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEA2
INT 0x8E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEAC
INT 0x8F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEB6
INT 0x90 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEC0
INT 0x91 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FECA
INT 0x92 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FED4
INT 0x93 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) BA1F8495
INT 0x94 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0x95 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEF2
INT 0x96 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEFC
INT 0x97 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF06
INT 0x98 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF10
INT 0x99 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF1A
INT 0x9A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF24
INT 0x9B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF2E
INT 0x9C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF38
INT 0x9D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF42
INT 0x9E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF4C
INT 0x9F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF56
INT 0xA0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF60
INT 0xA1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF6A
INT 0xA2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF74

 

Welcome back

Have you used a Pen/Flash/USB drive again?

We need to run Flash_Disinfector again, also below when running the new CFScript allow the device to stay in and continue to be disinfected.


Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


Locate ComboFix icon on your desktop....right click and select delete
I want you to get an updated copy.

Download Combofix from any of the links below.

Save it to your desktop.

Link 1
Link 2
Link 3

~~~~~~~~~~~~~~~~~~~~~~~~~~~


NEXT**

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Please leave the flash drive plugged in while completing the following.



Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

KillAll:: 

Rootkit::
c:\windows\system32\ujvte.dll

RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gwlvpfj]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jtdume]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qxaottmhv]

File:: 
F:\system.exe
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\bgkmxj[1].gif
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\lhzq[1].bmp
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\pbhhbab[1].bmp
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\ysobck[1].png
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BShuwuw[1].bmp
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\mzrfv[1].jpg
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\yvtt[1].gif
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\zqywh[1].gif
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CP4963Y1\qlhx[1].gif
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CP4963Y1\uvukulbc[1].gif
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VRBZ9E80\azohmh[1].png
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VRBZ9E80\dcxjz[1].jpg
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VRBZ9E80\lzmh[1].jpg

Driver::
gwlvpfj
spwacmtek
jtdume
qxaottmhv

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
 "9741:TCP "=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{253d3660-f4a6-11dd-9211-001eecd51a69}]

NetSvc::
jtdume
qxaottmhv
gwlvpfj

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The bottom portion of your Gmer log was cut off.
The ending line should look like this:
---- EOF - GMER 1.0.14 ----

• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in ark.txt

Save it where you can easily find it, such as your desktop then post the contents here.

**Caution**
Rootkit scans often produce false positives. Do NOT take action on any <---- ROOKIT entries


In your next reply post:
ComboFix.txt
ark.txt
New DDS log


You may need several replies to post the requested logs, otherwise they might get cut off.
How's the computer now?

 

ComboFix 09-02-28.01 - Acer 2009-03-01 18:42:29.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1978.1544 [GMT 8:00]
Running from: c:\documents and settings\Acer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Acer\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*
* Created a new restore point

FILE ::
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\bgkmxj[1].gif
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\lhzq[1].bmp
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\pbhhbab[1].bmp
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\ysobck[1].png
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\mzrfv[1].jpg
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\yvtt[1].gif
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\zqywh[1].gif
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BShuwuw[1].bmp
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CP4963Y1\qlhx[1].gif
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CP4963Y1\uvukulbc[1].gif
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VRBZ9E80\azohmh[1].png
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VRBZ9E80\dcxjz[1].jpg
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VRBZ9E80\lzmh[1].jpg
F:\system.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ujvte.dll
F:\system.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GWLVPFJ
-------\Legacy_JTDUME
-------\Legacy_QXAOTTMHV


((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))))
.

2009-02-28 18:38 . 2009-02-28 19:15 250 --a------ c:\windows\gmer.ini
2009-02-28 13:56 . 2009-02-28 13:56 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-28 12:42 . 2009-02-28 12:42 <DIR> d-------- c:\program files\Norton Security Scan
2009-02-28 12:42 . 2009-02-28 12:42 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-02-28 07:20 . 2009-02-28 13:44 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-28 07:20 . 2005-02-25 11:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-02-28 00:54 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-28 00:50 . 2009-02-28 00:50 <DIR> d-------- c:\program files\Panda Security
2009-02-28 00:49 . 2009-02-28 00:49 <DIR> d-------- c:\windows\system32\Adobe
2009-02-24 17:49 . 2009-02-24 17:49 <DIR> d-------- c:\windows\Sun
2009-02-22 22:42 . 2009-02-22 22:42 <DIR> d-------- c:\program files\Java
2009-02-22 22:42 . 2009-02-22 22:42 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 22:42 . 2009-02-22 22:42 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-21 05:31 . 2009-02-21 05:31 <DIR> d-------- c:\documents and settings\Acer\Application Data\dvdcss
2009-02-20 23:11 . 2009-02-20 23:11 <DIR> d-------- c:\documents and settings\Acer\Application Data\CyberLink
2009-02-04 23:08 . 2009-02-28 00:49 <DIR> d-------- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 23:05 --------- d-----w c:\documents and settings\Acer\Application Data\AdobeUM
2009-02-20 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-30 14:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-27 16:10 --------- d-----w c:\documents and settings\Acer\Application Data\Ahead
2009-01-26 09:49 --------- d-----w c:\documents and settings\Acer\Application Data\DivX
2009-01-24 11:17 --------- d-----w c:\program files\Common Files\Adobe
2009-01-24 10:49 --------- d-----w c:\program files\NOS
2009-01-24 10:49 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-01-20 14:51 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-16 15:13 --------- d-----w c:\program files\Yahoo!
2009-01-16 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-10 09:08 --------- d-----w c:\documents and settings\Acer\Application Data\Media Player Classic
2009-01-08 03:47 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 03:47 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-07 12:35 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2009-01-05 01:34 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2009-01-04 08:10 --------- d-----w c:\program files\DivX
2009-01-04 08:09 --------- d-----w c:\program files\VideoLAN
2009-01-03 15:33 --------- d-----w c:\documents and settings\Acer\Application Data\vlc
.

------- Sigcheck -------

2008-06-20 18:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
2008-06-20 18:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
2008-06-20 19:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
2008-06-20 19:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
2004-09-01 08:00 359040 7b11118b078b88f87183fe69eda43137 c:\windows\system32\drivers\tcpip.sys

2004-09-01 08:00 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-02-28_19.45.22.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-28 06:59:26 41,238 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-01 10:39:32 41,238 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-28 06:59:26 315,076 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-01 10:39:32 315,076 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-01 10:45:04 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6b4.dat
+ 2009-03-01 10:45:11 16,384 ----atw c:\windows\temp\Perflib_Perfdata_bb8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-09-01 15360]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-28 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-05-20 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-05-20 170520]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-05-20 141848]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-27 180269]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304]
"pdfFactory Pro Dispatcher v2 "= "c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-05-31 483328]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 148888]
"RTHDCPL "= "RTHDCPL.EXE" [2007-05-28 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Acer\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OneNote Table Of Contents.onetoc2 [2009-02-07 3656]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-27 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-08 11:47 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"9741:TCP "= 9741:TCP:roqgqlzx

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-27 12552]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-28 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-27 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-27 107272]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-27 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-05 1339600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-27 84240]
S2 hsljz;Time Network;c:\windows\system32\svchost.exe -k netsvcs [2004-09-01 14336]
S2 vmpdwm;System Config;c:\windows\system32\svchost.exe -k netsvcs [2004-09-01 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-24 33752]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vmpdwm
hsljz
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2009-02-28 c:\windows\Tasks\Norton Security Scan for Acer.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\dof5nkqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 18:45:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hsljz]
"ServiceDll "= "c:\windows\system32\ujvte.dll "
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vmpdwm]
"ServiceDll "= "c:\windows\system32\ujvte.dll "
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\update\update.exe
.
**************************************************************************
.
Completion time: 2009-03-01 18:47:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-01 10:47:07
ComboFix2.txt 2009-02-28 11:46:03
ComboFix3.txt 2009-02-27 15:31:03
ComboFix4.txt 2009-02-25 16:19:19
ComboFix5.txt 2009-03-01 10:41:52

Pre-Run: 69,202,046,976 bytes free
Post-Run: 69,137,006,592 bytes free

223 --- E O F --- 2009-02-27 23:20:30

 

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-01 19:26:59
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] hsljz <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] vmpdwm <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] zbjpda <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\hsljz@DisplayName Time Network
Reg HKLM\SYSTEM\CurrentControlSet\Services\hsljz@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\hsljz@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\hsljz@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\hsljz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\hsljz@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\hsljz@Description Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Reg HKLM\SYSTEM\CurrentControlSet\Services\hsljz\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\hsljz\Parameters@ServiceDll C:\WINDOWS\system32\ujvte.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vmpdwm@DisplayName System Config
Reg HKLM\SYSTEM\CurrentControlSet\Services\vmpdwm@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\vmpdwm@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\vmpdwm@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\vmpdwm@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\vmpdwm@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\vmpdwm@Description Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Reg HKLM\SYSTEM\CurrentControlSet\Services\vmpdwm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\vmpdwm\Parameters@ServiceDll C:\WINDOWS\system32\ujvte.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\zbjpda@DisplayName Shell Manager
Reg HKLM\SYSTEM\CurrentControlSet\Services\zbjpda@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\zbjpda@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\zbjpda@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\zbjpda@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\zbjpda@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\zbjpda@Description Provides user experience theme management.
Reg HKLM\SYSTEM\CurrentControlSet\Services\zbjpda\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\zbjpda\Parameters@ServiceDll C:\WINDOWS\system32\ujvte.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hsljz@DisplayName Time Network
Reg HKLM\SYSTEM\ControlSet002\Services\hsljz@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\hsljz@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\hsljz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\hsljz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\hsljz@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\hsljz@Description Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Reg HKLM\SYSTEM\ControlSet002\Services\hsljz\Parameters
Reg HKLM\SYSTEM\ControlSet002\Services\hsljz\Parameters@ServiceDll C:\WINDOWS\system32\ujvte.dll
Reg HKLM\SYSTEM\ControlSet002\Services\vmpdwm@DisplayName System Config
Reg HKLM\SYSTEM\ControlSet002\Services\vmpdwm@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\vmpdwm@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\vmpdwm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\vmpdwm@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\vmpdwm@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\vmpdwm@Description Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Reg HKLM\SYSTEM\ControlSet002\Services\vmpdwm\Parameters
Reg HKLM\SYSTEM\ControlSet002\Services\vmpdwm\Parameters@ServiceDll C:\WINDOWS\system32\ujvte.dll

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\Acer\Local Settings\Application Data\Mozilla\Firefox\Profiles\dof5nkqd.default\urlclassifier3.sqlite-journal 3932148 bytes

---- EOF - GMER 1.0.14 ----

 

DDS (Ver_09-02-01.01) - NTFSx86
Run by Acer at 19:27:46.56 on Sun 03/01/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1978.1441 [GMT 8:00]

AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Acer\Desktop\gmer.exe
C:\Documents and Settings\Acer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [pdfFactory Pro Dispatcher v2] "c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe" /source=HKLM
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
StartupFolder: c:\docume~1\acer\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\acer\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\acer\applic~1\mozilla\firefox\profiles\dof5nkqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-27 12552]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-28 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-27 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-27 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-27 107272]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-27 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-1-5 1339600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-27 84240]
S2 hsljz;Time Network;c:\windows\system32\svchost.exe -k netsvcs [2004-9-1 14336]
S2 vmpdwm;System Config;c:\windows\system32\svchost.exe -k netsvcs [2004-9-1 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-24 33752]

=============== Created Last 30 ================

2009-02-28 18:38 250 a------- c:\windows\gmer.ini
2009-02-28 13:56 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-02-28 12:44 332,800 a------- c:\windows\system32\SET18.tmp
2009-02-28 12:44 1,106,944 a------- c:\windows\system32\SET12.tmp
2009-02-28 12:42 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-02-28 12:42 <DIR> --d----- c:\program files\Norton Security Scan
2009-02-28 07:20 <DIR> --d----- c:\windows\system32\PreInstall
2009-02-28 07:20 22,752 a------- c:\windows\system32\spupdsvc.exe
2009-02-28 07:20 <DIR> --d-h--- c:\windows\$hf_mig$
2009-02-28 00:54 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-28 00:50 <DIR> --d----- c:\program files\Panda Security
2009-02-28 00:49 <DIR> --d----- c:\windows\system32\Adobe
2009-02-27 23:31 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-02-26 00:06 <DIR> a-dshr-- C:\autorun.inf
2009-02-25 13:32 <DIR> a-dshr-- C:\cmdcons
2009-02-25 13:27 161,792 a------- c:\windows\SWREG.exe
2009-02-25 13:27 98,816 a------- c:\windows\sed.exe
2009-02-22 22:42 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-22 22:42 73,728 a------- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-01-20 22:51 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-08 11:47 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-08 11:47 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 11:47 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-05 09:34 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-01-05 09:34 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-01-03 01:00 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-27 16:16 505,392 a------- c:\windows\system32\msvcp71.dll
2008-12-27 14:48 21,640 a------- c:\windows\system32\emptyregdb.dat
2004-09-01 08:00 169,822 a--shr-- c:\windows\system32\ujvte.dll

============= FINISH: 19:27:54.64 ===============

 

Welcome back


This doesn't look good.
it appears that you're dealing with a file infector.. one that has infected your termsrv.dll
You have a windows file thats not passing ------- Sigcheck -------
c:\windows\system32\termsrv.dll

and possibly c:\windows\system32\drivers\tcpip.sys <--Although we did have this scanned previously and it came back clean I still have doubts.

Combofix looks for replacement files that are not infected but was unable to locate any on your system.

Do you have the original Windows XP CD that came with the computer or that was used to install XP?
Without that CD it's going to be close to impossible to fix this. Even with the CD it may be challenging to fix.
Unless you can find a clean copy from a different computer and transfer it over to yours.



Open Notepad and copy/paste the contents in the code box below, into Notepad.

Code:

vfind -ltf  "%systemdrive%\termsrv.dll" >log.txt
notepad log.txt
exit

Save this as find.bat Choose to "Save type as - All Files "

You should see a little gearbox icon on your desktop
Double click on find.bat & allow it to run. Please be patient while it runs, then post the log which it produces.



Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

Rootkit::
c:\windows\system32\ujvte.dll

RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hsljz]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vmpdwm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zbjpda]

File:: 
C:\autorun.inf

Driver::
hsljz
vmpdwm
zbjpda

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
 "9741:TCP "=-

NetSvc::
vmpdwm
hsljz
zbjpda

DDS::
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.




In your next reply post:
Find.Bat file
ComboFix.txt



Please give me an update on how the computer is at the moment.

 

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter.