Infected with a virus that disables all antivirus

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
←
1
2

You cannot start a new topic
This topic is locked

Infected with a virus that disables all antivirus

#16 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 05 August 2011 - 07:16 AM

Please tell me if you still have any more issues after doing the instructions below:

:step1:

We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

FCopy::
C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7601.17514_none_f53ffaacb58ce159\ndiswan.sys | C:\Windows\winsxs\x86_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7600.16385_none_f30ee6e4b89e5dbf\ndiswan.sys

4. Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti
When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Windows\winsxs\x86_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7600.16385_none_f30ee6e4b89e5dbf\ndiswan.sys
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal:

Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.

The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

This post has been edited by sempai: 05 August 2011 - 07:20 AM

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)

#17 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 06 August 2011 - 08:25 PM

I tried jotti but it kept saying that the file didn't exist, even after I made sure to check to show hidden files.

ComboFix 11-08-01.05 - Administrator 08/06/2011 15:51:41.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1918.1155 [GMT -6:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-06 21:54 . 2011-08-06 21:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-06 21:54 . 2011-08-06 21:54 -------- d-----w- c:\users\Kristine\AppData\Local\temp
2011-08-06 21:54 . 2011-08-06 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-05 14:57 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D5ACB8A-5CFD-4E1B-8BB1-2E43992F31A3}\mpengine.dll
2011-08-01 00:28 . 2011-08-06 21:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-07-29 20:26 . 2011-07-29 20:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\Corel
2011-07-29 20:26 . 2011-07-29 20:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Ulead Systems
2011-07-17 19:30 . 2011-07-17 19:30 -------- d-----w- C:\$WINDOWS.~BT
2011-07-13 13:33 . 2011-06-02 05:59 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 13:33 . 2011-06-02 05:55 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-13 13:31 . 2011-06-11 02:37 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-07-12 23:45 . 2011-07-18 19:12 -------- d-----w- c:\users\Administrator\AppData\Local\CutePDF Writer
2011-07-12 23:45 . 2011-07-12 23:45 -------- d-----w- c:\program files\GPLGS
2011-07-12 23:41 . 2009-11-05 14:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-07-12 23:41 . 2011-07-12 23:41 -------- d-----w- c:\program files\Acro Software
2011-07-11 04:10 . 2011-07-11 04:10 -------- d-----w- c:\users\Administrator\AppData\Roaming\WinPatrol
2011-07-11 03:55 . 2011-07-11 03:55 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2011-07-11 03:55 . 2011-07-11 03:55 -------- d-----w- c:\programdata\Malwarebytes
2011-07-09 15:35 . 2011-07-29 20:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-09 15:31 . 2011-07-09 15:31 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2011-07-09 15:31 . 2011-07-09 15:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-08 01:05 . 2011-07-08 01:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-29 20:26 . 2010-06-23 03:06 3766 --sha-w- c:\programdata\KGyGaAvL.sys
2011-07-07 15:07 . 2010-06-29 04:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-04 11:43 . 2010-10-11 05:08 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-10-11 05:08 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:37 . 2010-10-11 05:10 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-04 11:36 . 2010-10-11 05:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-10-11 05:10 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:36 . 2010-10-11 05:09 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-04 11:35 . 2010-10-11 05:09 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-10-11 05:09 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-10-11 05:09 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-10-11 05:10 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-28 16:19 . 2011-06-28 16:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 03:00 . 2011-06-15 15:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-27 21:11 . 2011-05-27 21:11 442688 ----a-w- c:\windows\system32\xceprnt.dll
2011-05-27 07:03 . 2011-05-27 07:03 34624 ----a-w- c:\windows\system32\drivers\xcetap0.sys
2011-05-25 01:14 . 2009-10-04 02:07 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:35 . 2011-06-29 15:43 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2008-03-30 03:51 . 2008-03-30 03:51 6958968 ----a-w- c:\program files\SFTPMSI.exe
2010-06-25 02:55 . 2010-06-25 02:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pogoplug"="c:\program files\Pogoplug\PPDRIVE.EXE" [2011-05-27 267072]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 303104]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-6 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logo Calibration Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logo Calibration Loader.lnk
backup=c:\windows\pss\Logo Calibration Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ProfileReminder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ProfileReminder.lnk
backup=c:\windows\pss\ProfileReminder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 20:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2009-10-24 09:18 597792 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-07-04 121000]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 1186436690;Virtual Bus for Microsoft ACPI-Compliant System; [x]
R3 eyeonedp;eye-one display;c:\windows\system32\DRIVERS\eyeonedp.sys [2004-05-07 44344]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-25 30192]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-11-11 200704]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-30 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-04-10 133944]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 DokanCEDriver;DokanCEDriver;c:\program files\Pogoplug\dokance.sys [2011-05-27 54592]
S2 DokanCEMounter;DokanCEMounter;c:\program files\Pogoplug\dokanmnt.exe [2011-05-27 124736]
S2 HBAdmin;HBAdmin;c:\program files\Pogoplug\HBPLUG\HBADMIN.exe [2011-05-27 701248]
S2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2006-05-11 14416]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 xcetap0;XCETAP0 Adapter;c:\windows\system32\DRIVERS\xcetap0.sys [2011-05-27 34624]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mfehidk
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-08-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070806
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\765737475627: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\C4F66666978696A7A7F6573756: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\C696E6B6379737: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0ly1t18e.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,47,e4,42,09,c1,e1,4c,9c,06,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,47,e4,42,09,c1,e1,4c,9c,06,fc,\
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PBrush"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oft\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.oft.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.pst.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-06 15:57:30
ComboFix-quarantined-files.txt 2011-08-06 21:57
ComboFix2.txt 2011-08-02 05:24
ComboFix3.txt 2011-08-01 20:16
ComboFix4.txt 2011-08-01 00:41
.
Pre-Run: 10,864,570,368 bytes free
Post-Run: 10,855,997,440 bytes free
.
- - End Of File - - 3269BB1513423BF98072C77C163B43B6

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7397

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/6/2011 7:24:31 PM
mbam-log-2011-08-06 (19-24-31).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 531156
Time elapsed: 2 hour(s), 35 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\Windows\System32\drivers\1186436690.sys.vir (Trojan.Agent) -> Quarantined and deleted successfully.

#18 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 07 August 2011 - 10:18 AM

Hi,

MBAM only found a combofix quarantine file, how's the computer running?

Please run Systemlook again.

Double-click the SystemLook and copy/paste the following into the box
```
:filefind
ndiswan.sys
```
Hit the Look button. Let it finish the scan
A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

~Semp

#19 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 07 August 2011 - 01:22 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:14 on 07/08/2011 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "ndiswan.sys"
C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7601.17514_none_f53ffaacb58ce159\ndiswan.sys ------- 118784 bytes [15:25 19/07/2011] [10:07 20/11/2010] 38FBE267E7E6983311179230FACB1017

-= EOF =-

#20 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 07 August 2011 - 01:25 PM

I scanned the file that SystemLook found and this is what Jotti said:

Filename: ndiswan.sys
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 12 Jul 2011 22:17:14 (CET) Permalink

#21 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 07 August 2011 - 05:24 PM

How's the computer running?

~Semp

#22 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 07 August 2011 - 07:57 PM

Seems normal to me. I can run anti-virus scans again and I've had no alerts from Avast.

#23 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 08 August 2011 - 07:29 AM

That's great, let's then do the housekeeping to properly remove the tools.

Uninstall:

1. ComboFix

Click Start > Run > copy-paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Delete:

1. DDS
2. TDSSKiller
3. Gmer
4. Systemlook
5. C:\32788R22FWJFW <-- delete this if still present.

Clean-up with OTM:

Run OTM
Click on the CleanUp! button.
Reboot when ask.

Your log is clean, please change all your offline and online passwords.

Take the time to read below to secure your machine and take the necessary steps to keep it Clean

How to prevent malware

How to increase PC speed

Practice Safe Internet
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

~Semp

#24 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 08 August 2011 - 10:29 AM

Thank you soooooooooooooooooooooooooooooo much! You guys are wonderful!

#25 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 09 August 2011 - 07:01 AM

You're welcome.

~Semp

#26 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 09 August 2011 - 07:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Semp