Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with multiple trojans (MyWebSearch, SafeGuardProtect)?


  • This topic is locked This topic is locked
14 replies to this topic

#1 Jersey Devil

Jersey Devil

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:22 AM

Posted 05 February 2009 - 06:46 PM

My main desktop has been hijacked! I can not access my files, IE won't connect to the internet and my desktop has changed. I was using AVG but whatever this is got through. I have installed and run ATF Cleaner, SuperAntiSpyware, DDS and MBAM. SuperAntiSpyware found Adware.MyWebSearch, Adware.MediaMediatickets and Adware.SafeGuardProtect. MBAM found Adware.PopCap and Adware.EGDAccess. I have attached the DDS report below:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Terry at 16:08:34.53 on Thu 02/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.666 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
d:\PROGRA~1\AVG\AVG8\avgemc.exe
d:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Terry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar =
uWindow Title = Microsoft Internet Explorer presented by Comcast
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [ComcastSUPPORT] c:\program files\support.com\bin\tgkill.exe /cleaneahtioga /start
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [PCShield] regsvr32 /s "c:\windows\system32\sfg_7158.dll"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] d:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Video Poker - hxxp://download.games.yahoo.com/games/clients/y/vpt0_x.cab
DPF: Yahoo! Blackjack - hxxp://download.games.yahoo.com/games/clients/y/jt0_x.cab
DPF: Yahoo! Dominoes - hxxp://download.games.yahoo.com/games/clients/y/dot8_x.cab
DPF: Yahoo! Literati - hxxp://download.games.yahoo.com/games/clients/y/tt0_x.cab
DPF: Yahoo! Poker - hxxp://download.games.yahoo.com/games/clients/y/pt3_x.cab
DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/potc_x.cab
DPF: Yahoo! Spades - hxxp://download.games.yahoo.com/games/clients/y/st2_x.cab
DPF: Yahoo! Spelldown - hxxp://download.games.yahoo.com/games/clients/y/sdt1_x.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131338303623
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37597.7895717593
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} - hxxp://www.microsoft.com/security/controls/DoomCln.CAB
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: bestreak - No File

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-21 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-9-19 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-21 107272]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-7-15 266328]
R2 avg8emc;AVG Free8 E-mail Scanner;d:\progra~1\avg\avg8\avgemc.exe [2009-1-21 903960]
R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-21 298264]
R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [2001-12-14 12032]
R2 V7;V7;c:\windows\system32\drivers\V7.SYS [2002-1-25 7196]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2001-12-14 54271]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2001-12-14 593000]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2009-02-04 23:21 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-02-04 17:25 <DIR> --d----- c:\windows\ERUNT
2009-02-04 17:04 <DIR> --d----- c:\docume~1\terry\applic~1\Malwarebytes
2009-02-04 17:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-04 15:35 <DIR> --d----- C:\SDFix
2009-02-04 15:32 <DIR> --d----- c:\windows\SUPERAntiSpyware.com
2009-01-31 17:33 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-24 22:44 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-22 15:56 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-22 15:53 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-22 15:53 <DIR> --d----- c:\program files\Lavasoft
2009-01-21 15:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-21 15:58 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-21 15:58 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-21 15:58 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-21 15:58 <DIR> --d----- c:\docume~1\terry\applic~1\AVGTOOLBAR
2009-01-21 15:58 <DIR> --d----- c:\program files\AVG
2009-01-21 15:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8

==================== Find3M ====================

2009-01-29 00:34 1,744 a------- c:\windows\system32\d3d9caps.dat
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 16:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 16:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2005-05-10 21:58 774,144 a------- c:\program files\RngInterstitial.dll
2001-12-14 21:56 17,408 a--sh--- c:\program files\Thumbs.db
2008-06-27 14:35 10,022 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-04 10:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 16:09:27.68 ===============

BC AdBot (Login to Remove)

 


#2 Jersey Devil

Jersey Devil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:22 AM

Posted 13 February 2009 - 10:51 PM

Sorry, haven't had a response yet, so I continued trying to figure this thing out. I did manage to get IE to work after running ComboFix. Here are the new DDS scans:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Terry at 22:45:41.68 on Fri 02/13/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.661 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
d:\PROGRA~1\AVG\AVG8\avgemc.exe
d:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Terry\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [ComcastSUPPORT] c:\program files\support.com\bin\tgkill.exe /cleaneahtioga /start
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] d:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Video Poker - hxxp://download.games.yahoo.com/games/clients/y/vpt0_x.cab
DPF: Yahoo! Blackjack - hxxp://download.games.yahoo.com/games/clients/y/jt0_x.cab
DPF: Yahoo! Dominoes - hxxp://download.games.yahoo.com/games/clients/y/dot8_x.cab
DPF: Yahoo! Literati - hxxp://download.games.yahoo.com/games/clients/y/tt0_x.cab
DPF: Yahoo! Poker - hxxp://download.games.yahoo.com/games/clients/y/pt3_x.cab
DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/potc_x.cab
DPF: Yahoo! Spades - hxxp://download.games.yahoo.com/games/clients/y/st2_x.cab
DPF: Yahoo! Spelldown - hxxp://download.games.yahoo.com/games/clients/y/sdt1_x.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131338303623
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37597.7895717593
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} - hxxp://www.microsoft.com/security/controls/DoomCln.CAB
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-21 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-9-19 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-21 107272]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-7-15 266328]
R2 avg8emc;AVG Free8 E-mail Scanner;d:\progra~1\avg\avg8\avgemc.exe [2009-1-21 903960]
R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-21 298264]
R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [2001-12-14 12032]
R2 V7;V7;c:\windows\system32\drivers\V7.SYS [2002-1-25 7196]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2001-12-14 54271]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2001-12-14 593000]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2009-02-10 23:18 250 a------- c:\windows\gmer.ini
2009-02-10 15:42 <DIR> a-dshr-- C:\cmdcons
2009-02-10 15:39 161,792 a------- c:\windows\SWREG.exe
2009-02-10 15:39 98,816 a------- c:\windows\sed.exe
2009-02-05 16:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-05 16:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 23:21 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-02-04 17:25 <DIR> --d----- c:\windows\ERUNT
2009-02-04 17:04 <DIR> --d----- c:\docume~1\terry\applic~1\Malwarebytes
2009-02-04 17:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-04 15:35 <DIR> --d----- C:\SDFix
2009-02-04 15:32 <DIR> --d----- c:\windows\SUPERAntiSpyware.com
2009-01-31 17:33 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-24 22:44 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-22 15:56 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-22 15:53 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-22 15:53 <DIR> --d----- c:\program files\Lavasoft
2009-01-21 15:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-21 15:58 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-21 15:58 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-21 15:58 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-21 15:58 <DIR> --d----- c:\docume~1\terry\applic~1\AVGTOOLBAR
2009-01-21 15:58 <DIR> --d----- c:\program files\AVG
2009-01-21 15:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8

==================== Find3M ====================

2009-01-29 00:34 1,744 a------- c:\windows\system32\d3d9caps.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 16:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 16:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2005-05-10 21:58 774,144 a------- c:\program files\RngInterstitial.dll
2001-12-14 21:56 17,408 a--sh--- c:\program files\Thumbs.db
2008-06-27 14:35 10,022 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-04 10:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 22:46:01.54 ===============

Attached Files



#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 14 February 2009 - 08:03 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
In your next reply include:
-the ComboFix log
-the GMER scan log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#4 Jersey Devil

Jersey Devil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:22 AM

Posted 14 February 2009 - 10:15 PM

Thank you Panda. The only change I made is running ComboFix a few days ago. I hav attached that combofix log as well.

ComboFix 09-02-12.03 - Terry 2009-02-14 21:55:35.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.664 [GMT -5:00]
Running from: c:\documents and settings\Terry\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-13 12:17 . 2009-02-13 12:17 <DIR> d-------- c:\documents and settings\Administrator.MAINDESKTOP.001\Application Data\SUPERAntiSpyware.com
2009-02-13 12:15 . 2001-12-14 17:43 <DIR> d-------- c:\documents and settings\Administrator.MAINDESKTOP.001\WINDOWS
2009-02-13 12:15 . 2001-12-14 17:11 <DIR> d-------- c:\documents and settings\Administrator.MAINDESKTOP.001\Application Data\Sony Corporation
2009-02-13 12:15 . 2001-12-14 17:00 <DIR> d-------- c:\documents and settings\Administrator.MAINDESKTOP.001\Application Data\InterTrust
2009-02-13 12:15 . 2009-02-13 12:16 <DIR> d-------- c:\documents and settings\Administrator.MAINDESKTOP.001
2009-02-10 23:18 . 2009-02-12 16:34 250 --a------ c:\windows\gmer.ini
2009-02-10 22:34 . 2009-02-10 22:34 262,144 --a------ c:\documents and settings\Owner
2009-02-05 16:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-05 16:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-05 16:03 . 2009-02-05 16:03 <DIR> d-------- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-02-04 23:21 . 2009-02-04 23:21 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-04 17:25 . 2009-02-04 17:25 <DIR> d-------- c:\windows\ERUNT
2009-02-04 17:04 . 2009-02-04 17:04 <DIR> d-------- c:\documents and settings\Terry\Application Data\Malwarebytes
2009-02-04 17:04 . 2009-02-04 17:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-04 15:35 . 2009-02-10 17:51 <DIR> d-------- C:\SDFix
2009-02-04 15:32 . 2009-02-04 15:32 <DIR> d-------- c:\windows\SUPERAntiSpyware.com
2009-01-31 21:05 . 2009-01-31 21:05 <DIR> d--hs---- c:\documents and settings\LocalService.NT AUTHORITY
2009-01-31 18:28 . 2001-12-14 17:43 <DIR> d-------- c:\documents and settings\Administrator.MAINDESKTOP.999\WINDOWS
2009-01-31 18:28 . 2009-01-31 21:00 <DIR> d-------- c:\documents and settings\Administrator.MAINDESKTOP.999
2009-01-31 17:33 . 2009-01-31 21:16 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-24 22:44 . 2009-02-06 12:05 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-22 16:00 . 2009-01-22 16:00 <DIR> d-------- c:\documents and settings\Heather\Application Data\AVGTOOLBAR
2009-01-22 15:56 . 2009-01-22 15:55 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-22 15:53 . 2009-01-22 15:53 <DIR> d-------- c:\program files\Lavasoft
2009-01-22 15:53 . 2009-01-22 15:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-22 15:53 . 2009-01-31 21:01 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-21 15:58 . 2009-01-30 22:40 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-21 15:58 . 2009-01-21 15:58 <DIR> d-------- c:\program files\AVG
2009-01-21 15:58 . 2009-01-31 21:03 <DIR> d-------- c:\documents and settings\Terry\Application Data\AVGTOOLBAR
2009-01-21 15:58 . 2009-02-10 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-21 15:58 . 2009-01-31 15:40 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-21 15:58 . 2009-01-31 15:40 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-21 15:58 . 2009-01-31 15:40 10,520 --a------ c:\windows\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 20:44 --------- d-----w c:\program files\Java
2009-02-04 20:32 --------- d-----w c:\documents and settings\Terry\Application Data\SUPERAntiSpyware.com
2009-02-04 20:31 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-01 02:03 --------- d-----w c:\documents and settings\Terry\Application Data\OfficeUpdate12
2009-02-01 02:03 --------- d-----w c:\documents and settings\Terry\Application Data\MSN6
2009-02-01 02:03 --------- d-----w c:\documents and settings\Terry\Application Data\McAfee.com Personal Firewall
2009-02-01 02:03 --------- d-----w c:\documents and settings\Terry\Application Data\Canon
2009-02-01 02:03 --------- d-----w c:\documents and settings\Terry\Application Data\AdobeUM
2009-02-01 02:01 --------- d-----w c:\documents and settings\Guest\Application Data\Morpheus
2009-02-01 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-02-01 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\MSN6
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2005-05-11 02:58 774,144 ----a-w c:\program files\RngInterstitial.dll
2001-12-15 02:56 17,408 --sha-w c:\program files\Thumbs.db
2008-06-27 19:35 10,022 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-04 15:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-02-10_19.45.56.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-11 04:18:45 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 02:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2009-02-11 04:18:45 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2001-11-19 1413120]
"ComcastSUPPORT"="c:\program files\Support.com\bin\tgkill.exe" [2001-11-21 57344]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 c:\windows\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 15:40 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.MJPG"= sonymjpg.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.I263"= i263_32.drv
"msacm.WRPR"= aviwrap.dll
"vidc.WRPR"= aviwrap.dll
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-01-29 15:56 509784 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"New.net Startup"=rundll32 c:\progra~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
"webHancer Survey Companion"="c:\program files\webHancer\Programs\whSurvey.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23711:TCP"= 23711:TCP:PORT_23711
"52605:TCP"= 52605:TCP:PORT_52605
"39303:TCP"= 39303:TCP:PORT_39303
"36574:TCP"= 36574:TCP:PORT_36574
"19721:TCP"= 19721:TCP:PORT_19721
"29356:TCP"= 29356:TCP:PORT_29356
"27817:TCP"= 27817:TCP:PORT_27817
"53491:TCP"= 53491:TCP:PORT_53491
"53451:TCP"= 53451:TCP:PORT_53451

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-21 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-21 107272]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [2001-12-14 12032]
R2 V7;V7;c:\windows\system32\drivers\V7.SYS [2002-01-25 7196]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 avg8emc;AVG Free8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [2009-01-21 903960]
S2 avg8wd;AVG Free8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-21 298264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2001-12-14 54271]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2001-12-14 593000]
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-31 21:16]

2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 21:59:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3025990876-2188283067-2291903390-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-02-14 22:02:27
ComboFix-quarantined-files.txt 2009-02-15 03:02:18
ComboFix2.txt 2009-02-10 20:48:15

Pre-Run: 3,811,733,504 bytes free
Post-Run: 3,801,358,336 bytes free

181 --- E O F --- 2009-02-10 21:09:14





GMER log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-14 22:07:31
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.14 ----

Attached Files



#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 15 February 2009 - 09:59 AM

Hello.

Looks like most of it was removed before ComboFix was run originally.

Update Java to Version 6 Update 12
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please download the installer here. Choose "Windows"

Delete the installer after use.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
F-Secure Online Scan
Please run F-Secure Online Scanner to check for anything we've missed.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please also include a new DDS.txt

ANy symptoms of infection at the moment?

With Regards,
The Panda

#6 Jersey Devil

Jersey Devil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:22 AM

Posted 16 February 2009 - 05:37 AM

Panda, F-scan did not find anything, log is attached. Here is the new DDS scan. Right now, when I go to start and all programs, my program list is there, but all of the program folders show as "empty". If I go to my computer, c, program files, I see all of the programs, but the folder contents are empty (or hidden, which is what I suspect, since my drive volume did not decrease when this bug hit).


DDS (Ver_09-02-01.01) - NTFSx86
Run by Terry at 5:23:38.98 on Mon 02/16/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.557 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Terry\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [ComcastSUPPORT] c:\program files\support.com\bin\tgkill.exe /cleaneahtioga /start
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Video Poker - hxxp://download.games.yahoo.com/games/clients/y/vpt0_x.cab
DPF: Yahoo! Blackjack - hxxp://download.games.yahoo.com/games/clients/y/jt0_x.cab
DPF: Yahoo! Dominoes - hxxp://download.games.yahoo.com/games/clients/y/dot8_x.cab
DPF: Yahoo! Literati - hxxp://download.games.yahoo.com/games/clients/y/tt0_x.cab
DPF: Yahoo! Poker - hxxp://download.games.yahoo.com/games/clients/y/pt3_x.cab
DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/potc_x.cab
DPF: Yahoo! Spades - hxxp://download.games.yahoo.com/games/clients/y/st2_x.cab
DPF: Yahoo! Spelldown - hxxp://download.games.yahoo.com/games/clients/y/sdt1_x.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131338303623
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1234761445695&h=491b84023739c5a1d72b75bbe7577c76/&filename=jinstall-6u12-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37597.7895717593
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} - hxxp://www.microsoft.com/security/controls/DoomCln.CAB
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-22 64160]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-7-15 266328]
R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [2001-12-14 12032]
R2 V7;V7;c:\windows\system32\drivers\V7.SYS [2002-1-25 7196]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2001-12-14 54271]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2001-12-14 593000]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2009-02-16 00:25 <DIR> --d----- C:\fsaua.data
2009-02-16 00:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-16 00:17 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-10 23:18 250 a------- c:\windows\gmer.ini
2009-02-10 15:42 <DIR> a-dshr-- C:\cmdcons
2009-02-10 15:39 161,792 a------- c:\windows\SWREG.exe
2009-02-10 15:39 98,816 a------- c:\windows\sed.exe
2009-02-05 16:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-05 16:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 23:21 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-02-04 17:25 <DIR> --d----- c:\windows\ERUNT
2009-02-04 17:04 <DIR> --d----- c:\docume~1\terry\applic~1\Malwarebytes
2009-02-04 17:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-04 15:35 <DIR> --d----- C:\SDFix
2009-02-04 15:32 <DIR> --d----- c:\windows\SUPERAntiSpyware.com
2009-01-31 17:33 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-22 15:56 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-22 15:53 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-22 15:53 <DIR> --d----- c:\program files\Lavasoft

==================== Find3M ====================

2009-01-29 00:34 1,744 a------- c:\windows\system32\d3d9caps.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 16:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 16:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2005-05-10 21:58 774,144 a------- c:\program files\RngInterstitial.dll
2001-12-14 21:56 17,408 a--sh--- c:\program files\Thumbs.db
2008-06-27 14:35 10,022 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-04 10:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 5:24:23.76 ===============

Attached Files



#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 16 February 2009 - 02:08 PM

Hello.

I go to start and all programs, my program list is there, but all of the program folders show as "empty".

I suspect they were deleted somehow.

If these files were hidden, we can unhide them.

Click on your Start Menu - >Run.. type:
attrib.exe -r -s -h -a "%userprofile%\Start Menu\Programs\*" /s

The files on your program files folder should stay hidden. It is unlikely that they were deleted.

With Regards,
The Panda

#8 Jersey Devil

Jersey Devil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:22 AM

Posted 16 February 2009 - 04:25 PM

Panda, that didn't seem to do anything......

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 16 February 2009 - 04:29 PM

Hello.

Type into your run box:
regsvr32 /i shell32.dll
Reboot.

Are those folders still appearing empty?

With Regards,
The Panda

#10 Jersey Devil

Jersey Devil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:22 AM

Posted 17 February 2009 - 03:20 PM

Panda,

OK, I ran that code. When I go through my start menu, all of the folders read as <empty>, except for the programs I installed in the last week or so. When I go through my computer, C, Program Files some of the folders are empty, some are not. Maybe the empty ones really did get deleted by this bug??

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 17 February 2009 - 03:57 PM

Hello.

It is possible. Which ones are empty? Are those programs still working?

With Regards,
The Panda

#12 Jersey Devil

Jersey Devil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:22 AM

Posted 19 February 2009 - 03:23 PM

Panda,
I went through all of my folders. It appears that everything is there now, no more hidden files. My Start Menu still shows the folders as empty, but if I navigate to the folder, the files are there. I did lose everthing on my old desktop (several files, that sucks) and I noticed that some programs were acting like it was their first time running (Itunes had no music library and no playlist). That is the type of thing that made me believe that my desktop had been hijacked in the first place. It would appear that the original issue has been resolved. I had to re-install AVG, as it would not work, and I installed COMODO firewall after reading the other posts on this site. I deleted all old Java as you suggested and will reinstall the current version. I also replaced AdAware with MBAM, seems to be a better program. Thank you for your help with this thing. Any other suggestiond before we close?

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 19 February 2009 - 04:39 PM

Hello.

MalwareBytes is very effective at removing malware. I would think that other programs detect malware better though.

Looks like you are good to go.

Download and Run OTCleanIt
This program will remove the tools we have used.
  • Download OTCleanIt by OldTimer to your desktop.
  • Double click OTCleanIt.exe to start the program.
  • Click the big CleanUp! button.
  • When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Delete the file after use, if it did not delete itself.

Set New System Restore Point
Now you should set a Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, tools cannot access it to delete these bad files, which sometimes can reinfect your system. Setting a new restore point after cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restore.
  • Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name then click Create.
  • Then, click on Start > Run and type:
    cleanmgr
  • Click OK > More Options tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.
Preventing Malware Infection in the Future
Please take some time to look at the following links, giving some advice and suggestions for preventing future infections: For general slowness problems that you may have, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#14 Jersey Devil

Jersey Devil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:22 AM

Posted 24 February 2009 - 03:07 PM

Thanks for all your help PP. I now know first-hand the importance of backing up your data. I did loose files on my root drive (pictures, word and excel documents, songs, all of my itunes libraries, IE bookmarks, etc).The folders are still there, but are empty for a lot of things. I have had to reinstall a lot of my programs. I'm still not sure what virus did this, but at least I am better protected now.
Thanks again for your assistance,
Terry

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 24 February 2009 - 03:33 PM

Glad we could help, Terry.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users