Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Virtumonde Problem Automatic Updates do not appear as being on


  • This topic is locked This topic is locked
19 replies to this topic

#1 tlovitz

tlovitz

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 14 February 2009 - 07:17 PM

I came across these forums in my effort to try to make sure my computer has been cleaned properly after a probably infection by Virtumonde. I was having a problem with Firefox browser windows popping up randomly and Windows Security Alerts says that Automatic Updates are not turned on, even though when I look at the properties in Automatic updates, they are. I ran McAfee virus scan, Spybot S&D, and Ad-Aware Anniversary Edition Free. It came up that I may have Virtumonde on my machine and one thing I read was that Virtumonde may be installed with other, harder to detect malicious software. I cleaned up what virus scan, Spybot, and Ad-Aware found, but Windows Security Alerts indicate that Automatic Updates are still turned off. Also, as of the latest reboot, the McAfee icon in the start bar is invisible, although, it appears to function. I ran DDS as indicated in the Preparation Guide and have included them as instructed.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Tom at 18:01:01.92 on Sat 02/14/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1944 [GMT -6:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\UT VPN Client\cvpnd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\RMClock\RMClock.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Tom\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\tom\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RMClock] "c:\program files\rmclock\RMClockLauncher.exe"
uRun: [Aim6]
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [eMuleAutoStart] c:\program files\emule\emule.exe -AutoStart
mRun: [ATKHOTKEY] "c:\program files\atk hotkey\Hcontrol.exe"
mRun: [MsgTranAgt] "c:\program files\atk hotkey\MsgTranAgt.exe"
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Wireless Console 2] "c:\program files\wireless console 2\wcourier.exe"
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [NB Probe] c:\program files\asus\nb probe\NBProbe.exe
mRun: [PowerForPhone] c:\program files\powerforphone\PowerForPhone.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\wallpa~1.lnk - c:\program files\wallpapertoy\Wallpapertoy.Exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219937164734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnlligD

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\dgujtqsh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\tom\application data\mozilla\firefox\profiles\dgujtqsh.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\tom\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\tom\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-11 64160]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-5-12 31816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-8-25 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-5-12 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-5-12 54608]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2008-9-7 34304]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\atkhot~1\ASNDIS5.SYS [2008-8-24 16269]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-8-25 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-8-25 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-8-25 174952]
R3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2008-9-6 4608]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-9-1 57408]
S3 7ByteIo;7ByteIo;\??\c:\program files\hot cpu tester pro 4 le\sysinfo.sys --> c:\program files\hot cpu tester pro 4 le\SysInfo.sys [?]
S3 cpuz129;cpuz129;\??\c:\docume~1\tom\locals~1\temp\cpuz_x32.sys --> c:\docume~1\tom\locals~1\temp\cpuz_x32.sys [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2008-8-24 41656]
S3 mfefeatk01;McAfee Inc.;\Device\mfefeatk01.sys --> \Device\mfefeatk01.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\docume~1\tom\locals~1\temp\f-secure\anti-virus\fsblsrv.exe --> c:\docume~1\tom\locals~1\temp\f-secure\anti-virus\fsblsrv.exe [?]

=============== Created Last 30 ================

2009-02-11 21:39 89 a------- c:\windows\wininit.ini
2009-02-11 21:37 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-11 19:18 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-11 19:17 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-11 19:16 <DIR> --d----- c:\program files\Lavasoft
2009-01-30 21:46 290,816 a------- c:\windows\vncutil.exe
2009-01-30 21:46 104,992 a------- c:\windows\RtkAudioService.exe
2009-01-30 21:46 34,816 a------- c:\windows\system32\RtkCoInstXP.dll
2009-01-30 21:46 1,389,056 a------- c:\windows\system32\drivers\Monfilt.sys
2009-01-30 21:46 1,684,736 a------- c:\windows\system32\drivers\Ambfilt.sys
2009-01-30 20:37 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-01-30 20:37 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-01-30 20:37 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-01-30 20:37 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-01-30 20:37 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-01-30 20:37 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-01-30 20:37 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-01-30 20:36 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-30 20:00 <DIR> --d----- c:\program files\Max Payne

==================== Find3M ====================

2009-01-14 01:14 3,455,488 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-01-13 23:46 11,591,680 a------- c:\windows\system32\atioglxx.dll
2009-01-13 22:53 286,720 a------- c:\windows\system32\atiok3x2.dll
2009-01-13 22:49 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2009-01-13 22:47 323,584 a------- c:\windows\system32\ati2dvag.dll
2009-01-13 22:36 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-01-13 22:36 151,552 a------- c:\windows\system32\Oemdspif.dll
2009-01-13 22:36 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-01-13 22:35 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-01-13 22:35 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-01-13 22:34 598,016 a------- c:\windows\system32\ati2evxx.exe
2009-01-13 22:32 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-01-13 22:22 4,009,152 a------- c:\windows\system32\ati3duag.dll
2009-01-13 22:05 2,500,224 a------- c:\windows\system32\ativvaxx.dll
2009-01-13 22:05 3,107,788 a------- c:\windows\system32\ativvaxx.dat
2009-01-13 22:05 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-01-13 22:05 887,724 a------- c:\windows\system32\ativva6x.dat
2009-01-13 21:50 48,640 a------- c:\windows\system32\amdpcom32.dll
2009-01-13 21:45 401,408 a------- c:\windows\system32\atikvmag.dll
2009-01-13 21:44 110,592 a------- c:\windows\system32\atiadlxx.dll
2009-01-13 21:44 17,408 a------- c:\windows\system32\atitvo32.dll
2009-01-13 21:43 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-01-13 21:37 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-01-13 21:37 577,536 a------- c:\windows\system32\ati2cqag.dll
2009-01-13 21:05 593,920 a------- c:\windows\system32\ati2sgag.exe
2009-01-13 20:36 45,056 a------- c:\windows\system32\amdcalrt.dll
2009-01-13 20:36 45,056 a------- c:\windows\system32\amdcalcl.dll
2009-01-13 20:34 3,227,648 a------- c:\windows\system32\Amdcaldd.dll
2009-01-06 19:00 4,968,448 a------- c:\windows\system32\drivers\RtkHDAud.sys
2008-12-30 14:58 18,082,304 a------- c:\windows\RTHDCPL.EXE
2008-12-11 00:27 45,056 a------- c:\windows\system32\WNASPI32.DLL
2008-11-25 02:45 2,283,027 a------- c:\windows\system32\x264vfw.dll
2008-11-24 08:32 57,344 a------- c:\windows\system32\ff_vfw.dll
2008-07-11 16:37 32 a----r-- c:\documents and settings\all users\hash.dat
2008-09-23 12:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 18:02:21.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:39 AM

Posted 26 February 2009 - 12:07 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 tlovitz

tlovitz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 28 February 2009 - 02:35 PM

Attached is the Attach.txt file, zipped as instructed previously. Here is the DDS.txt contents with virus scan on access scan disabled.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Tom at 13:29:59.04 on Sat 02/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2203 [GMT -6:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\UT VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\RMClock\RMClock.exe
C:\Documents and Settings\Tom\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\MathType\MathType.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\tom\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RMClock] "c:\program files\rmclock\RMClockLauncher.exe"
uRun: [Aim6]
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SansaDispatch] c:\documents and settings\tom\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [eMuleAutoStart] c:\program files\emule\emule.exe -AutoStart
mRun: [ATKHOTKEY] "c:\program files\atk hotkey\Hcontrol.exe"
mRun: [MsgTranAgt] "c:\program files\atk hotkey\MsgTranAgt.exe"
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Wireless Console 2] "c:\program files\wireless console 2\wcourier.exe"
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [NB Probe] c:\program files\asus\nb probe\NBProbe.exe
mRun: [PowerForPhone] c:\program files\powerforphone\PowerForPhone.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\wallpa~1.lnk - c:\program files\wallpapertoy\Wallpapertoy.Exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219937164734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnlligD

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\dgujtqsh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\tom\application data\mozilla\firefox\profiles\dgujtqsh.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\tom\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\tom\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-11 64160]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-5-12 31816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2008-9-7 34304]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\atkhot~1\ASNDIS5.SYS [2008-8-24 16269]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-8-25 174952]
R3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2008-9-6 4608]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-9-1 57408]
S2 gupdate1c992e626cc1694;Google Update Service (gupdate1c992e626cc1694);c:\program files\google\update\GoogleUpdate.exe [2009-2-19 133104]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-8-25 104000]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-5-12 144704]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-5-12 54608]
S3 7ByteIo;7ByteIo;\??\c:\program files\hot cpu tester pro 4 le\sysinfo.sys --> c:\program files\hot cpu tester pro 4 le\SysInfo.sys [?]
S3 cpuz129;cpuz129;\??\c:\docume~1\tom\locals~1\temp\cpuz_x32.sys --> c:\docume~1\tom\locals~1\temp\cpuz_x32.sys [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2008-8-24 41656]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-8-25 72936]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-8-25 33960]
S3 mfefeatk01;McAfee Inc.;\Device\mfefeatk01.sys --> \Device\mfefeatk01.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\docume~1\tom\locals~1\temp\f-secure\anti-virus\fsblsrv.exe --> c:\docume~1\tom\locals~1\temp\f-secure\anti-virus\fsblsrv.exe [?]

=============== Created Last 30 ================

2009-02-24 18:51 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-02-24 16:07 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-21 12:01 <DIR> --d----- c:\program files\Vega Strike
2009-02-20 17:14 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-02-20 17:14 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-02-20 17:14 <DIR> --d----- c:\program files\OpenAL
2009-02-20 17:14 <DIR> --d----- c:\program files\Warzone 2100
2009-02-18 16:51 <DIR> --d----- c:\docume~1\tom\applic~1\SanDisk
2009-02-17 18:45 <DIR> --d----- C:\9be77513d6b5bec63752c0cb
2009-02-17 18:45 <DIR> --d----- c:\windows\SxsCaPendDel
2009-02-17 18:39 <DIR> --d----- c:\program files\Microsoft
2009-02-11 21:39 89 a------- c:\windows\wininit.ini
2009-02-11 21:37 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-11 19:18 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-11 19:17 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-11 19:16 <DIR> --d----- c:\program files\Lavasoft
2009-01-30 21:46 290,816 a------- c:\windows\vncutil.exe
2009-01-30 21:46 104,992 a------- c:\windows\RtkAudioService.exe
2009-01-30 21:46 34,816 a------- c:\windows\system32\RtkCoInstXP.dll
2009-01-30 21:46 1,389,056 a------- c:\windows\system32\drivers\Monfilt.sys
2009-01-30 21:46 1,684,736 a------- c:\windows\system32\drivers\Ambfilt.sys
2009-01-30 20:37 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-01-30 20:37 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-01-30 20:37 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-01-30 20:37 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-01-30 20:37 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-01-30 20:37 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-01-30 20:37 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-01-30 20:36 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-30 20:00 <DIR> --d----- c:\program files\Max Payne

==================== Find3M ====================

2009-01-22 08:25 120,064 a------- c:\windows\system32\drivers\Rtenicxp.sys
2009-01-16 14:45 73,728 a------- c:\windows\system32\RtNicProp32.dll
2009-01-14 01:14 3,455,488 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-01-13 23:46 11,591,680 a------- c:\windows\system32\atioglxx.dll
2009-01-13 22:53 286,720 a------- c:\windows\system32\atiok3x2.dll
2009-01-13 22:49 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2009-01-13 22:47 323,584 a------- c:\windows\system32\ati2dvag.dll
2009-01-13 22:36 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-01-13 22:36 151,552 a------- c:\windows\system32\Oemdspif.dll
2009-01-13 22:36 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-01-13 22:35 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-01-13 22:35 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-01-13 22:34 598,016 a------- c:\windows\system32\ati2evxx.exe
2009-01-13 22:32 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-01-13 22:22 4,009,152 a------- c:\windows\system32\ati3duag.dll
2009-01-13 22:05 2,500,224 a------- c:\windows\system32\ativvaxx.dll
2009-01-13 22:05 3,107,788 a------- c:\windows\system32\ativvaxx.dat
2009-01-13 22:05 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-01-13 22:05 887,724 a------- c:\windows\system32\ativva6x.dat
2009-01-13 21:50 48,640 a------- c:\windows\system32\amdpcom32.dll
2009-01-13 21:45 401,408 a------- c:\windows\system32\atikvmag.dll
2009-01-13 21:44 110,592 a------- c:\windows\system32\atiadlxx.dll
2009-01-13 21:44 17,408 a------- c:\windows\system32\atitvo32.dll
2009-01-13 21:43 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-01-13 21:37 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-01-13 21:37 577,536 a------- c:\windows\system32\ati2cqag.dll
2009-01-13 21:05 593,920 a------- c:\windows\system32\ati2sgag.exe
2009-01-13 20:36 45,056 a------- c:\windows\system32\amdcalrt.dll
2009-01-13 20:36 45,056 a------- c:\windows\system32\amdcalcl.dll
2009-01-13 20:34 3,227,648 a------- c:\windows\system32\Amdcaldd.dll
2009-01-06 19:00 4,968,448 a------- c:\windows\system32\drivers\RtkHDAud.sys
2008-12-30 14:58 18,082,304 a------- c:\windows\RTHDCPL.EXE
2008-12-20 17:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-11 00:27 45,056 a------- c:\windows\system32\WNASPI32.DLL
2008-07-11 16:37 32 a----r-- c:\documents and settings\all users\hash.dat
2008-09-23 12:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 13:30:56.09 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 28 February 2009 - 04:04 PM

Hello.

I do see some infections and one of them indeed includes the vundo infection. Please run these two scans.

Download and run MalwareBytes Anti-Malware(Full Scan)

Please download Malwarebytes Anti-Malware and save it to your desktop if you lost your copy and need to install it, otherwise skip the installation step and continue with the Full Scan.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • After the reboot, run Gmer again and click on the Rootkit tab.[list]
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
If GMER doesn't work in Normal Mode try running it in Safe Mode

Important!:Please do not select the Show all checkbox during the scan..

Post back with:
-MBAM log
-GMER log
-New DDS log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 03 March 2009 - 04:10 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 tlovitz

tlovitz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 03 March 2009 - 06:13 PM

Sorry for the delay. Here's the MBAM log. Unfortunately, I need to do some work on my computer right now so I can't run gmer with all programs closed down. I'll run that later this evening and will have it up either tonight or tomorrow afternoon. The only thing I'll be doing in the meantime is using Adobe Illustrator.

Thank you very much for the help.

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 3

3/3/2009 5:07:07 PM
mbam-log-2009-03-03 (17-07-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 178689
Time elapsed: 1 hour(s), 41 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Tom\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\GINYJG6H\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\PGLGLDUU\upd105320[2] (Trojan.Vundo) -> Quarantined and deleted successfully.


#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 03 March 2009 - 06:36 PM

Hello.

That's fine. Post the gmer once you get back.

Let me know if you have any problems regarding the PC afterwards as well.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 03 March 2009 - 06:36 PM

Hello.

That's fine. Post the gmer once you get back.

Let me know if you have any problems regarding the PC afterwards as well.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 tlovitz

tlovitz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 04 March 2009 - 09:20 PM

The gmer log follows:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-04 17:31:59
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF750787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7507C10]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xED46DA51]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xED46DA7D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xED46DA27]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xED46DA67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xED46DAA9]

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP ED46DAAD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP ED46DA6B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP ED46DA55 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP ED46DA81 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP ED46DA2B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2304] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows ® Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Files - GMER 1.0.14 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes

---- EOF - GMER 1.0.14 ----


The DDS.txt is pasted below and the Attach.txt is attached in a zip folder. Wasn't sure if you needed both.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Tom at 17:33:25.57 on Wed 03/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2442 [GMT -6:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\UT VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Tom\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Documents and Settings\Tom\Desktop\g0er\gmer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\tom\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RMClock] "c:\program files\rmclock\RMClockLauncher.exe"
uRun: [Aim6]
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SansaDispatch] c:\documents and settings\tom\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [eMuleAutoStart] c:\program files\emule\emule.exe -AutoStart
mRun: [ATKHOTKEY] "c:\program files\atk hotkey\Hcontrol.exe"
mRun: [MsgTranAgt] "c:\program files\atk hotkey\MsgTranAgt.exe"
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Wireless Console 2] "c:\program files\wireless console 2\wcourier.exe"
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [NB Probe] c:\program files\asus\nb probe\NBProbe.exe
mRun: [PowerForPhone] c:\program files\powerforphone\PowerForPhone.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\wallpa~1.lnk - c:\program files\wallpapertoy\Wallpapertoy.Exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219937164734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnlligD

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\dgujtqsh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\tom\application data\mozilla\firefox\profiles\dgujtqsh.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\tom\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\tom\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-5-12 144704]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-11 64160]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-5-12 31816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-8-25 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-5-12 54608]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2008-9-7 34304]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\atkhot~1\ASNDIS5.SYS [2008-8-24 16269]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-8-25 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-8-25 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-8-25 174952]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-9-1 57408]
S2 gupdate1c992e626cc1694;Google Update Service (gupdate1c992e626cc1694);c:\program files\google\update\GoogleUpdate.exe [2009-2-19 133104]
S3 7ByteIo;7ByteIo;\??\c:\program files\hot cpu tester pro 4 le\sysinfo.sys --> c:\program files\hot cpu tester pro 4 le\SysInfo.sys [?]
S3 cpuz129;cpuz129;\??\c:\docume~1\tom\locals~1\temp\cpuz_x32.sys --> c:\docume~1\tom\locals~1\temp\cpuz_x32.sys [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2008-8-24 41656]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S3 mfefeatk01;McAfee Inc.;\Device\mfefeatk01.sys --> \Device\mfefeatk01.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\docume~1\tom\locals~1\temp\f-secure\anti-virus\fsblsrv.exe --> c:\docume~1\tom\locals~1\temp\f-secure\anti-virus\fsblsrv.exe [?]

=============== Created Last 30 ================

2009-03-02 18:29 <DIR> --d----- c:\docume~1\tom\applic~1\Malwarebytes
2009-03-02 18:29 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-02 18:29 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-02 18:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-02 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-24 18:51 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-02-24 16:07 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-21 12:01 <DIR> --d----- c:\program files\Vega Strike
2009-02-20 17:14 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-02-20 17:14 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-02-20 17:14 <DIR> --d----- c:\program files\OpenAL
2009-02-20 17:14 <DIR> --d----- c:\program files\Warzone 2100
2009-02-18 16:51 <DIR> --d----- c:\docume~1\tom\applic~1\SanDisk
2009-02-17 18:45 <DIR> --d----- C:\9be77513d6b5bec63752c0cb
2009-02-17 18:45 <DIR> --d----- c:\windows\SxsCaPendDel
2009-02-17 18:39 <DIR> --d----- c:\program files\Microsoft
2009-02-11 21:39 89 a------- c:\windows\wininit.ini
2009-02-11 21:37 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-11 19:18 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-11 19:17 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-11 19:16 <DIR> --d----- c:\program files\Lavasoft

==================== Find3M ====================

2009-01-22 08:25 120,064 a------- c:\windows\system32\drivers\Rtenicxp.sys
2009-01-16 14:45 73,728 a------- c:\windows\system32\RtNicProp32.dll
2009-01-14 01:14 3,455,488 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-01-13 23:46 11,591,680 a------- c:\windows\system32\atioglxx.dll
2009-01-13 22:53 286,720 a------- c:\windows\system32\atiok3x2.dll
2009-01-13 22:49 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2009-01-13 22:47 323,584 a------- c:\windows\system32\ati2dvag.dll
2009-01-13 22:36 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-01-13 22:36 151,552 a------- c:\windows\system32\Oemdspif.dll
2009-01-13 22:36 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-01-13 22:35 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-01-13 22:35 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-01-13 22:34 598,016 a------- c:\windows\system32\ati2evxx.exe
2009-01-13 22:32 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-01-13 22:22 4,009,152 a------- c:\windows\system32\ati3duag.dll
2009-01-13 22:05 2,500,224 a------- c:\windows\system32\ativvaxx.dll
2009-01-13 22:05 3,107,788 a------- c:\windows\system32\ativvaxx.dat
2009-01-13 22:05 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-01-13 22:05 887,724 a------- c:\windows\system32\ativva6x.dat
2009-01-13 21:50 48,640 a------- c:\windows\system32\amdpcom32.dll
2009-01-13 21:45 401,408 a------- c:\windows\system32\atikvmag.dll
2009-01-13 21:44 110,592 a------- c:\windows\system32\atiadlxx.dll
2009-01-13 21:44 17,408 a------- c:\windows\system32\atitvo32.dll
2009-01-13 21:43 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-01-13 21:37 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-01-13 21:37 577,536 a------- c:\windows\system32\ati2cqag.dll
2009-01-13 21:05 593,920 a------- c:\windows\system32\ati2sgag.exe
2009-01-13 20:36 45,056 a------- c:\windows\system32\amdcalrt.dll
2009-01-13 20:36 45,056 a------- c:\windows\system32\amdcalcl.dll
2009-01-13 20:34 3,227,648 a------- c:\windows\system32\Amdcaldd.dll
2009-01-06 19:00 4,968,448 a------- c:\windows\system32\drivers\RtkHDAud.sys
2009-01-05 16:16 34,816 a------- c:\windows\system32\RtkCoInstXP.dll
2008-12-30 14:58 18,082,304 a------- c:\windows\RTHDCPL.EXE
2008-12-20 17:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-11 00:27 45,056 a------- c:\windows\system32\WNASPI32.DLL
2008-07-11 16:37 32 a----r-- c:\documents and settings\all users\hash.dat
2008-09-23 12:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 17:33:52.73 ===============


Once again, thank you very much for your assistance.

Attached Files



#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 05 March 2009 - 12:55 PM

Hello.

Could you answer this question.

Let me know if you have any problems regarding the PC afterwards as well.

With Regards,
Extremeboy


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 tlovitz

tlovitz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 05 March 2009 - 05:23 PM

The computer seems to be working fine. I did notice though after checking the 5 boxes in gmer then restarting the computer, on the first restart, the computer informed me that it couldn't find my account and was logging me in with a temporary profile. I restarted the computer again, logged in to my account, then ran gmer. I thought that was a little odd. I have restarted since then and run into no similar problems.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 05 March 2009 - 06:20 PM

Hello.

That looks okay but there are a few entries we need to remove.

Please remove this outdated java version via add/remove

Java™ 6 Update 7

Download and Run OTMoveIT3
  • Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :services
    cpuz129
    :files
    c:\docume~1\tom\locals~1\temp\cpuz_x32.sys 
    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 07 March 2009 - 09:22 AM

Hello.

How's everything coming along?

I Just bumped this topic as I will need to close it if you do not respond in another 2-3 days.

Thanks for understanding :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 tlovitz

tlovitz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 08 March 2009 - 04:59 PM

MoveIt Log:

========== SERVICES/DRIVERS ==========
Service cpuz129 stopped successfully.
Service cpuz129 deleted successfully.
========== FILES ==========
File/Folder c:\docume~1\tom\locals~1\temp\cpuz_x32.sys not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\NAILogs\UpdaterUI_FRANKENSTEIN.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\etilqs_W8VAJMTVkmSjvJiZp18g scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\Perflib_Perfdata_9c4.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_520.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV2.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\dgujtqsh.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\dgujtqsh.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\dgujtqsh.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\dgujtqsh.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\dgujtqsh.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03082009_092154

Files moved on Reboot...
C:\DOCUME~1\Tom\LOCALS~1\Temp\NAILogs\UpdaterUI_FRANKENSTEIN.log moved successfully.
File C:\DOCUME~1\Tom\LOCALS~1\Temp\etilqs_W8VAJMTVkmSjvJiZp18g not found!
File C:\DOCUME~1\Tom\LOCALS~1\Temp\Perflib_Perfdata_9c4.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_520.dat not found!
File move failed. C:\WINDOWS\temp\WFV2.tmp scheduled to be moved on reboot.
C:\Documents and Settings\Tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\dgujtqsh.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\dgujtqsh.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\dgujtqsh.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\dgujtqsh.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\dgujtqsh.default\urlclassifier3.sqlite moved successfully.


Kaspersky Scan in progress.

Thanks.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 08 March 2009 - 05:59 PM

Okay, thanks for the update :thumbup2:

post the kaspersky once it's done.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users