Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Vundo


  • This topic is locked This topic is locked
7 replies to this topic

#1 lawrencep

lawrencep

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 05 March 2009 - 01:41 PM

Thanks for the help.

Internet sites won't load properly or are very slow, some random ads. The speed issue is what I picked up on when trying to download last night's Lost episode.

MBAM found Vundo, 3 files were removed in 'quick scan'. Rebooted and re-ran 'full scan' and it picked up 12 issues. Each reboot and rerun keeps finding same files. Below are the required scan files.


DDS


DDS (Ver_09-02-01.01) - NTFSx86
Run by Patrick Lawrence at 13:23:01.09 on Thu 03/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2808 [GMT -5:00]

AV: Total Protection for Small Business *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r205445\stacsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SONICW~1\SONICW~1\mantispm.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\NBC Direct\DirectPlayerCore.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Patrick Lawrence\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Matador] "c:\progra~1\sonicw~1\sonicw~1\mantispm.exe" -quiet
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Pando Media Booster] "c:\program files\pando networks\media booster\PMB.exe"
uRun: [DirectPlayerCore] "c:\program files\nbc direct\DirectPlayerCore.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\agent\Splash.exe"
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Update.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233061058062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.7.0.566.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-28 201320]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-27 1664248]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2008-7-1 110592]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-9-4 406808]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-11-11 451872]
R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2009-1-28 14144]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-8-5 29184016]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2009-1-28 169280]
R2 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2009-1-28 78640]
R2 SWAGENT;SonicWALL Agent Service;c:\program files\mcafee\managed virusscan\agent\swAgent.exe [2009-1-28 69632]
R2 Webcamera Plus Service;Webcamera Plus Service;c:\program files\ateksoft\webcamera plus\WebCamPlusSrv.exe [2009-2-5 46592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-1-17 112128]
R3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2009-2-5 11776]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-17 110080]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2009-1-28 23180]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2008-7-31 81920]
S3 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2009-1-28 144704]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2009-1-28 79304]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2009-1-28 35240]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2009-1-28 33832]

=============== Created Last 30 ================

2009-03-05 12:26 161,792 a------- c:\windows\SWREG.exe
2009-03-05 12:26 98,816 a------- c:\windows\sed.exe
2009-03-05 12:26 <DIR> --d----- C:\ComboFix
2009-03-05 09:25 143,360 a------- c:\windows\system32\bcmwlapi.dll
2009-03-02 20:37 <DIR> --d----- c:\docume~1\patric~1\applic~1\GARMIN
2009-02-25 11:30 28 a------- c:\windows\pdf995.ini
2009-02-25 11:29 249,856 a------- c:\windows\system32\pdfmona.dll
2009-02-25 11:29 51,716 a------- c:\windows\system32\pdf995mon.dll
2009-02-25 11:29 142 a------- c:\windows\wpd99.drv
2009-02-25 11:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\pdf995
2009-02-24 23:24 5,632 a------- c:\windows\system32\ptpusb.dll
2009-02-24 23:24 159,232 a------- c:\windows\system32\ptpusd.dll
2009-02-21 20:25 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-20 12:38 <DIR> --d----- c:\docume~1\patric~1\applic~1\LimeWire
2009-02-20 12:36 <DIR> --d----- c:\program files\LimeWire
2009-02-20 11:22 <DIR> --d----- c:\docume~1\patric~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-20 11:10 <DIR> --d----- c:\program files\Carbonite
2009-02-20 11:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Carbonite
2009-02-19 16:07 <DIR> --d----- c:\program files\Deskperience
2009-02-19 16:07 <DIR> --d----- c:\docume~1\patric~1\applic~1\Deskperience
2009-02-18 10:38 267,864 a----r-- C:\hpzids01.dll
2009-02-18 10:37 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-02-18 10:37 6,784 a------- c:\windows\system32\drivers\serscan.sys
2009-02-16 11:45 <DIR> --d----- c:\program files\IrfanView
2009-02-15 11:43 <DIR> --d----- c:\docume~1\patric~1\applic~1\TaxCut
2009-02-15 11:13 <DIR> --d----- c:\program files\PDF995
2009-02-15 11:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TaxCut
2009-02-15 11:10 <DIR> --d----- c:\program files\TaxCut08
2009-02-15 11:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Amazon
2009-02-13 09:56 <DIR> --d----- c:\docume~1\patric~1\applic~1\NBC Direct
2009-02-13 09:55 <DIR> --d----- c:\docume~1\patric~1\applic~1\IDM
2009-02-13 09:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2009-02-13 09:55 <DIR> --d----- c:\program files\Pando Networks
2009-02-13 09:55 <DIR> a-d----- c:\program files\NBC Direct
2009-02-13 09:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NBC Direct
2009-02-11 18:57 <DIR> --d----- c:\windows\SQL9_KB960089_ENU
2009-02-09 21:32 <DIR> --d----- c:\docume~1\patric~1\applic~1\Malwarebytes
2009-02-09 21:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-09 21:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 21:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-09 21:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-05 22:56 11,776 a------- c:\windows\system32\drivers\ateksoftaudio.sys
2009-02-05 22:56 <DIR> --d----- c:\program files\Ateksoft
2009-02-04 10:06 376 a------- c:\windows\ODBC.INI
2009-02-03 17:18 <DIR> --d----- c:\program files\CCleaner

==================== Find3M ====================

2009-03-05 13:08 2,098 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-03-05 09:25 2,670,592 a------- c:\windows\system32\WLBCGCBPRO731.DLL
2009-03-05 09:25 2,220,032 a------- c:\windows\system32\WLTRAY.EXE
2009-03-05 09:25 65,536 a------- c:\windows\system32\wltrynt.dll
2009-03-05 09:25 24,064 a------- c:\windows\system32\WLTRYSVC.EXE
2009-03-05 09:25 1,961,984 a------- c:\windows\system32\BCMWLTRY.EXE
2009-03-05 09:25 1,287,552 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-03-05 09:25 286,720 a------- c:\windows\system32\bcmwlu00.exe
2009-03-05 09:25 69,632 a------- c:\windows\system32\bcmwlpkt.dll
2009-03-05 09:25 33,664 a------- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-03-05 09:25 815,104 a------- c:\windows\system32\BCMLogon.dll
2009-03-05 09:25 753,664 a------- c:\windows\system32\bcm1xsup.dll
2009-02-18 10:40 147,624 a------- c:\windows\hpoins21.dat
2009-01-28 12:48 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-28 12:08 726,008 a------- c:\documents and settings\patrick lawrence\gotomypc_437.exe
2009-01-28 11:44 88 ---shr-- c:\docume~1\alluse~1\applic~1\F945FC7431.sys
2009-01-17 13:27 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-01-17 13:27 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-17 09:23 3,635 a------- c:\windows\system32\drivers\1028_Dell_LAT_FS5.mrk
2009-01-17 07:31 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 13:23:09.14 ===============



ATTACH


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/27/2009 7:08:40 AM
System Uptime: 3/5/2009 1:05:42 PM (0 hours ago)

Motherboard: Dell Inc. | | 0DW634
Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1995/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 92.123 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart C7200 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: HP Photosmart C7200 #2
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

RP1: 1/27/2009 7:08:42 AM - System Checkpoint
RP2: 1/27/2009 7:15:08 AM - Installed Microsoft Office Standard 2007
RP3: 1/27/2009 7:59:00 AM - Software Distribution Service 3.0
RP4: 1/27/2009 8:23:35 AM - Software Distribution Service 3.0
RP5: 1/27/2009 8:39:59 AM - Software Distribution Service 3.0
RP6: 1/27/2009 8:41:34 AM - Software Distribution Service 3.0
RP7: 1/27/2009 8:56:19 AM - Installed ExpensAble 7
RP8: 1/27/2009 8:56:43 AM - Installed ExpensAble 7
RP9: 1/27/2009 8:59:45 AM - Installed Adobe Reader 9.
RP10: 1/28/2009 11:14:46 AM - Installed SonicWALL Global VPN Client
RP11: 1/28/2009 11:36:51 AM - Installed ACT! by Sage Premium 2009 (11.0)
RP12: 1/28/2009 12:48:56 PM - Installed Java™ 6 Update 11
RP13: 1/28/2009 1:15:05 PM - Installed WS_FTP
RP14: 1/28/2009 4:26:30 PM - Removed Google Toolbar for Internet Explorer
RP15: 1/28/2009 4:26:51 PM - Removed Microsoft Silverlight
RP16: 1/28/2009 4:27:22 PM - Removed Windows Live Sign-in Assistant
RP17: 1/28/2009 4:27:51 PM - Removed Microsoft Office Live Add-in 1.3
RP18: 1/28/2009 4:28:36 PM - Removed Microsoft .NET Framework 3.0 Service Pack 1
RP19: 1/28/2009 4:29:41 PM - Removed Microsoft .NET Framework 2.0 Service Pack 1
RP20: 1/29/2009 3:00:14 AM - Software Distribution Service 3.0
RP21: 1/29/2009 6:44:22 AM - Installed iTunes
RP22: 2/2/2009 8:53:32 AM - Installed XPS Essentials Pack
RP23: 2/2/2009 9:30:16 AM - Printer Driver CutePDF Writer Installed
RP24: 2/2/2009 10:47:05 AM - Printer Driver HP Photosmart C7200 series fax Installed
RP25: 2/2/2009 12:36:04 PM - Installed Microsoft ActiveSync 4.0
RP26: 2/3/2009 5:55:41 AM - Removed Microsoft ActiveSync 4.0
RP27: 2/3/2009 5:55:46 AM - Installed Microsoft ActiveSync
RP28: 2/4/2009 4:40:38 PM - Printer Driver Microsoft XPS Document Writer Installed
RP29: 2/4/2009 5:11:13 PM - Removed Dell ControlPoint Connection Manager.
RP30: 2/5/2009 7:33:35 PM - System Checkpoint
RP31: 2/6/2009 11:54:17 PM - System Checkpoint
RP32: 2/8/2009 12:38:21 AM - System Checkpoint
RP33: 2/9/2009 4:12:42 AM - System Checkpoint
RP34: 2/10/2009 6:55:30 PM - System Checkpoint
RP35: 2/11/2009 6:56:41 PM - Software Distribution Service 3.0
RP36: 2/12/2009 10:12:00 PM - System Checkpoint
RP37: 2/13/2009 11:33:16 PM - System Checkpoint
RP38: 2/14/2009 12:22:00 PM - Software Distribution Service 3.0
RP39: 2/15/2009 11:13:31 AM - Installed TaxCut Premium + State + Efile 2008.
RP40: 2/16/2009 2:08:56 PM - Software Distribution Service 3.0
RP41: 2/17/2009 8:47:54 PM - System Checkpoint
RP42: 2/19/2009 12:42:23 AM - System Checkpoint
RP43: 2/19/2009 4:01:56 PM - Installed IE Pass Revealer
RP44: 2/19/2009 4:07:08 PM - Installed Aqua Deskperience.
RP45: 2/19/2009 10:38:06 PM - Installed TaxCut New Jersey 2008.
RP46: 2/20/2009 10:33:21 AM - Removed IE Pass Revealer
RP47: 2/20/2009 2:12:05 PM - Installed Microsoft Office Professional Edition 2003
RP48: 2/23/2009 9:28:25 AM - Configured Microsoft Office Standard 2007
RP49: 2/25/2009 11:29:47 AM - Printer Driver PDF995 Printer Driver Installed
RP50: 2/26/2009 2:39:29 PM - Software Distribution Service 3.0
RP51: 3/2/2009 10:32:09 AM - System Checkpoint
RP52: 3/4/2009 10:20:59 AM - Installed Broadcom Gigabit Integrated Controller.
RP53: 3/5/2009 9:27:44 AM - Installed Dell ControlPoint Connection Manager.
RP54: 3/5/2009 11:34:14 AM - Removed Dell ControlPoint Connection Manager.
RP55: 3/5/2009 12:27:03 PM - ComboFix created restore point

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Acrobat.com
ACT! by Sage Premium 2009 (11.0)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
AI RoboForm (All Users)
AIO_Scan
All Day Battery Life Configuration
Apple Mobile Device Support
Apple Software Update
Aqua Deskperience
AuthenTec Fingerprint System
BioAPI Framework
biolsp patch
Bonjour
Broadcom Gigabit Integrated Controller
Broadcom Management Programs
Broadcom TPM Driver Installer
Browser Address Error Redirector
BufferChm
C7200
C7200_doccd
c7200_Help
Carbonite
CCleaner (remove only)
Copy
CutePDF Writer 2.7
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Dell Wireless WLAN Card Utility
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
ExpensAble 7
Fax
FileZilla Client 3.2.1
GDR 3073 for SQL Server Database Services 2005 ENU (KB954606)
Gemalto
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB945436)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954550-v5)
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Smart Web Printing
IDM Flash 4.4.0.459
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Ipswitch WS_FTP Pro
IrfanView (remove only)
iTunes
Java™ 6 Update 11
Java™ 6 Update 7
LimeWire 5.0.11
Malwarebytes' Anti-Malware
McAfee Virus and Spyware Protection Service
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ACT7)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NBC Direct
NetDeviceManager
NTRU TCG Software Stack
Pando Media Booster
PanoStandAlone
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PowerDVD
Preboot Manager
Private Information Manager
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
QuickTime
Scan
SearchAssist
Secure Update
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Wizards
SonicWALL Anti-Spam Desktop
SonicWALL Global VPN Client
Status
TaxCut New Jersey 2008
TaxCut Premium + State + Efile 2008
Toolbox
TrayApp
Trusted Drive Manager
tsp patch
UnloadSupport
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
UPEK TouchChip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software
WebCamera Plus 2.0
WebFldrs XP
WebReg
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (06/12/2008 8.1.0.51)
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
XA Maintenance Suit
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

2/28/2009 7:30:14 AM, error: VolSnap [10] - The shadow copy of volume C: took too long to install.
2/27/2009 1:03:55 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
2/27/2009 8:59:23 AM, error: Print [6161] - The document https://www.wireless.att.com/pmt/jsp/mypaym...iewbill/viewFul owned by Patrick Lawrence failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 204888. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PATRICK. Win32 error code returned by the print processor: 6 (0x6).
2/26/2009 4:30:25 PM, error: Service Control Manager [7034] - The Dell ControlPoint Button Service service terminated unexpectedly. It has done this 1 time(s).
2/26/2009 4:30:25 PM, error: Service Control Manager [7034] - The Dell ControlPoint System Manager service terminated unexpectedly. It has done this 1 time(s).
3/1/2009 10:36:23 AM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
3/3/2009 5:23:25 PM, error: Dhcp [1002] - The IP address lease 192.168.1.34 for the Network Card with network address 001FE2905397 has been denied by the DHCP server 10.11.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2009 8:48:30 AM, error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).
3/4/2009 12:03:19 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{3F191DF1-649A-44B0-BF30-684637F113E5} because another computer on the network has the same name. The server could not start.
3/4/2009 5:23:51 PM, error: Dhcp [1002] - The IP address lease 172.16.31.233 for the Network Card with network address 001FE2905397 has been denied by the DHCP server 10.11.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2009 10:27:32 AM, error: Print [6161] - The document Microsoft Word - Shaft Hog Repair Flow Chart.doc owned by Patrick Lawrence failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 189924. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\PATRICK. Win32 error code returned by the print processor: 6 (0x6).
3/5/2009 12:21:06 PM, error: Service Control Manager [7034] - The Webcamera Plus Service service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 12:22:29 PM, error: Service Control Manager [7034] - The McShield service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 11:49:31 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file wextract.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
3/5/2009 12:02:12 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wextract.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 13 March 2009 - 06:56 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

MalwareBytes usually handles Vundo variants well. Let's check for anything left.

Download and Run DDS
If you already have a copy of DDS, there is no need to download a new one.

DDS is a tool that gives us a general overview of the condition of your machine.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please post back with:
-the DDS logs
-the F-Secure scan log

Please give me an update on the symptoms. Also tell me of any changes you have made to this computer.

With Regards,
The Panda

#3 lawrencep

lawrencep
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 14 March 2009 - 03:22 PM

Thanks for the help, Panda. Running F-Secure now. Will post all logs when done.

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 14 March 2009 - 05:06 PM

Okay.

The Panda

#5 lawrencep

lawrencep
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 15 March 2009 - 08:21 PM

MalwareBytes is returning no problems in the quick scan and full scan modes. Symptoms seem to have subsided--all I've done is keep running MBAM. Below are the scan log files.


DDS

DDS (Ver_09-02-01.01) - NTFSx86
Run by Patrick Lawrence at 16:08:28.04 on Sat 03/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2143 [GMT -4:00]

AV: Total Protection for Small Business *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r205445\stacsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SONICW~1\SONICW~1\mantispm.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\NBC Direct\DirectPlayerCore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Patrick Lawrence\Desktop\Malware\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Matador] "c:\progra~1\sonicw~1\sonicw~1\mantispm.exe" -quiet
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Pando Media Booster] "c:\program files\pando networks\media booster\PMB.exe"
uRun: [DirectPlayerCore] "c:\program files\nbc direct\DirectPlayerCore.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\agent\Splash.exe"
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Update.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233061058062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.7.0.566.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-28 201320]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-27 1664248]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2008-7-1 110592]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-9-4 406808]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-11-11 451872]
R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2009-1-28 14144]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-8-5 29184016]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2009-1-28 169280]
R2 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2009-1-28 78640]
R2 SWAGENT;SonicWALL Agent Service;c:\program files\mcafee\managed virusscan\agent\swAgent.exe [2009-1-28 69632]
R2 Webcamera Plus Service;Webcamera Plus Service;c:\program files\ateksoft\webcamera plus\WebCamPlusSrv.exe [2009-2-5 46592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-1-17 112128]
R3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2009-2-5 11776]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-17 110080]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2009-1-28 23180]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2008-7-31 81920]
S3 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2009-1-28 144704]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2009-1-28 79304]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2009-1-28 35240]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2009-1-28 33832]

=============== Created Last 30 ================

2009-03-05 20:00 <DIR> --d----- C:\ComboFix
2009-03-05 17:19 <DIR> --d----- c:\program files\Trend Micro
2009-03-05 16:52 <DIR> a-dshr-- C:\cmdcons
2009-03-05 16:08 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-03-05 16:07 <DIR> --d----- c:\windows\ERUNT
2009-03-05 14:46 <DIR> --d----- C:\SDFix
2009-03-05 13:26 161,792 a------- c:\windows\SWREG.exe
2009-03-05 13:26 98,816 a------- c:\windows\sed.exe
2009-03-05 10:25 143,360 a------- c:\windows\system32\bcmwlapi.dll
2009-03-02 21:37 <DIR> --d----- c:\docume~1\patric~1\applic~1\GARMIN
2009-02-25 12:30 28 a------- c:\windows\pdf995.ini
2009-02-25 12:29 249,856 a------- c:\windows\system32\pdfmona.dll
2009-02-25 12:29 51,716 a------- c:\windows\system32\pdf995mon.dll
2009-02-25 12:29 142 a------- c:\windows\wpd99.drv
2009-02-25 12:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\pdf995
2009-02-25 00:24 5,632 a------- c:\windows\system32\ptpusb.dll
2009-02-25 00:24 159,232 a------- c:\windows\system32\ptpusd.dll
2009-02-21 21:25 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-20 13:38 <DIR> --d----- c:\docume~1\patric~1\applic~1\LimeWire
2009-02-20 12:22 <DIR> --d----- c:\docume~1\patric~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-20 12:10 <DIR> --d----- c:\program files\Carbonite
2009-02-20 12:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Carbonite
2009-02-19 17:07 <DIR> --d----- c:\program files\Deskperience
2009-02-19 17:07 <DIR> --d----- c:\docume~1\patric~1\applic~1\Deskperience
2009-02-18 11:38 267,864 a----r-- C:\hpzids01.dll
2009-02-18 11:37 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-02-18 11:37 6,784 a------- c:\windows\system32\drivers\serscan.sys
2009-02-16 12:45 <DIR> --d----- c:\program files\IrfanView
2009-02-15 12:43 <DIR> --d----- c:\docume~1\patric~1\applic~1\TaxCut
2009-02-15 12:13 <DIR> --d----- c:\program files\PDF995
2009-02-15 12:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TaxCut
2009-02-15 12:10 <DIR> --d----- c:\program files\TaxCut08
2009-02-15 12:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Amazon
2009-02-13 10:56 <DIR> --d----- c:\docume~1\patric~1\applic~1\NBC Direct
2009-02-13 10:55 <DIR> --d----- c:\docume~1\patric~1\applic~1\IDM
2009-02-13 10:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2009-02-13 10:55 <DIR> --d----- c:\program files\Pando Networks
2009-02-13 10:55 <DIR> a-d----- c:\program files\NBC Direct
2009-02-13 10:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NBC Direct

==================== Find3M ====================

2009-03-13 23:23 2,098 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-03-05 10:25 2,670,592 a------- c:\windows\system32\WLBCGCBPRO731.DLL
2009-03-05 10:25 2,220,032 a------- c:\windows\system32\WLTRAY.EXE
2009-03-05 10:25 65,536 a------- c:\windows\system32\wltrynt.dll
2009-03-05 10:25 24,064 a------- c:\windows\system32\WLTRYSVC.EXE
2009-03-05 10:25 1,961,984 a------- c:\windows\system32\BCMWLTRY.EXE
2009-03-05 10:25 1,287,552 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-03-05 10:25 286,720 a------- c:\windows\system32\bcmwlu00.exe
2009-03-05 10:25 69,632 a------- c:\windows\system32\bcmwlpkt.dll
2009-03-05 10:25 33,664 a------- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-03-05 10:25 815,104 a------- c:\windows\system32\BCMLogon.dll
2009-03-05 10:25 753,664 a------- c:\windows\system32\bcm1xsup.dll
2009-02-18 11:40 147,624 a------- c:\windows\hpoins21.dat
2009-02-11 11:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 11:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-28 13:48 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-28 13:08 726,008 a------- c:\documents and settings\patrick lawrence\gotomypc_437.exe
2009-01-28 12:44 88 ---shr-- c:\docume~1\alluse~1\applic~1\F945FC7431.sys
2009-01-17 14:27 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-01-17 14:27 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-17 10:23 3,635 a------- c:\windows\system32\drivers\1028_Dell_LAT_FS5.mrk
2009-01-17 08:31 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 16:08:41.12 ===============


F-Secure Log
Scanning Report
Sunday, March 15, 2009 18:22:17 - 19:11:57
Computer name: PATRICK
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 15 malware found
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Adbrite (spyware)
System
TrackingCookie.Adrevolver (spyware)
System
TrackingCookie.Advertising (spyware)
System
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Atwola (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
TrackingCookie.Mediaplex (spyware)
System
TrackingCookie.Questionmarket (spyware)
System
TrackingCookie.Revsci (spyware)
System
TrackingCookie.Specificclick (spyware)
System
TrackingCookie.Statcounter (spyware)
System
TrackingCookie.Webtrends (spyware)
System
TrackingCookie.Xiti (spyware)
System
TrackingCookie.Yieldmanager (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 32681
System: 3463
Not scanned: 7
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 15
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 3.0.0
F-Secure Hydra: 3.6.8511, 2009-03-15
F-Secure AVP: 7.0.171, 2009-03-15
F-Secure Pegasus: 1.20.0, 1969-11-31
F-Secure Blacklight: 0.0.0
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Attached Files



#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 16 March 2009 - 08:28 AM

Hello.

Looks like MalwareBytes took care of it.

DDS logs are clean too.

Install From Windows Updates
Whenever a security problem in its software is found, Microsoft will create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malware being installed on your computer.

Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please reboot and repeat this process until there are no more updates to install.

With Regards,
The Panda

#7 lawrencep

lawrencep
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 16 March 2009 - 12:54 PM

Case closed--Thanks, Panda.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 17 March 2009 - 08:45 AM

If you say so.

The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users