Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj.Vundo.Var


  • This topic is locked This topic is locked
20 replies to this topic

#1 hratti

hratti

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 24 April 2009 - 03:51 PM

I'm not sure what's going on with the computer. I do know that it connects to our DSL modem but does not send or receive any packets. Our DSL is fine, my personal laptop is working just fine on it. AT&T advised me to try to run System Restore and that is when things started to get interesting. I could get into the program and select a date to restore to but was unable to actually finish the restore, the computer was not responding to clicking the "next" button. Since then, I have gotten the message that it is infected with Troj.Vundo.Var but VundoFix does not find it. I have gone into the registry and removed the keys that seem to be cause problems but upon restarting, they reappear. In addition to running VundoFix I attempted to run a couple of other programs just to make sure there wasn't something it was missing but, I could not get Malwarbytes' Anti-Malware to install or VirtumundoBeGone to run.

Any suggestions would be greatly appreciated.

DDS (Ver_09-03-16.01) - NTFSx86
Run by TAG at 16:36:29.32 on 04/24/09
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.590 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRAM FILES\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe
C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
G:\ComboFix.exe
G:\ComboFix.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\TAG\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://eagent.farmersinsurance.com/sitemin...urance%2ecom%2f
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080118
uSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080118
uURLSearchHooks: Yahoo! uC: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {971eca67-6e71-406d-ba4c-11634a37f65e} - c:\windows\system32\vovuhinu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! uC: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [MFP1815_S2P] c:\program files\dell\dell laser mfp 1815\psu\Scan2Pc.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\dell\dell laser mfp 1815\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\dell\dell laser mfp 1815\paperport\IndexSearch.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [CPMa30c2d39] Rundll32.exe "c:\windows\system32\darunuwe.dll",a
mRun: [mapayatuze] Rundll32.exe "c:\windows\system32\fapawozi.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: farmersinsurance.com\eagent
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/commonActiveX/smsx.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgXTwain61.cab
DPF: {3D03AEAF-38CC-4DB5-9FA1-1C3538B1CA85} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/viewers/crystalreportviewers11/ActiveXControls/PrintControl.cab
DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgXDialog61.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgX61.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\darunuwe.dll,c:\windows\system32\nusoyeta.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\darunuwe.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\darunuwe.dll
LSA: Notification Packages = scecli c:\windows\system32\nusoyeta.dll

============= SERVICES / DRIVERS ===============

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-1-26 6016]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 RTL8187B;TRENDnet TEW-424UB Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-1-26 189312]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2002-10-2 13532]

=============== Created Last 30 ================

2009-04-24 14:46 <DIR> --d----- C:\VundoFix Backups
2009-04-24 13:13 <DIR> --d----- c:\program files\SpyNoMore
2009-04-24 07:21 1,408,029 ---sh--- c:\windows\system32\enopinar.ini
2009-04-23 19:21 1,407,996 ---sh--- c:\windows\system32\ikahoseb.ini
2009-04-17 09:33 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 09:33 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-17 09:33 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-03-27 09:11 <DIR> --d----- c:\windows\system32\scripting
2009-03-27 09:11 <DIR> --d----- c:\windows\system32\en
2009-03-27 09:11 <DIR> --d----- c:\windows\l2schemas
2009-03-27 09:11 <DIR> --d----- c:\windows\system32\bits
2009-03-27 09:09 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-27 09:08 <DIR> --d----- c:\windows\network diagnostic
2009-03-27 09:05 <DIR> --d----- c:\windows\EHome
2009-03-26 13:20 <DIR> --d----- c:\program files\InterlinkElectronics

==================== Find3M ====================

2009-04-24 07:21 88,576 a--sh--- c:\windows\system32\tavimega.dll
2009-04-24 07:21 80,896 a--sh--- c:\windows\system32\ranipone.dll
2009-04-24 07:21 51,712 a--sh--- c:\windows\system32\roloropo.exe
2009-04-23 19:21 87,040 a--sh--- c:\windows\system32\darunuwe.dll
2009-04-23 19:21 51,200 a--sh--- c:\windows\system32\woyohipo.exe
2009-03-27 09:13 77,859 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-12 09:15 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 08:10 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 08:10 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 08:10 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 08:10 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 08:10 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:11 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:39 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 06:10 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 16:37:49.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:08 AM

Posted 24 April 2009 - 07:34 PM

Hi hratti,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:08 AM

Posted 25 April 2009 - 03:56 AM

Hi hratti,

You have Vundo which can take some shifting but first...

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
You have downloaded Combofix before. Please remove the version using the instructions below.

Delete ComboFix and Clean Up
Click Start > Run and type combofix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.

Next download a fresh copy as below.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 hratti

hratti
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 25 April 2009 - 10:50 AM

I ran into a slight problem. I can't get an internet connection to download things on the computer. Can these programs be downloaded to a flash drive then transferred to the infected computer or will that complicate things?

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:08 AM

Posted 25 April 2009 - 11:45 AM

Hi hratti,

Yes, you can download Combofix onto a removable device and then plug it into your PC. Please be sure to rename the downloaded file to combo-fix beforehand.

Let me know if you encounter any more problems.
Posted Image
m0le is a proud member of UNITE

#6 hratti

hratti
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 27 April 2009 - 08:59 AM

I am posting the log below. I have not been able to install the antivirus yet. It would like an internet connection and I still do not have one of those.

ComboFix 09-04-25.A3 - TAG 04/27/09 9:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.733 [GMT -4:00]
Running from: c:\documents and settings\TAG\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\darunuwe.dll
c:\windows\system32\drivers\UACuxnboemwsrnkcfj.sys
c:\windows\system32\enopinar.ini
c:\windows\system32\fapawozi.dll
c:\windows\system32\ikahoseb.ini
c:\windows\system32\nusoyeta.dll
c:\windows\system32\ranipone.dll
c:\windows\system32\tavimega.dll
c:\windows\system32\UACamecbxmqevptyfq.dll
c:\windows\system32\UACfmxvalpkpkosvdy.dll
c:\windows\system32\UACfyllrkennifteqk.dll
c:\windows\system32\UACgvbhpmexshwqomq.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnsrtubrkmsjbmpd.dll
c:\windows\system32\UACrmewwehwfkjbarg.dat
c:\windows\system32\UACwephwjedtkwriyu.log
c:\windows\system32\UACxkwakeflahflych.log
c:\windows\system32\UACytkqhwkppxovymw.dll
c:\windows\system32\vovuhinu.dll
c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-24 18:46 . 2009-04-24 18:46 -------- d-----w C:\VundoFix Backups
2009-04-24 17:13 . 2009-04-24 17:18 -------- d-----w c:\program files\SpyNoMore
2009-04-23 23:47 . 2009-04-23 23:47 -------- d-----w c:\program files\Alwil Software
2009-04-17 13:34 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 13:34 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 13:34 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 13:34 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 13:34 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 13:34 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 13:34 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 13:34 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 13:34 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 13:34 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 13:33 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 13:33 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 13:33 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 20:01 . 2009-04-24 18:46 271 ----a-w C:\VundoFix.txt
2009-04-24 11:21 . 2009-01-24 11:21 51712 --sha-w c:\windows\system32\roloropo.exe
2009-04-23 23:21 . 2009-01-23 23:21 51200 --sha-w c:\windows\system32\woyohipo.exe
2009-04-21 18:18 . 2008-03-12 20:02 18657 ----a-w C:\YServer.txt
2009-04-20 13:11 . 2008-12-15 22:19 -------- d-----w c:\program files\ATX2008
2009-04-15 18:12 . 2008-01-26 16:34 -------- d-----w c:\program files\ATX2007
2009-04-03 19:48 . 2008-01-26 14:45 58504 ----a-w c:\documents and settings\TAG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 02:32 . 2008-07-02 12:27 -------- d-----w c:\documents and settings\TAG\Application Data\U3
2009-03-31 13:03 . 2008-01-18 17:01 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 13:20 . 2008-01-18 17:06 -------- d-----w c:\program files\Google
2009-03-27 13:13 . 2004-08-10 19:03 77859 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-27 13:07 . 2004-08-10 18:51 250048 --sha-r C:\ntldr
2009-03-26 17:20 . 2009-03-26 17:20 -------- d-----w c:\program files\InterlinkElectronics
2009-03-26 16:41 . 2009-03-24 19:34 -------- d-----w c:\documents and settings\TAG\Application Data\LimeWire
2009-03-26 16:37 . 2008-01-18 17:06 -------- d-----w c:\program files\Dell
2009-03-24 19:34 . 2009-03-24 19:34 -------- d-----w c:\program files\LimeWire
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-20 19:35 . 2009-02-05 19:59 -------- d-----w c:\documents and settings\TAG\Application Data\Move Networks
2009-03-17 13:07 . 2009-03-17 13:07 -------- d-----w c:\program files\Common Files\Business Objects
2009-03-12 19:42 . 2009-03-12 19:42 -------- d-----w c:\program files\GPLGS
2009-03-12 19:42 . 2009-03-12 19:42 -------- d-----w c:\program files\Acro Software
2009-03-12 13:15 . 2009-03-12 13:15 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-12 13:14 . 2008-01-18 16:59 -------- d-----w c:\program files\Java
2009-03-06 14:22 . 2004-08-10 18:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2008-01-18 16:56 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-10 18:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2007-08-13 23:43 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-25 17:17 . 2009-02-25 17:17 125 ----a-w C:\WebDll08.log
2009-02-20 10:20 . 2007-10-10 10:59 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2007-08-13 23:39 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2007-08-13 22:56 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-12 01:20 . 2009-02-12 01:20 126 ----a-w c:\documents and settings\TAG\Local Settings\Application Data\fusioncache.dat
2009-02-09 12:10 . 2004-08-10 18:51 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 18:51 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-10 18:51 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 18:50 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-15 19:10 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 18:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-10-15 19:10 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-10 18:51 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-15 19:10 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 19:10 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2004-08-10 18:51 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-10 18:51 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-10-15 19:10 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2004-08-04 04:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 18:51 56832 ----a-w c:\windows\system32\secur32.dll
2008-01-18 17:09 . 2009-04-24 17:24 27776 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"MFP1815_S2P"="c:\program files\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe" [2006-12-22 258952]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exe" [2007-05-08 30248]
"IndexSearch"="c:\program files\DELL\Dell Laser MFP 1815\PaperPort\IndexSearch.exe" [2007-05-08 46632]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2009-03-24 1067984]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-06-14 16132608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-22 972064]
Wireless Configuration Utility HW.14.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2006-12-22 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\Dell Laser MFP 1815\\NetworkScan\\DNSCST.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\CFSLib\\Tt2008\\Tt2008.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\CFSLib\\Tt2009\\Tt2009.exe"=

R2 SSPORT;SSPORT; [x]
R3 RTL8187B;TRENDnet TEW-424UB Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2006-12-26 189312]
R3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [2002-10-02 13532]
S2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2004-06-26 6016]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1df5de62-97bc-11dd-8482-001d09847e4f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f1f3219-d3f4-11dc-840a-0014d1397762}]
\Shell\AutoRun\command - F:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cddfe958-234f-11dd-8423-0014d1397762}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb953a91-4457-11dd-8434-0014d1397762}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

BHO-{971eca67-6e71-406d-ba4c-11634a37f65e} - c:\windows\system32\vovuhinu.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\darunuwe.dll


.
------- Supplementary Scan -------
.
uStart Page = https://eagent.farmersinsurance.com/sitemin...urance%2ecom%2f
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080118
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: farmersinsurance.com\eagent
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 09:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Micro Focus]
@Denied: (C D) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2892)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-04-27 9:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-27 13:37

Pre-Run: 59,300,655,104 bytes free
Post-Run: 59,636,224,000 bytes free

212 --- E O F --- 2009-04-17 21:16

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:08 AM

Posted 27 April 2009 - 05:52 PM

Hi hratti,

Thanks for the log.

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case Limewire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

On with the fix....

Let's try and repair your internet connection.

Download and run WinSockFix. This is a two step process that will Back up the Registry and Reset the Winsock Stack.
  • Double click on WinsockXPFix.exe to open.
  • On the Winsock and TCP Repair Utility screen, click "ReG-Backup"
  • On the ERDNT Welcome screen, click "OK".
  • On the Backup to: screen, click "OK".
  • On the Folder does not exist question screen click "Yes".
  • You will see a status screen as your registry is being backed up.
  • On the Registry backup is complete! screen, click "OK" and you will go back to the main window.
  • On the Winsock and TCP Repair Utility screen, click "Fix".
  • On the Apply the VB_Winsock fix? screen click "Yes".
  • The screen will display a status message "repair completed please reboot."
  • On the Repair Completed screen click "OK" to reboot your computer.
  • If your computer was not using DHCP, you will need to reconfigure TCP/IP.
  • You should have connectivity restored.
If that has worked you should now be able to download the next program.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall prior to our fix.. Please visit HERE if you don't know how.. Please re-enable them after performing all steps given..

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click (or if your PC is running Vista, right-click and select Run As Adminstrator) the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    c:\windows\system32\roloropo.exe
    c:\windows\system32\woyohipo.exe
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 hratti

hratti
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 28 April 2009 - 09:47 AM

Of course, things can't go smoothly. I'm sure I'm missing something, but when I download WinSockFix to my flash drive and copy it to the computer, I get an error message that it is not a Win32 program. What am I doing wrong?

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:08 AM

Posted 28 April 2009 - 12:58 PM

Hi hratti,

Try this:

In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver.

If that still doesn't work then can you tell me what happens when you try and open a browser? What error message?
Posted Image
m0le is a proud member of UNITE

#10 hratti

hratti
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 28 April 2009 - 03:37 PM

That didn't work, the message I am getting is "Internet Explorer cannot display the webpage".

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:08 AM

Posted 29 April 2009 - 03:24 AM

Hi hratti,

Please read this article as it may help you to reconnect to the internet.

If you can download OTMI in the meantime we can complete the cleaning of your computer. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#12 hratti

hratti
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 29 April 2009 - 09:49 AM

Error: Unable to interpret <c:\windows\system32\roloropo.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\woyohipo.exe> in the current context!

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04292009_103846


Boy, do I feel like I am beating a dead horse. So, internet explorer is not the problem, there is just no internet connection. I have tried different ports on the router as well as different cords. Do you think it could be the network card?

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:08 AM

Posted 29 April 2009 - 10:42 AM

Hi hratti,

That's my fault, sorry. Try this OTMoveIt code. :thumbup2:

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall prior to our fix.. Please visit HERE if you don't know how.. Please re-enable them after performing all steps given..
  • Double click (or if your PC is running Vista, right-click and select Run As Adminstrator) the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    c:\windows\system32\roloropo.exe
    c:\windows\system32\woyohipo.exe
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Thanks :)
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:08 AM

Posted 29 April 2009 - 01:21 PM

hratti,

First off, don't miss the instructions above for the re-run of OTMoveIt.

However, we're still trying to solve your connection issue so can you do this.

Go to Start then run then paste in this

devmgmt.msc


and hit enter.

Then navigate to the Network card listing and hit the plus sign beside it.

Then check if there are any yellow mark's over any of the network cards listed and let us know if there is and their name(s).
Posted Image
m0le is a proud member of UNITE

#15 hratti

hratti
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 29 April 2009 - 01:25 PM

I don't have a "network card" but I do have a "network adapter" Listed under it is Intel® 82562v-2 10/100 Network Connection. The icon before the name has a red x over it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users