Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo and possibly something else


  • This topic is locked This topic is locked
5 replies to this topic

#1 BrG

BrG

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 28 April 2009 - 04:50 AM

Hi,

Computer was infected by opening mail attachment. It is Windows XP Professional, sp2. At that point, Symantec Endpoint was installed, but license expired and it was not updated for some time. Part of the infection/manifestations was removed by Symantec (tray balloon saying that computer was infected). After restart, regular Vundo symtoms - black background with flashing script. Kaspersky 6.0 was deployed, fixing some of the issues, but chkdisk.dll and similar remained. Kaspersky is partly disabled/malfunctioning, Internet is inaccesible (network works). Malwarebyte's Anti-Malware fixed a lot, but still there is the registry line with userinit.exe that is present in every Malwarebyte's scan. VundoFix haven't found anything. I am very certain that there is still something left, beside the registry key, Kaspersky is still malfunctioning and Internet not accessible.

Here is the DDS log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 10:07:58.07 on Tue 04/28/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.599 [GMT 2:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated)
AV: Symantec Endpoint Protection *On-access scanning disabled* (Outdated)
FW: Kaspersky Anti-Virus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe "C:\WINDOWS\system32\adsnwz.exe"
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP UT\bin\hppusg.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\WINDOWS\system32\logon.scr
C:\Documents and Settings\administrator.company.000\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hp.com
uInternet Connection Wizard,ShellNext = hxxp://onlinescanxp.com/land/eurl/?code=159
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [PTHOSTTR] c:\program files\hpq\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ToolBoxFX] "c:\program files\hewlett-packard\hp laserjet 1160_1320 series\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [HPUsageTracking] "c:\program files\hewlett-packard\hp laserjet 1160_1320 series\hp ut\bin\hppusg.exe" "c:\program files\hewlett-packard\hp laserjet 1160_1320 series\hp ut\"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\SCIEPlgn.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\docume~1\nicola~1.fid\locals~1\temp\ntdll64.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www4.king.com/ctl/kingcomie.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161791125656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161787070109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_06-win.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxps://www.eqbanking.co.uk/JREBinary/jre-6u2-windows-i586-p.exe
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-7-18 112144]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-11-9 201504]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe [2007-11-19 231952]
R2 klnagent;Kaspersky Network Agent;c:\program files\kaspersky lab\networkagent\klnagent.exe [2008-9-22 94544]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-5-30 24344]
S2 stisvcAppMgmt;Windows Image Acquisition (WIA) stisvcAppMgmt;c:\windows\system32\adsnwz.exe srv --> c:\windows\system32\adsnwz.exe srv [?]
S3 KAV_Inst_Agent$74b97044-51ba-40ed-9da2-71ba487112ed;KAV_Inst_Agent$74b97044-51ba-40ed-9da2-71ba487112ed;"c:\windows\temp\kav remote installations\74b97044-51ba-40ed-9da2-71ba487112ed\avpdtagt.exe" --> c:\windows\temp\kav remote installations\74b97044-51ba-40ed-9da2-71ba487112ed\AVPDTAgt.exe [?]
S3 KAV_Inst_Agent$e34f3bbb-aad6-4d04-bf82-d11ba8e53fcd;KAV_Inst_Agent$e34f3bbb-aad6-4d04-bf82-d11ba8e53fcd;"c:\windows\temp\kav remote installations\e34f3bbb-aad6-4d04-bf82-d11ba8e53fcd\avpdtagt.exe" --> c:\windows\temp\kav remote installations\e34f3bbb-aad6-4d04-bf82-d11ba8e53fcd\AVPDTAgt.exe [?]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2009-04-28 09:58 <DIR> --d----- C:\VundoFix Backups
2009-04-27 11:51 <DIR> --d----- c:\docume~1\admini~1.000\applic~1\Malwarebytes
2009-04-27 11:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-27 11:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 11:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-27 11:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-24 12:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-24 12:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-24 12:01 <DIR> --d----- c:\docume~1\admini~1.000\applic~1\SUPERAntiSpyware.com
2009-04-24 09:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-24 09:49 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-23 17:22 285,268 a------- c:\windows\system32\setup.inx
2009-04-23 17:05 <DIR> --d----- c:\windows\SxsCaPendDel
2009-04-23 16:40 <DIR> --d----- C:\CleanWipe
2009-04-23 16:25 4,112,672 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-23 16:25 58,100 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-23 16:25 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-04-23 16:25 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-04-23 16:23 42,016 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-04-23 16:23 4,892 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-04-23 16:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-04-23 16:22 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-04-23 16:22 <DIR> --d----- c:\program files\Kaspersky Lab
2009-04-23 16:22 <DIR> --d----- c:\program files\common files\Kaspersky Lab
2009-04-23 14:58 <DIR> --d----- c:\docume~1\admini~1.000\applic~1\Symantec
2009-04-23 14:58 <DIR> --d----- c:\documents and settings\administrator.company.000
2009-04-23 10:23 664 a------- c:\windows\system32\d3d9caps.dat
2009-04-22 21:47 351,232 -------- c:\windows\system32\dllcache\winhttp.dll
2009-04-22 21:47 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-22 15:11 104,960 a------- c:\windows\system32\dllcache\userinit.exe
2009-04-22 15:09 324 a--s---- c:\windows\system32\1408584704.dat
2009-04-22 15:09 43,008 ---shr-- c:\windows\system32\adsnwz.exe
2009-04-13 12:09 <DIR> --d----- C:\Transfer
2009-04-08 10:07 <DIR> --d----- c:\program files\Windows Desktop Search
2009-04-08 10:07 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-04-08 10:02 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll
2009-04-08 10:02 192,000 -------- c:\windows\system32\dllcache\offfilt.dll
2009-04-08 10:02 98,304 -------- c:\windows\system32\dllcache\nlhtml.dll

==================== Find3M ====================

2009-04-23 18:42 112,144 a------- c:\windows\system32\drivers\kl1.sys
2009-04-22 15:10 104,960 a------- c:\windows\system32\userinit.exe
2009-03-21 16:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 16:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 16:00 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-03 02:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 02:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 06:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 12:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 12:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 07:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 18:31 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 12:20 1,847,424 a------- c:\windows\system32\win32k.sys
2009-02-09 12:20 1,847,424 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 12:01 728,576 a------- c:\windows\system32\lsasrv.dll
2009-02-09 12:01 617,984 a------- c:\windows\system32\advapi32.dll
2009-02-09 12:01 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:01 728,576 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 12:01 617,984 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 12:01 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 12:01 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 12:01 715,264 a------- c:\windows\system32\ntdll.dll
2009-02-09 12:01 715,264 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-06 12:32 2,186,112 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 12:29 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 12:29 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 12:22 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:22 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-02-06 11:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 11:54 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-02-06 11:49 2,020,864 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:49 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 11:49 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:41 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 22:08 55,808 a------- c:\windows\system32\secur32.dll
2009-02-03 22:08 55,808 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 10:08:36.76 ===============

Hope I am missing something.

Thank you and best regards,
BG

Attached Files


Edited by BrG, 28 April 2009 - 11:31 AM.


BC AdBot (Login to Remove)

 


#2 BrG

BrG
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 28 April 2009 - 09:43 AM

Just an update:
with newest virus definitions, Kaspersky found one virus in user's Temp folder:

Trojan-Dropper.Win32.Wlord.qx

After it was deleted and computer restarted, Kaspersky found nothing else. Problems with Kaspersky and Internet still exist.

Best regards,
BrG

#3 BrG

BrG
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 29 April 2009 - 08:10 AM

One more update.

Since I had to do something, I decided to try ComboFix. I was reluctant to use it - as I understand it can delete system files if infected and cause system to crash, but it was either that or complete reinstall.

ComboFix fixed a couple of issues, so now computer looks much better. Kaspersky is working again, Internet conectivity is back. Malwarebytes' Anti Malware now found 2 issues - same registry key as before (with userinit.exe) and one dll file. Unfortunatelly, even after reboot, it was unable to remove it. Now running Kaspersky again - already found 3 issues. I will see how that will end up.

Anyway, I am not posting any new logs, as situation is still changing, but will keep posting updates here.

Best regards,
BrG

#4 BrG

BrG
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 30 April 2009 - 11:01 AM

Yet another update.

Kaspersky found 3 problems (two of them were Malwarebytes and ComboFix) and fixed the only real one.

Again, Malwarebytes was unable to deal with the two issues left, so I have updated ComboFix and ran it again. It again fixed a couple of issues. After that, Malwarebytes was able to remove the two remaining problems. Now, I was in the situation that both Kaspersky and Malwarebytes couldn't find anything. So I tried Spybot S&D - it found one registry key and I removed it (bellonged to malware).

Since after that, I had no virus reports and everything worked as normal, I called it a day. Nevertheless, I would still apreciate if an expert could review the logs (please let me know which one, and I will post them).

Best regards,
BrG

#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:08 AM

Posted 10 May 2009 - 04:01 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#6 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:08 AM

Posted 16 May 2009 - 01:02 PM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users