Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Infection Per Garmanma 091004


  • This topic is locked This topic is locked
9 replies to this topic

#1 wleeori

wleeori

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 05 October 2009 - 12:12 AM

I have been on the AII forum, and helped by Garmanma. He thinks I have some sort of rootkit infection, and told me to post some info here. I couldn't get the win32kdiag to run, but did get Peekbat to run and he said to post the information here, which follows plus the DDS files, and RootRepeal logs. I hope I'm giving the right information, in the right order. I could not upload the RAR Attach file. Thanks in Advance for your help.

PEEKBAT FILE

Volume in drive C has no label.
Volume Serial Number is DC16-4A23

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/12/2004 08:27 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/12/2004 08:24 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$


MALWAREBYTES FILE


Malwarebytes' Anti-Malware 1.41
Database version: 2903
Windows 5.1.2600 Service Pack 3

10/4/2009 12:18:57 PM
mbam-log-2009-10-04 (12-18-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 177287
Time elapsed: 53 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



08/12/2004 08:19 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 07:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 07:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 07:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,932,288 bytes
0 Dir(s) 43,668,131,840 bytes free


DDS FILE


DDS (Ver_09-09-29.01) - NTFSx86
Run by Admin at 22:18:08.44 on Sun 10/04/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1463 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdwserv.exe
C:\WINDOWS\system32\lxdwcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking9\program\ereg.exe" -r "c:\program files\nuance\naturallyspeaking9\program\ereg.ini"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\7nd9dLWWUS.dll
Trusted Zone: earthlink.net\webmail
Trusted Zone: live.com\onecare
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5642/mcfscan.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: zitibemov - {6e5ced84-4872-4454-8a2a-efb1912c65cc} - No File
SSODL: nahogurim - {e32b8a0f-4908-410c-be90-020388054b44} - No File
SSODL: yesetozev - {b1fe6055-59f8-4aee-a578-c5e864349030} - No File
SSODL: mokuhados - {ee82753c-3262-47bf-b167-a876f1a65b60} - c:\windows\system32\lewadiye.dll
STS: {e32b8a0f-4908-410c-be90-020388054b44} - No File
STS: {b1fe6055-59f8-4aee-a578-c5e864349030} - No File
STS: jugezatag: {ee82753c-3262-47bf-b167-a876f1a65b60} - c:\windows\system32\lewadiye.dll
LSA: Notification Packages = scecli sarotehi.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-6-11 214024]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [2009-5-6 98984]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-11 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-11 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-11 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-11 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-11 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-11 40552]
S2 ouqaarudoionqu;ouqaarudoionqu;\??\c:\windows\system32\drivers\eurjukpoxbqjgvv.sys --> c:\windows\system32\drivers\eurjukpoxbqjgvv.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-11 34248]
S3 SNDO763;Dual Mode Camera (800A VGA);c:\windows\system32\drivers\sndo763.sys [2008-5-29 220160]

=============== Created Last 30 ================

2009-10-03 04:55 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 04:55 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-29 17:01 2,713 ---sh--- c:\windows\system32\viyutoni.exe
2009-09-28 21:39 0 a------- c:\windows\system32\41.exe
2009-09-28 02:58 2,713 ---sh--- c:\windows\system32\mafuluwu.exe
2009-09-27 08:56 2,713 ---sh--- c:\windows\system32\wubiduti.exe
2009-09-26 05:35 0 a------- c:\windows\system32\12444.exe
2009-09-26 04:39 <DIR> --d----- c:\program files\ESET
2009-09-26 04:35 0 a------- c:\windows\system32\18467.exe
2009-09-26 03:59 744 a------- c:\windows\system32\wininit.dll
2009-09-26 03:35 129,024 a------- c:\windows\system32\7nd9dLWWUS.dll
2009-09-25 14:13 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-25 14:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-24 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\gehufidu
2009-09-24 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ganizoni
2009-09-24 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fefiweta
2009-09-24 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\zeginizo
2009-09-24 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\juzutase
2009-09-24 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\juborafe
2009-09-24 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\duzemibe
2009-09-24 01:54 <DIR> --d----- c:\docume~1\admin\applic~1\Malwarebytes
2009-09-24 01:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-24 01:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 02:14 <DIR> --d----- c:\docume~1\admin\applic~1\AVG8
2009-09-22 04:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\nisamuza
2009-09-22 04:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\setewobu
2009-09-22 04:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\lurapaso
2009-09-22 04:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fesorega
2009-09-10 02:15 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-07 01:55 <DIR> --d----- c:\docume~1\admin\applic~1\W Photo Studio
2009-09-06 05:26 <DIR> --d----- c:\program files\common files\HP
2009-09-06 05:25 <DIR> --d----- c:\program files\Walgreens
2009-09-06 05:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Walgreens
2009-09-06 05:25 <DIR> --d----- c:\docume~1\admin\applic~1\Walgreens

==================== Find3M ====================

2009-09-23 02:37 61,224 ac------ c:\documents and settings\admin\GoToAssistDownloadHelper.exe
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-05-18 12:59 1,595 ac------ c:\docume~1\admin\applic~1\SAS7_000.DAT
2009-06-11 01:18 245,760 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-24 03:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082420080825\index.dat

============= FINISH: 22:19:13.23 ===============




I couldnt upload the zipped ATTACH file (actually RAR) said not permitted to upload this type of file
so I will copy as with the others.

ATTACH FILE


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2008 10:46:19 PM
System Uptime: 10/3/2009 4:37:07 AM (42 hours ago)

Motherboard: Dell Inc. | | 0G7183
Processor: Intel® Pentium® M processor 1.60GHz | Microprocessor | 1594/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 40.637 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01A21028&REV_02\4&39A85202&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01A21028&REV_02\4&39A85202&0&00F0
Service: bcm4sbxp

==== System Restore Points ===================

RP268: 9/25/2009 5:34:41 PM - System Checkpoint
RP269: 9/26/2009 6:31:34 PM - System Checkpoint
RP270: 9/27/2009 2:12:06 AM - Removed CarveWright System.
RP271: 9/28/2009 3:18:13 AM - System Checkpoint
RP272: 9/29/2009 3:47:28 AM - System Checkpoint
RP273: 9/30/2009 7:05:00 PM - System Checkpoint
RP274: 9/30/2009 7:28:28 PM - Restore Operation
RP275: 9/30/2009 7:35:16 PM - Restore Operation
RP276: 9/30/2009 7:42:33 PM - Restore Operation
RP277: 9/30/2009 7:56:30 PM - WED Night after Crash
RP278: 10/2/2009 1:17:44 AM - System Checkpoint
RP279: 10/3/2009 3:41:15 AM - System Checkpoint
RP280: 10/4/2009 3:54:22 AM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acoustica Effects Pack
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 6.0.1
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
BitTorrent
Broadcom 440x 10/100 Integrated Controller
C-Major Audio
Calculator Powertoy for Windows XP
Canon Camera Access Library
Canon Camera Support Core Library
Canon Digital Camera Solution Disk 34 Software Starter Guide
Canon Direct Print User Guide
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot A470 Camera User Guide
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Conexant D110 MDC V.9x Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
DNA
Dragon NaturallySpeaking 9
Dual Mode Camera (800A VGA)
FileZilla Client 3.2.4.1
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
ieSpell
Intel® PROSet/Wireless Software
Java™ 6 Update 15
Java™ 6 Update 5
Java™ 6 Update 7
LARGAN Digital Camera - 32 bit
Lexmark 7600 Series
Lexmark Printable Web
Lexmark Toolbar
LP Recorder
LP Ripper
Malwarebytes' Anti-Malware
McAfee SecurityCenter
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2000
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Multisim 8
mWlsSafe
mWMI
mZConfig
OLYMPUS Master 2
OLYMPUS Studio 2
PL-2303 USB-to-Serial
PowerDVD
Punch! Super Home Suite
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Smartparts Desktop
Sonic Activation Module
Spin It Again
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
W Photo Studio
Wave Corrector DeClick version 1.1
WebFldrs XP
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam (06/28/2007 2.2.0.0)
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

9/30/2009 7:44:31 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8959a8ec, parameter3 f78be968, parameter4 00000000.
9/30/2009 7:44:00 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 895b58ec, parameter3 f78ba968, parameter4 00000000.
9/30/2009 7:43:51 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8958c8ec, parameter3 f78be968, parameter4 00000000.
9/30/2009 6:44:42 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 893a28ec, parameter3 f78c2968, parameter4 00000000.
9/30/2009 3:47:56 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 892ee8ec, parameter3 f78be968, parameter4 00000000.
9/30/2009 3:47:49 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 892518ec, parameter3 f78c2968, parameter4 00000000.
9/30/2009 3:38:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mfehidk
9/30/2009 12:28:29 AM, error: Service Control Manager [7028] - The ouqaarudoionqu Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
9/29/2009 3:24:47 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 892ee9e3, parameter3 f78c6968, parameter4 00000000.
9/29/2009 3:22:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/29/2009 3:18:27 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
9/29/2009 3:17:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
9/29/2009 3:17:34 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/29/2009 3:17:34 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/29/2009 3:17:34 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/29/2009 3:17:34 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/29/2009 3:16:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/29/2009 2:42:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/28/2009 11:51:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
9/27/2009 2:10:54 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/2/2009 6:28:24 PM, error: Print [6161] - The document http://www.google.com/ owned by Admin failed to print on printer Lexmark 7600 Series (Network). Data type: LEMF. Size of the spool file in bytes: 188991. Number of bytes printed: 188991. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ADMIN-55FD76F47. Win32 error code returned by the print processor: 0 (0x0).
10/2/2009 6:26:36 PM, error: Print [6161] - The document http://www.google.com/ owned by Admin failed to print on printer Lexmark 7600 Series (Network). Data type: LEMF. Size of the spool file in bytes: 189311. Number of bytes printed: 189311. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ADMIN-55FD76F47. Win32 error code returned by the print processor: 0 (0x0).
10/1/2009 5:34:20 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8963c8ec, parameter3 f78ba968, parameter4 00000000.
10/1/2009 2:38:51 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8960a8ec, parameter3 f78c2968, parameter4 00000000.
10/1/2009 12:49:15 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 895bb8ec, parameter3 f78c6968, parameter4 00000000.
10/1/2009 12:39:08 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8933c8ec, parameter3 f78c2968, parameter4 00000000.
10/1/2009 12:38:59 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8932e8ec, parameter3 f78c6968, parameter4 00000000.
10/1/2009 11:55:33 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.

==== End Of File ===========================



Thanks in Advance for Your Help Time and Patience
Dave

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:08 PM

Posted 13 October 2009 - 02:05 PM

Hello Dave,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your McAfee SecurityCenter before running ComboFix, as they will prevent it from running.

To Disable McAfee Security Center
Posted Image


Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 wleeori

wleeori
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 14 October 2009 - 07:46 PM

Below is the results of the CF Scan you may note that a few things have changed since my last post.

One question I need to ask you is if I backed up data to a SDHC card, does that data need to be scanned if it is re-installed, if so how do I scan it?



ComboFix 09-10-14.04 - user 10/14/2009 19:24.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1597 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-14 19:46 . 2009-10-14 19:46 -------- d-----w- c:\windows\Sun
2009-10-14 19:46 . 2009-10-14 19:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-14 19:45 . 2009-10-14 19:45 -------- d-----w- c:\program files\Java
2009-10-14 19:41 . 2009-10-14 19:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-14 19:40 . 2009-10-14 19:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-14 19:38 . 2009-10-14 19:38 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Adobe
2009-10-14 19:37 . 2009-10-14 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-14 18:09 . 2009-10-14 18:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-10-14 18:09 . 2009-10-14 18:50 -------- d-----w- c:\windows\LMI55.tmp
2009-10-14 08:29 . 2009-10-14 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lexmark 7600 Series
2009-10-14 07:40 . 2009-10-14 07:40 -------- d-----w- c:\documents and settings\user\Application Data\7600 Series
2009-10-14 07:37 . 2009-10-14 18:53 -------- d-----w- c:\documents and settings\All Users\Lx_cats
2009-10-14 07:37 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-10-14 07:37 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-14 07:37 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-14 07:37 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-14 07:37 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-14 07:36 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-10-14 07:36 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-14 07:34 . 2009-08-19 15:36 40960 ----a-w- c:\windows\system32\lxdwvs.dll
2009-10-14 07:33 . 2009-07-10 19:59 409600 ----a-w- c:\windows\system32\lxdwcoin.dll
2009-10-14 07:33 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-10-14 07:33 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-10-14 07:33 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-14 07:33 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-14 07:33 . 2009-08-19 15:33 81920 ----a-w- c:\windows\system32\lxdwcaps.dll
2009-10-14 07:33 . 2009-08-19 15:33 1036288 ----a-w- c:\windows\system32\lxdwdrs.dll
2009-10-14 07:33 . 2009-08-19 15:20 69632 ----a-w- c:\windows\system32\lxdwcnv4.dll
2009-10-14 07:32 . 2008-09-10 09:37 86016 ----a-w- c:\windows\system32\lxdwoem.dll
2009-10-14 07:32 . 2008-09-10 09:37 32768 ----a-w- c:\windows\system32\LXDWFXPU.DLL
2009-10-14 07:32 . 2008-05-01 00:41 45056 ----a-w- c:\windows\system32\LXDWPMON.DLL
2009-10-14 07:32 . 2008-09-10 09:37 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2009-10-14 07:32 . 2008-09-10 09:37 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2009-10-14 07:32 . 2009-10-14 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\7600 Series
2009-10-14 07:32 . 2009-10-14 07:32 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-10-14 07:30 . 2009-10-14 07:30 -------- d-----w- c:\program files\Lexmark Toolbar
2009-10-14 07:30 . 2008-05-16 15:32 17064 ----a-w- c:\windows\system32\LXDWwupd.exe
2009-10-14 07:30 . 2008-04-15 11:08 352256 ----a-w- c:\windows\system32\LXDWwupd.dll
2009-10-14 07:28 . 2009-08-19 15:47 594600 ----a-w- c:\windows\system32\lxdwcoms.exe
2009-10-14 07:28 . 2009-08-19 15:47 369320 ----a-w- c:\windows\system32\lxdwcfg.exe
2009-10-14 07:28 . 2009-08-19 15:35 761856 ----a-w- c:\windows\system32\lxdwcomc.dll
2009-10-14 07:28 . 2009-08-19 15:35 376832 ----a-w- c:\windows\system32\lxdwcomm.dll
2009-10-14 07:28 . 2009-08-19 15:24 208896 ----a-w- c:\windows\system32\lxdwgrd.dll
2009-10-14 07:28 . 2009-07-14 10:05 36864 ----a-w- c:\windows\system32\lxdwcur.dll
2009-10-14 07:28 . 2009-07-14 10:02 90112 ----a-w- c:\windows\system32\lxdwcub.dll
2009-10-14 07:28 . 2009-07-14 10:00 77824 ----a-w- c:\windows\system32\lxdwcu.dll
2009-10-14 07:28 . 2008-03-05 04:53 983121 ----a-w- c:\windows\system32\lxdwgf.dll
2009-10-14 07:28 . 2008-02-21 11:11 77906 ----a-w- c:\windows\system32\LXDWcfg.dll
2009-10-14 07:25 . 2009-10-14 07:38 -------- d-----w- c:\program files\Lexmark 7600 Series
2009-10-14 05:50 . 2009-07-08 18:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-14 05:50 . 2009-07-08 18:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-14 05:50 . 2009-07-08 18:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-14 05:50 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-14 05:49 . 2009-10-14 05:50 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-14 05:49 . 2009-10-14 05:49 -------- d-----w- c:\program files\McAfee.com
2009-10-14 05:49 . 2009-10-14 08:03 -------- d-----w- c:\program files\McAfee
2009-10-14 05:45 . 2009-07-08 18:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-14 05:40 . 2009-10-14 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-14 03:58 . 2009-10-14 04:05 -------- d-----w- c:\program files\Broadcom
2009-10-14 03:58 . 2009-10-14 04:05 -------- d-----w- c:\windows\Downloaded Installations
2009-10-14 03:43 . 2009-10-14 03:43 -------- d-----w- c:\documents and settings\user\Application Data\Intel
2009-10-14 03:43 . 2009-10-14 03:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2009-10-14 03:43 . 2009-10-14 03:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-10-14 03:43 . 2009-10-14 03:43 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-10-14 03:43 . 2009-10-14 03:46 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-14 03:43 . 2009-10-14 03:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-10-14 03:42 . 2009-10-14 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-10-14 03:42 . 2007-02-12 16:41 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2009-10-14 03:42 . 2007-02-12 16:40 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2009-10-14 03:42 . 2007-02-08 18:51 2209408 ----a-w- c:\windows\system32\drivers\w29n51.sys
2009-10-14 03:42 . 2009-10-14 03:45 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-14 03:42 . 2009-10-14 03:42 -------- d-----w- c:\program files\Intel
2009-10-14 03:33 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-13 08:14 . 2005-12-19 14:08 667648 ----a-w- c:\windows\system32\BCMLogon.dll
2009-10-13 08:04 . 2009-10-13 08:04 -------- d-----w- c:\program files\CONEXANT
2009-10-13 08:03 . 2004-06-17 20:57 200064 ----a-w- c:\windows\system32\drivers\HSFHWICH.sys
2009-10-13 08:03 . 2004-06-17 20:55 685056 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2009-10-13 08:03 . 2004-06-17 20:55 1041536 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2009-10-13 08:03 . 2004-06-16 20:23 33818 ----a-w- c:\windows\system32\HSFCI010.dll
2009-10-13 07:52 . 2008-04-14 00:11 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-10-13 07:52 . 2008-04-14 00:11 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-10-13 07:52 . 2008-04-13 19:19 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2009-10-13 07:52 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-10-13 07:52 . 2008-04-13 18:45 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-10-13 07:52 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-10-13 07:52 . 2009-10-13 07:52 -------- d-----w- c:\program files\SigmaTel
2009-10-13 07:52 . 2005-03-10 21:56 273168 ----a-w- c:\windows\system32\drivers\STAC97.sys
2009-10-13 07:52 . 2004-07-20 15:14 192512 ----a-w- c:\windows\system32\stac97co.dll
2009-10-13 07:40 . 2009-10-13 07:41 -------- d-----w- c:\program files\ATI Technologies
2009-10-13 07:40 . 2009-10-13 07:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-13 07:28 . 2009-10-14 04:02 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Deployment
2009-10-13 06:29 . 2009-10-13 06:29 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-13 06:29 . 2009-10-13 06:29 -------- d-----w- c:\program files\MSBuild
2009-10-13 06:29 . 2009-10-13 06:29 -------- d-----w- c:\program files\Reference Assemblies
2009-10-13 06:28 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-13 06:28 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-13 06:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-13 06:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-13 06:28 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-13 06:28 . 2009-10-13 06:29 -------- d-----w- C:\29d394ac0773988f4d5a
2009-10-13 06:28 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-13 06:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-13 06:25 . 2009-10-13 06:39 -------- d-----w- C:\74c78a728b52559e1348787bec
2009-10-13 06:02 . 2009-10-13 06:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-13 05:57 . 2009-10-13 05:57 -------- d-----w- c:\windows\system32\scripting
2009-10-13 05:57 . 2009-10-13 05:57 -------- d-----w- c:\windows\l2schemas
2009-10-13 05:57 . 2009-10-13 05:57 -------- d-----w- c:\windows\system32\en
2009-10-13 05:57 . 2009-10-13 05:57 -------- d-----w- c:\windows\system32\bits
2009-10-13 05:55 . 2009-10-13 05:55 -------- d-----w- c:\windows\ServicePackFiles
2009-10-13 05:35 . 2005-08-04 04:10 1273344 -c--a-w- c:\windows\system32\dllcache\ati2mtag.sys
2009-10-13 04:54 . 2009-10-13 04:54 -------- d-----w- c:\program files\MSXML 6.0
2009-10-13 04:33 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-13 04:32 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-13 04:32 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-13 04:32 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-13 04:32 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-13 04:32 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-13 04:32 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-13 04:32 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-13 04:32 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-13 04:32 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-13 04:32 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-13 04:32 . 2009-08-05 01:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-13 04:32 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-13 04:31 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 03:58 . 2009-10-13 07:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-13 07:28 . 2009-10-13 01:24 13104 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 01:17 . 2009-10-13 01:17 -------- d-----w- c:\program files\microsoft frontpage
2009-10-13 01:13 . 2009-10-13 01:13 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-11 14:18 . 2004-08-12 13:23 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-12 13:22 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-12 13:30 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 15:47 . 2009-10-14 07:29 328360 ----a-w- c:\windows\system32\lxdwih.exe
2009-08-19 15:35 . 2009-10-14 07:29 651264 ----a-w- c:\windows\system32\lxdwpmui.dll
2009-08-19 15:35 . 2009-10-14 07:29 364544 ----a-w- c:\windows\system32\lxdwinpa.dll
2009-08-19 15:35 . 2009-10-14 07:29 339968 ----a-w- c:\windows\system32\lxdwiesc.dll
2009-08-19 15:35 . 2009-10-14 07:29 860160 ----a-w- c:\windows\system32\lxdwusb1.dll
2009-08-19 15:35 . 2009-10-14 07:29 1069056 ----a-w- c:\windows\system32\lxdwserv.dll
2009-08-19 15:35 . 2009-10-14 07:29 684032 ----a-w- c:\windows\system32\lxdwhbn3.dll
2009-08-19 15:35 . 2009-10-14 07:29 577536 ----a-w- c:\windows\system32\lxdwlmpm.dll
2009-08-05 09:01 . 2004-08-12 13:23 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2004-08-12 13:25 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2004-08-12 13:30 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2004-08-12 13:19 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:01 . 2004-08-12 13:17 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22 . 2004-08-12 13:26 1435648 ----a-w- c:\windows\system32\query.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"Lexmark 7600 Series Fax Server"="c:\program files\Lexmark 7600 Series\fm3032.exe" [2008-09-10 311976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-14 149280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\lxdwcoms.exe"=

R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [10/14/2009 2:33 AM 98984]
S3 ATIXPGAA;ATIXPGAA;c:\dell\Drivers\R88754\ATIXPGAA.SYS [10/13/2009 2:37 AM 12032]
.
Contents of the 'Scheduled Tasks' folder

2009-10-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-14 02:26]

2009-10-14 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-14 02:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 19:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-10-15 19:28
ComboFix-quarantined-files.txt 2009-10-15 00:28

Pre-Run: 49,909,764,096 bytes free
Post-Run: 49,990,144,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

238 --- E O F --- 2009-10-14 19:55

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:08 PM

Posted 14 October 2009 - 08:25 PM

you may note that a few things have changed since my last post

.

How do you expect me to help you if you are changing things in your computer?? :(
Like trying to hit a moving target. DO NOT change anything while I helping you!


One question I need to ask you is if I backed up data to a SDHC card, does that data need to be scanned if it is re-installed, if so how do I scan it?


It may be ok, but I would scan it. Use an online scanner like E-set or F-Secure.



Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the each of the following file paths into the "Suspicious files to scan"box on the top of the page:
    • c:\windows\system32\stac97co.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
  • If Copy to Clipbard does not work, then just copy and paste the output in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.

Edited by SifuMike, 14 October 2009 - 08:30 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 wleeori

wleeori
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 14 October 2009 - 11:58 PM

Results for VirScan.org


Scanner results : All Scanners reported not find malware!
Time : 2009/10/15 13:35:18 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.5.0.8 20091015033325 2009-10-15 - 4.535
AhnLab V3 2009.10.15.00 2009.10.15 2009-10-15 - 1.124
AntiVir 8.2.1.35 7.1.6.110 2009-10-14 - 0.179
Antiy 2.0.18 20091014.3003440 2009-10-14 - 0.121
Arcavir 2009 200910141450 2009-10-14 - 0.051
Authentium 5.1.1 200910150502 2009-10-15 - 1.493
AVAST! 4.7.4 091014-0 2009-10-14 - 0.015
AVG 8.5.288 270.14.17/2436 2009-10-15 - 0.351
BitDefender 7.81008.4346880 7.28333 2009-10-15 - 3.735
CA (VET) 9.0.0.143 35.1.7067 2009-10-15 - 9.338
ClamAV 0.95.2 9897 2009-10-15 - 0.046
Comodo 3.12 2601 2009-10-14 - 0.875
CP Secure 1.3.0.5 2009.10.15 2009-10-15 - 0.074
Dr.Web 4.44.0.9170 2009.10.14 2009-10-14 - 5.598
F-Prot 4.4.4.56 20091014 2009-10-14 - 1.460
F-Secure 7.02.73807 2009.10.15.04 2009-10-15 - 0.165
Fortinet 2.81-3.120 10.945 2009-10-14 - 0.223
GData 19.8402/19.511 20091015 2009-10-15 - 5.357
Ikarus T3.1.01.72 2009.10.15.74125 2009-10-15 - 4.212
JiangMin 11.0.800 2009.10.08 2009-10-08 - 4.270
Kaspersky 5.5.10 2009.10.15 2009-10-15 - 0.137
KingSoft 2009.2.5.15 2009.10.15.12 2009-10-15 - 0.545
McAfee 5.3.00 5771 2009-10-14 - 3.347
Microsoft 1.5101 2009.10.14 2009-10-14 - 6.111
Norman 6.01.09 6.01.00 2009-10-14 - 4.009
nProtect 20091014.02 5818832 2009-10-14 - 7.133
Panda 9.05.01 2009.10.14 2009-10-14 - 3.878
Quick Heal 10.00 2009.10.14 2009-10-14 - 1.341
Rising 20.0 21.51.30.00 2009-10-15 - 0.882
Sophos 3.00.1 4.46 2009-10-15 - 2.472
Sunbelt 5450 5450 2009-10-14 - 1.546
Symantec 1.3.0.24 20091014.003 2009-10-14 - 0.053
The Hacker 6.5.0.2 v00042 2009-10-14 - 0.764
Trend Micro 8.700-1004 6.544.02 2009-10-14 - 0.032
VBA32 3.12.10.11 20091014.0848 2009-10-14 - 1.876
ViRobot 20091014 2009.10.14 2009-10-14 - 0.426
VirusBuster 4.5.11.10 10.112.68/2005005 2009-10-14 - 2.437
■Heuristic/Suspicious ■Exact
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database



Mr. Mike,

I was hoping I would get you for help. I have read several of your posts, and like the way you help

people.

I am sorry, that things on my system changed, everything seemed so close to being fixed. The system was

still a bit unstable, but was unstable in a predictable manner. The "Problem" that I was seeing was, I

had Google set as my home page. When I booted up, I could do a g search the first time with no problem,

the next time, a popup would re-direct my search to something else. I am sure that the problem was doing

a lot more than that. The virus(s) had turned off program updates, for just about everything. I know it

had re-configured Mcafee, and had turned on remote access. Some of the malwarebyte scans I ran had

vundo.h virutemode trojan.downloader rootkit.thll backdoor.bot koobFace and others. I was hoping to find

the culprits. I got infected sometime in mid september maybe around the time bleeping computer had the

record number of people online. Anyway, the day before your first reply, I turned the computer on, and

everything crashed. I couldn't boot in safe mode, last known good, anything. Tried starting up from

recovery disk, nothing worked. So I bit the bullet and reformatted and reloaded. I wanted go ahead and

do the cf scan to see if any vestage of the virus(s) remained, and to get any opinions from you re: SD

card, and anything else. I appreciated all of you people for the time and effort you spend trying to

help others with less knowledge. I really was looking forward to finding out what this bug(s) was. And

to working with someone of your expertise, But anyway......... I know all of you are extremely busy now,

and by my reformating, If you want to end this thread I will understand.

Sincerely
Dave

Edited by wleeori, 15 October 2009 - 12:59 AM.


#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:08 PM

Posted 15 October 2009 - 12:12 AM

Hi Dave,

Where is the VIRscan I asked you to do?

So far, I am not seeing any malware on this computer. :(

We can dig deeper if you wish.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 wleeori

wleeori
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 15 October 2009 - 02:18 AM

RESULTS OF ESET SCAN


No threats found

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:08 PM

Posted 15 October 2009 - 10:27 AM

Hi Dave,


I think this computer is clean. :(


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Please download Java Version 6 Update 16
  • Click the "Free Java Download" button.
  • Click "Free Java Download" again
  • Save the file jxpiinstall.exe to your desktop
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java6 Update 15
    Java 6 Update 5
    Java 6 Update 7

  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jxpiinstall.exe to install the newest version.
Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combo-fix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
  • When shown the disclaimer, Select "2"
This will remove files/folders assoicated with combofix and uninstall it.



Please read and follow
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes

Edited by SifuMike, 15 October 2009 - 05:11 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 wleeori

wleeori
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 15 October 2009 - 03:22 PM

Mr. Mike,

Thanks so much for your help. I appreciate all the time you have spent on help and advice you have given me. The only thing I regret is that I, (We), YOU were not able to find the stinking bug that started it all. There seems be several people posting problems similiar to mine, but if you sneeze, don't mean you got a cold, flu, or allegry, maybe just bit of dust in your nose. Anyway, there will be an extra orange in your Christmas stocking.

Thanks Mike

Dave

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:08 PM

Posted 24 October 2009 - 12:21 AM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users