Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible H8SRT virus infection?


  • This topic is locked This topic is locked
11 replies to this topic

#1 Samateus

Samateus

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 07 January 2010 - 07:16 PM

I've posted in the Windows Vista forum and have received little to no help or ideas. Below are my original posts, with the HJT logs and the RootRepeal scan log. Also, when I ran RootRepeal, I received an error as there was an 'invalid partition'.
I anxiously await any information on this and thank you for your time.

QUOTE
Beginning this morning, I received the MSASCui.exe Application error, and have been unable to initialize the update or scanning system on my AVG (free) and have not been able to access Windows Defender. When I attempt to access windows defender (in order to disable it further) my computer blue-screens and restarts.

I have just installed McAfee Security Scan that came with the recent update of Flash Player, and Ad-Aware(free edition) which has found little to no infections.

I'm not certain what is going on, but I have a feeling there is a virus in my system and would very much like to get rid of it. (Obviously)

I'm not software-savvy, but I can troubleshoot with the best of them. Any and all assistance would be greatly appreciated. Thank you.

~Sama

:EDIT: Alright, so I let Ad-Aware run though, it found one major security issue, and cleaned it out. AVG is still not active, I right-click on the system tray icon for it and the 'update now' and 'Open AVG user interface' are greyed out. I can double-click and open AVG, however it becomes unresponsive and will state that there are 'no active components' through avg. Windows firewall is still active, and, as far as I am aware, it is working.


QUOTE
Also, managed to find a copy of Trend micro Housecall. Installed and ran it. Apparently there was a rootkit-type virus that it got rid of and restarted the system.
After this, I received a repeated error that there was no 'disk' in HD2, HD3, HD4 or HD5 with the TSC.exe as the main issue.
I restarted the system, got into safe mode, and attempted a system restore to the day previous to the issues beginning.
It failed, and I needed to restart again and enter safe mode to attempt a different system restore point. I chose December 29th, as it was the farthest back I could go. However, this failed also, stating that there was a Disk Failure during the restore. Which is odd, as it seemed to be working just fine and restarted itself normally.

Despite all this, the Windows defender and MSASCui.exe issue is still there.

PLEASE, dear computer knowledgeable gurus, any insight or possible ideas? I have tried everything I myself could think of, short of just wiping the main drive and throwing windows 7 in there. (I would, however I dislike the idea of having to reinstall all of my programs from scratch. But will if necessary.)



DDS (Ver_09-12-01.01) - NTFSx86
Run by Jillian at 18:06:15.91 on 07/01/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2815.1261 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jillian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.ca.acer.yahoo.com
uSearch Bar = Preserve
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Apanel] c:\acersw\config\SetApanel.cmd
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [eRecoveryService]
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\jillian\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\ASETRES.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jillian\appdata\roaming\mozilla\firefox\profiles\8ts6w8m4.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.5 beta 4\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.5 beta 4\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.5 beta 4\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-6 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-17 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-17 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-17 360584]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-3-16 269448]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\system32\nvSCPAPISvr.exe [2009-6-10 232960]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-7-10 2789160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-2-17 42528]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-7-10 15656]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-12 906520]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-12 285392]

=============== Created Last 30 ================

2010-01-07 08:42:04 10752 ----a-w- c:\windows\DCEBoot.exe
2010-01-07 08:33:23 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-06 21:07:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-06 20:15:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-06 20:13:50 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-06 20:13:38 0 d-----w- c:\programdata\Lavasoft
2010-01-06 20:13:38 0 d-----w- c:\program files\Lavasoft
2010-01-06 20:02:50 0 d-----w- c:\programdata\McAfee Security Scan
2010-01-06 20:02:50 0 d-----w- c:\program files\McAfee Security Scan
2010-01-06 07:49:37 871 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-30 19:07:55 0 d-----w- c:\windows\system32\vi-VN
2009-12-30 19:07:55 0 d-----w- c:\windows\system32\eu-ES
2009-12-30 19:07:55 0 d-----w- c:\windows\system32\ca-ES
2009-12-30 19:05:04 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2009-12-30 18:35:10 0 d-----w- c:\windows\system32\EventProviders
2009-12-14 15:51:35 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-14 15:51:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-14 15:51:34 30720 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2010-01-07 19:29:42 64861 ----a-w- c:\programdata\nvModes.dat
2009-12-30 19:11:51 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-30 19:11:51 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-30 19:11:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-30 19:07:52 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-30 19:03:15 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-12 23:47:46 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-12 23:47:46 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-12 23:47:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-18 00:49:03 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-02-18 00:49:03 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-02-18 00:49:03 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:07:24.52 ===============



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/07 18:09
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x8EFE2000 Size: 40960 File Visible: No Signed: -
Status: -

Name: dump_nvstor32.sys
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x8A7B2000 Size: 151552 File Visible: No Signed: -
Status: -

Name: H8SRTyjpyrptnej.sys
Image Path: C:\Windows\system32\drivers\H8SRTyjpyrptnej.sys
Address: 0x8F2E2000 Size: 118784 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9C7F3000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: Volume C:\
Status: MBR Rootkit Detected!

Path: Volume C:\, Sector 1
Status: Sector mismatch

Path: Volume C:\, Sector 2
Status: Sector mismatch

Path: Volume C:\, Sector 3
Status: Sector mismatch

Path: Volume C:\, Sector 4
Status: Sector mismatch

Path: Volume C:\, Sector 5
Status: Sector mismatch

Path: Volume C:\, Sector 6
Status: Sector mismatch

Path: Volume C:\, Sector 7
Status: Sector mismatch

Path: Volume C:\, Sector 8
Status: Sector mismatch

Path: Volume C:\, Sector 9
Status: Sector mismatch

Path: Volume C:\, Sector 10
Status: Sector mismatch

Path: Volume C:\, Sector 11
Status: Sector mismatch

Path: Volume C:\, Sector 12
Status: Sector mismatch

Path: Volume C:\, Sector 13
Status: Sector mismatch

Path: Volume C:\, Sector 14
Status: Sector mismatch

Path: Volume C:\, Sector 15
Status: Sector mismatch

Path: Volume C:\, Sector 16
Status: Sector mismatch

Path: Volume C:\, Sector 17
Status: Sector mismatch

Path: Volume C:\, Sector 18
Status: Sector mismatch

Path: Volume C:\, Sector 19
Status: Sector mismatch

Path: Volume C:\, Sector 20
Status: Sector mismatch

Path: Volume C:\, Sector 21
Status: Sector mismatch

Path: Volume C:\, Sector 22
Status: Sector mismatch

Path: Volume C:\, Sector 23
Status: Sector mismatch

Path: Volume C:\, Sector 24
Status: Sector mismatch

Path: Volume C:\, Sector 25
Status: Sector mismatch

Path: Volume C:\, Sector 26
Status: Sector mismatch

Path: Volume C:\, Sector 27
Status: Sector mismatch

Path: Volume C:\, Sector 28
Status: Sector mismatch

Path: Volume C:\, Sector 29
Status: Sector mismatch

Path: Volume C:\, Sector 30
Status: Sector mismatch

Path: Volume C:\, Sector 31
Status: Sector mismatch

Path: Volume C:\, Sector 32
Status: Sector mismatch

Path: Volume C:\, Sector 33
Status: Sector mismatch

Path: Volume C:\, Sector 34
Status: Sector mismatch

Path: Volume C:\, Sector 35
Status: Sector mismatch

Path: Volume C:\, Sector 36
Status: Sector mismatch

Path: Volume C:\, Sector 37
Status: Sector mismatch

Path: Volume C:\, Sector 38
Status: Sector mismatch

Path: Volume C:\, Sector 39
Status: Sector mismatch

Path: Volume C:\, Sector 40
Status: Sector mismatch

Path: Volume C:\, Sector 41
Status: Sector mismatch

Path: Volume C:\, Sector 42
Status: Sector mismatch

Path: Volume C:\, Sector 43
Status: Sector mismatch

Path: Volume C:\, Sector 44
Status: Sector mismatch

Path: Volume C:\, Sector 45
Status: Sector mismatch

Path: Volume C:\, Sector 46
Status: Sector mismatch

Path: Volume C:\, Sector 47
Status: Sector mismatch

Path: Volume C:\, Sector 48
Status: Sector mismatch

Path: Volume C:\, Sector 49
Status: Sector mismatch

Path: Volume C:\, Sector 50
Status: Sector mismatch

Path: Volume C:\, Sector 51
Status: Sector mismatch

Path: Volume C:\, Sector 52
Status: Sector mismatch

Path: Volume C:\, Sector 53
Status: Sector mismatch

Path: Volume C:\, Sector 54
Status: Sector mismatch

Path: Volume C:\, Sector 55
Status: Sector mismatch

Path: Volume C:\, Sector 56
Status: Sector mismatch

Path: Volume C:\, Sector 57
Status: Sector mismatch

Path: Volume C:\, Sector 58
Status: Sector mismatch

Path: Volume C:\, Sector 59
Status: Sector mismatch

Path: Volume C:\, Sector 60
Status: Sector mismatch

Path: Volume C:\, Sector 61
Status: Sector mismatch

Path: Volume C:\, Sector 62
Status: Sector mismatch

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1224 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Handle [Index: 3628, Type: UnknownType]
Process: csrss.exe (PID: 616) Address: 0x866e5030 Size: -

Object: Hidden Handle [Index: 3644, Type: UnknownType]
Process: csrss.exe (PID: 616) Address: 0x8669d550 Size: -

Object: Hidden Module [Name: H8SRTfupnbbaccq.dll]
Process: firefox.exe (PID: 7192) Address: 0x007c0000 Size: 151552

Object: Hidden Handle [Index: 2424, Type: UnknownType]
Process: firefox.exe (PID: 7192) Address: 0x88d69030 Size: -

Object: Hidden Handle [Index: 2624, Type: UnknownType]
Process: firefox.exe (PID: 7192) Address: 0x854f0470 Size: -

Object: Hidden Handle [Index: 2648, Type: UnknownType]
Process: firefox.exe (PID: 7192) Address: 0x857a09f8 Size: -

Object: Hidden Handle [Index: 2692, Type: UnknownType]
Process: firefox.exe (PID: 7192) Address: 0x855e5fe0 Size: -

Object: Hidden Handle [Index: 2932, Type: UnknownType]
Process: firefox.exe (PID: 7192) Address: 0x86245a90 Size: -

Object: Hidden Handle [Index: 3444, Type: UnknownType]
Process: firefox.exe (PID: 7192) Address: 0x889878e0 Size: -

Object: Hidden Handle [Index: 3512, Type: UnknownType]
Process: firefox.exe (PID: 7192) Address: 0x86245a90 Size: -

Object: Hidden Handle [Index: 3704, Type: UnknownType]
Process: firefox.exe (PID: 7192) Address: 0x86e56f38 Size: -

==EOF==

Attached Files


Edited by Samateus, 07 January 2010 - 07:17 PM.


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:15 AM

Posted 14 January 2010 - 12:09 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 Samateus

Samateus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 14 January 2010 - 09:15 PM

Alright I am still having issues, so here's the rundown.

On January 7th, when I turned on my computer, I received an application error. The program MSASCui.exe failed to initialize. Clicking the 'okay' box, brought up a prompt from windows defender that the program was unable to run due to a user interface issue. (If you would like, I am able to get screenshots of these dialog boxes.)

I then opened AVG 9.0.725 (free edition) by double-clicking and first received that it was working correctly, then receive a dialog that there are no active components. When I right-click on the system tray icon, the 'Open AVG user interface' and 'update now' selections are greyed. The selections in the user interface are non-responsive and I can only assume that it does not run at all.

I then proceeded to get ad-aware and trend-micro housecall, finding that, when using google, I tend to get redirected to a 'maqmacmak' website after my initial selections. Ad-Aware removed multiple issues, and when I ran Housecall, a virus popped up, and my computer restarted before I could write it down, though I am certain it read 'H8SRT', as I've seen it before on other websites.

When my computer restarted, I received the error that the program TSC.exe(or TSC.dll I'm not certain) was not able to find a disk in any of a few different drives. I powered down the computer and booted into safe mode, attempted a system restore to the day before the issues began, and it restarted, stating that there was a disk failure during the process. I tried it again, going as far back as december 29th, as it was the last day I had a restore point for. This allowed me to at least get into windows normally, but did not fix the issue.

Here is the DDS log, I certainly hope this will help diagnose the issue. (I attempted to save and upload the 'attach.txt' file as a .rar but it will not allow me to upload it as such.)


DDS (Ver_09-12-01.01) - NTFSx86
Run by Jillian at 19:58:07.20 on 14/01/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2815.1518 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Users\Jillian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.ca.acer.yahoo.com
uSearch Bar = Preserve
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Apanel] c:\acersw\config\SetApanel.cmd
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [eRecoveryService]
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\jillian\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\ASETRES.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jillian\appdata\roaming\mozilla\firefox\profiles\8ts6w8m4.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.5 beta 4\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.5 beta 4\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.5 beta 4\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-6 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-17 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-17 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-17 360584]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-3-16 269448]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\system32\nvSCPAPISvr.exe [2009-6-10 232960]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-7-10 2789160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-2-17 42528]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-7-10 15656]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-12 906520]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-12 285392]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

=============== Created Last 30 ================

2010-01-13 09:25:41 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 09:25:41 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-07 08:42:04 10752 ----a-w- c:\windows\DCEBoot.exe
2010-01-07 08:33:23 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-06 21:07:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-06 20:15:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-06 20:13:50 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-06 20:13:38 0 d-----w- c:\programdata\Lavasoft
2010-01-06 20:13:38 0 d-----w- c:\program files\Lavasoft
2010-01-06 20:02:50 0 d-----w- c:\programdata\McAfee Security Scan
2010-01-06 20:02:50 0 d-----w- c:\program files\McAfee Security Scan
2010-01-06 07:49:37 871 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-30 19:07:55 0 d-----w- c:\windows\system32\vi-VN
2009-12-30 19:07:55 0 d-----w- c:\windows\system32\eu-ES
2009-12-30 19:07:55 0 d-----w- c:\windows\system32\ca-ES
2009-12-30 19:05:04 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2009-12-30 18:35:10 0 d-----w- c:\windows\system32\EventProviders

==================== Find3M ====================

2010-01-14 21:58:42 64861 ----a-w- c:\programdata\nvModes.dat
2009-12-30 19:11:51 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-30 19:11:51 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-30 19:11:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-30 19:07:52 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-30 19:03:15 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-12 23:47:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-18 00:49:03 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-02-18 00:49:03 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-02-18 00:49:03 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 19:59:14.84 ===============

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:15 AM

Posted 16 January 2010 - 09:52 AM

Hi Samateus,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

1.Go to this thread and Download TDSSKiller.zip to your Desktop.
2.Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
3.Start > Run and copy/paste the following bolded command into run box and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

4.If TDSSKiller alerts you that the system needs to reboot, please consent.
5.When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Step2
  1. If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  2. Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  3. Note: If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu.
    The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.
  4. Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  5. Click Yes to allow Combofix to continue scanning for malware.
  6. When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  7. Do not mouse click on Combofix while it is running. That may cause it to stall.

Step3

Please download GMER Rootkit Scanner from Here or Here.
  1. Extract the contents of the zipped file to desktop.
  2. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  3. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  4. In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  5. Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  6. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


In your next reply, please post back:

1.TDSSKiller txt
2.ComboFix log
3.Gmer log Thanks.

#5 Samateus

Samateus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 16 January 2010 - 11:06 PM

Alright, thank you for the quick reply Sundavis! I've followed your instructions here, and only had one issue. While running GMER.exe The program ceased running. I took a screenshot and attached it here. I attempted to run it a second time, and my computer bluescreened, and restarted. I did not get GMER.exe to run through, nor a save file of any scans.

Here's the program details from windows:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 4105

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 82692D45
BCP3: AD934A54
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini011610-01.dmp
C:\Users\Jillian\AppData\Local\temp\WER-46098-0.sysdata.xml
C:\Users\Jillian\AppData\Local\temp\WER30FE.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409




21:30:49:356 4176 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
21:30:49:356 4176 ================================================================================
21:30:49:356 4176 SystemInfo:

21:30:49:356 4176 OS Version: 6.0.6002 ServicePack: 2.0
21:30:49:356 4176 Product type: Workstation
21:30:49:356 4176 ComputerName: AUREIAHNNA
21:30:49:356 4176 UserName: Jillian
21:30:49:356 4176 Windows directory: C:\Windows
21:30:49:356 4176 Processor architecture: Intel x86
21:30:49:356 4176 Number of processors: 4
21:30:49:356 4176 Page size: 0x1000
21:30:49:356 4176 Boot type: Normal boot
21:30:49:356 4176 ================================================================================
21:30:49:385 4176 UnloadDriverW: NtUnloadDriver error 2
21:30:49:385 4176 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:30:49:413 4176 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
21:30:50:172 4176 UtilityInit: KLMD drop and load success
21:30:50:172 4176 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
21:30:50:172 4176 UtilityInit: KLMD open success
21:30:50:172 4176 UtilityInit: Initialize success
21:30:50:172 4176
21:30:50:172 4176 Scanning Services ...
21:30:50:172 4176 CreateRegParser: Registry parser init started
21:30:50:172 4176 CreateRegParser: DisableWow64Redirection error
21:30:50:173 4176 wfopen_ex: Trying to open file C:\Windows\system32\config\system
21:30:50:173 4176 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
21:30:50:173 4176 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:30:50:173 4176 wfopen_ex: Trying to KLMD file open
21:30:50:173 4176 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
21:30:50:173 4176 wfopen_ex: File opened ok (Flags 2)
21:30:50:189 4176 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 2541490
21:30:50:189 4176 wfopen_ex: Trying to open file C:\Windows\system32\config\software
21:30:50:189 4176 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
21:30:50:189 4176 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:30:50:189 4176 wfopen_ex: Trying to KLMD file open
21:30:50:189 4176 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
21:30:50:190 4176 wfopen_ex: File opened ok (Flags 2)
21:30:50:190 4176 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 2541318
21:30:50:190 4176 CreateRegParser: EnableWow64Redirection error
21:30:50:190 4176 CreateRegParser: RegParser init completed
21:30:50:836 4176 GetAdvancedServicesInfo: Raw services enum returned 438 services
21:30:50:839 4176 ScanTDL2Services: Exact detect H8SRTd.sys (h: 1)
21:30:50:839 4176 RegNode HKLM\SYSTEM\ControlSet001\services\H8SRTd.sys infected by TDSS rootkit ... 21:30:50:840 4176 will be deleted on reboot
21:30:50:840 4176 DeleteTDL2Service: SafeBoot Minimal doesn't infected
21:30:50:841 4176 DeleteTDL2Service: SafeBoot Network doesn't infected
21:30:50:881 4176 RegNode HKLM\SYSTEM\ControlSet002\services\H8SRTd.sys infected by TDSS rootkit ... 21:30:50:881 4176 will be deleted on reboot
21:30:50:882 4176 DeleteTDL2Service: RawRegOpenKeyW(ControlSet002\control\safeboot) error 5
21:30:50:896 4176 RegNode HKLM\SYSTEM\ControlSet003\services\H8SRTd.sys infected by TDSS rootkit ... 21:30:50:896 4176 will be deleted on reboot
21:30:50:897 4176 DeleteTDL2Service: RawRegOpenKeyW(ControlSet003\control\safeboot) error 5
21:30:50:907 4176 RegNode HKLM\SYSTEM\ControlSet004\services\H8SRTd.sys infected by TDSS rootkit ... 21:30:50:907 4176 will be deleted on reboot
21:30:50:908 4176 DeleteTDL2Service: RawRegOpenKeyW(ControlSet004\control\safeboot) error 5
21:30:50:912 4176 RegNode HKLM\SYSTEM\ControlSet005\services\H8SRTd.sys infected by TDSS rootkit ... 21:30:50:912 4176 will be deleted on reboot
21:30:50:922 4176 DeleteTDL2Service: SafeBoot Minimal doesn't infected
21:30:50:923 4176 DeleteTDL2Service: SafeBoot Network doesn't infected
21:30:50:930 4176 File C:\Windows\system32\drivers\H8SRTyjpyrptnej.sys infected by TDSS rootkit ... 21:30:50:931 4176 will be deleted on reboot
21:30:50:931 4176 DeleteTDL2Service: Module enum: Name: H8SRTd. Type: 1
21:30:50:931 4176 DeleteTDL2Service: Module clone ImagePath, skipping
21:30:50:931 4176 DeleteTDL2Service: Module enum: Name: H8SRTc. Type: 1
21:30:50:931 4176 File C:\Windows\system32\H8SRTmssmtcwgbh.dll infected by TDSS rootkit ... 21:30:50:932 4176 will be deleted on reboot
21:30:50:932 4176 DeleteTDL2Service: Module enum: Name: H8SRTsrcr. Type: 1
21:30:50:932 4176 File C:\Windows\system32\H8SRTuqmqmbxwfr.dat infected by TDSS rootkit ... 21:30:50:933 4176 will be deleted on reboot
21:30:50:933 4176 DeleteTDL2Service: Module enum: Name: h8srtserf. Type: 1
21:30:50:933 4176 File C:\Windows\system32\H8SRTddxnsvicdk.dll infected by TDSS rootkit ... 21:30:50:933 4176 will be deleted on reboot
21:30:50:934 4176 DeleteTDL2Service: Module enum: Name: h8srtbbr. Type: 1
21:30:50:934 4176 File C:\Windows\system32\H8SRTfupnbbaccq.dll infected by TDSS rootkit ... 21:30:50:934 4176 will be deleted on reboot
21:30:50:934 4176 ScanTDL2Services: DeleteEvilService(H8SRTd.sys) success
21:30:50:935 4176 fclose_ex: Trying to close file C:\Windows\system32\config\system
21:30:50:935 4176 fclose_ex: Trying to close file C:\Windows\system32\config\software
21:30:50:936 4176
21:30:50:937 4176 Scanning Kernel memory ...
21:30:50:938 4176 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
21:30:50:938 4176 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 862C51B0
21:30:50:938 4176 DetectCureTDL3: KLMD_GetDeviceObjectList returned 7 DevObjects
21:30:50:938 4176
21:30:50:938 4176 DetectCureTDL3: DEVICE_OBJECT: 8830BAC8
21:30:50:938 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8830BAC8
21:30:50:938 4176 DetectCureTDL3: DEVICE_OBJECT: 8830A030
21:30:50:938 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8830A030
21:30:50:938 4176 KLMD_ReadMem: Trying to ReadMemory 0x8830A030[0x38]
21:30:50:938 4176 DetectCureTDL3: DRIVER_OBJECT: 880EEA90
21:30:50:938 4176 KLMD_ReadMem: Trying to ReadMemory 0x880EEA90[0xA8]
21:30:50:938 4176 KLMD_ReadMem: Trying to ReadMemory 0x871B1990[0x1E]
21:30:50:938 4176 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
21:30:50:939 4176 DetectCureTDL3: IrpHandler (0) addr: 8B942FC8
21:30:50:939 4176 DetectCureTDL3: IrpHandler (1) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (2) addr: 8B943040
21:30:50:939 4176 DetectCureTDL3: IrpHandler (3) addr: 8B9430B8
21:30:50:939 4176 DetectCureTDL3: IrpHandler (4) addr: 8B9430B8
21:30:50:939 4176 DetectCureTDL3: IrpHandler (5) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (6) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (7) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (8) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (9) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (10) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (11) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (12) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (13) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (14) addr: 8B942BC4
21:30:50:939 4176 DetectCureTDL3: IrpHandler (15) addr: 8B9367E4
21:30:50:939 4176 DetectCureTDL3: IrpHandler (16) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (17) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (18) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (19) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (20) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (21) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (22) addr: 8B94159C
21:30:50:939 4176 DetectCureTDL3: IrpHandler (23) addr: 8B93E7A2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (24) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (25) addr: 826329D2
21:30:50:939 4176 DetectCureTDL3: IrpHandler (26) addr: 826329D2
21:30:50:939 4176 KLMD_ReadMem: Trying to ReadMemory 0x8B938F26[0x400]
21:30:50:939 4176 TDL3_StartIoHookDetect: CheckParameters: 4, 8B93D000, 0
21:30:50:939 4176 TDL3_FileDetect: Processing driver: USBSTOR
21:30:50:939 4176 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:50:939 4176 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:50:963 4176 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
21:30:50:963 4176
21:30:50:963 4176 DetectCureTDL3: DEVICE_OBJECT: 8820BAC8
21:30:50:963 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8820BAC8
21:30:50:963 4176 DetectCureTDL3: DEVICE_OBJECT: 88239940
21:30:50:963 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88239940
21:30:50:963 4176 KLMD_ReadMem: Trying to ReadMemory 0x88239940[0x38]
21:30:50:963 4176 DetectCureTDL3: DRIVER_OBJECT: 880EEA90
21:30:50:963 4176 KLMD_ReadMem: Trying to ReadMemory 0x880EEA90[0xA8]
21:30:50:963 4176 KLMD_ReadMem: Trying to ReadMemory 0x871B1990[0x1E]
21:30:50:963 4176 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
21:30:50:963 4176 DetectCureTDL3: IrpHandler (0) addr: 8B942FC8
21:30:50:963 4176 DetectCureTDL3: IrpHandler (1) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (2) addr: 8B943040
21:30:50:964 4176 DetectCureTDL3: IrpHandler (3) addr: 8B9430B8
21:30:50:964 4176 DetectCureTDL3: IrpHandler (4) addr: 8B9430B8
21:30:50:964 4176 DetectCureTDL3: IrpHandler (5) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (6) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (7) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (8) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (9) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (10) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (11) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (12) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (13) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (14) addr: 8B942BC4
21:30:50:964 4176 DetectCureTDL3: IrpHandler (15) addr: 8B9367E4
21:30:50:964 4176 DetectCureTDL3: IrpHandler (16) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (17) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (18) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (19) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (20) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (21) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (22) addr: 8B94159C
21:30:50:964 4176 DetectCureTDL3: IrpHandler (23) addr: 8B93E7A2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (24) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (25) addr: 826329D2
21:30:50:964 4176 DetectCureTDL3: IrpHandler (26) addr: 826329D2
21:30:50:964 4176 KLMD_ReadMem: Trying to ReadMemory 0x8B938F26[0x400]
21:30:50:964 4176 TDL3_StartIoHookDetect: CheckParameters: 4, 8B93D000, 0
21:30:50:964 4176 TDL3_FileDetect: Processing driver: USBSTOR
21:30:50:964 4176 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:50:964 4176 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:50:966 4176 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
21:30:50:966 4176
21:30:50:966 4176 DetectCureTDL3: DEVICE_OBJECT: 88166AC8
21:30:50:966 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88166AC8
21:30:50:966 4176 DetectCureTDL3: DEVICE_OBJECT: 8827A740
21:30:50:966 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8827A740
21:30:50:966 4176 KLMD_ReadMem: Trying to ReadMemory 0x8827A740[0x38]
21:30:50:966 4176 DetectCureTDL3: DRIVER_OBJECT: 880EEA90
21:30:50:966 4176 KLMD_ReadMem: Trying to ReadMemory 0x880EEA90[0xA8]
21:30:50:966 4176 KLMD_ReadMem: Trying to ReadMemory 0x871B1990[0x1E]
21:30:50:966 4176 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
21:30:50:966 4176 DetectCureTDL3: IrpHandler (0) addr: 8B942FC8
21:30:50:966 4176 DetectCureTDL3: IrpHandler (1) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (2) addr: 8B943040
21:30:50:966 4176 DetectCureTDL3: IrpHandler (3) addr: 8B9430B8
21:30:50:966 4176 DetectCureTDL3: IrpHandler (4) addr: 8B9430B8
21:30:50:966 4176 DetectCureTDL3: IrpHandler (5) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (6) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (7) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (8) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (9) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (10) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (11) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (12) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (13) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (14) addr: 8B942BC4
21:30:50:966 4176 DetectCureTDL3: IrpHandler (15) addr: 8B9367E4
21:30:50:966 4176 DetectCureTDL3: IrpHandler (16) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (17) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (18) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (19) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (20) addr: 826329D2
21:30:50:966 4176 DetectCureTDL3: IrpHandler (21) addr: 826329D2
21:30:50:967 4176 DetectCureTDL3: IrpHandler (22) addr: 8B94159C
21:30:50:967 4176 DetectCureTDL3: IrpHandler (23) addr: 8B93E7A2
21:30:50:967 4176 DetectCureTDL3: IrpHandler (24) addr: 826329D2
21:30:50:967 4176 DetectCureTDL3: IrpHandler (25) addr: 826329D2
21:30:50:967 4176 DetectCureTDL3: IrpHandler (26) addr: 826329D2
21:30:50:967 4176 KLMD_ReadMem: Trying to ReadMemory 0x8B938F26[0x400]
21:30:50:967 4176 TDL3_StartIoHookDetect: CheckParameters: 4, 8B93D000, 0
21:30:50:967 4176 TDL3_FileDetect: Processing driver: USBSTOR
21:30:50:967 4176 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:50:967 4176 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:50:968 4176 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
21:30:50:968 4176
21:30:50:968 4176 DetectCureTDL3: DEVICE_OBJECT: 8827A030
21:30:50:968 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8827A030
21:30:50:968 4176 DetectCureTDL3: DEVICE_OBJECT: 88239CB8
21:30:50:968 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88239CB8
21:30:50:968 4176 KLMD_ReadMem: Trying to ReadMemory 0x88239CB8[0x38]
21:30:50:968 4176 DetectCureTDL3: DRIVER_OBJECT: 880EEA90
21:30:50:968 4176 KLMD_ReadMem: Trying to ReadMemory 0x880EEA90[0xA8]
21:30:50:968 4176 KLMD_ReadMem: Trying to ReadMemory 0x871B1990[0x1E]
21:30:50:969 4176 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
21:30:50:969 4176 DetectCureTDL3: IrpHandler (0) addr: 8B942FC8
21:30:50:969 4176 DetectCureTDL3: IrpHandler (1) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (2) addr: 8B943040
21:30:50:969 4176 DetectCureTDL3: IrpHandler (3) addr: 8B9430B8
21:30:50:969 4176 DetectCureTDL3: IrpHandler (4) addr: 8B9430B8
21:30:50:969 4176 DetectCureTDL3: IrpHandler (5) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (6) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (7) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (8) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (9) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (10) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (11) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (12) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (13) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (14) addr: 8B942BC4
21:30:50:969 4176 DetectCureTDL3: IrpHandler (15) addr: 8B9367E4
21:30:50:969 4176 DetectCureTDL3: IrpHandler (16) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (17) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (18) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (19) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (20) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (21) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (22) addr: 8B94159C
21:30:50:969 4176 DetectCureTDL3: IrpHandler (23) addr: 8B93E7A2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (24) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (25) addr: 826329D2
21:30:50:969 4176 DetectCureTDL3: IrpHandler (26) addr: 826329D2
21:30:50:969 4176 KLMD_ReadMem: Trying to ReadMemory 0x8B938F26[0x400]
21:30:50:969 4176 TDL3_StartIoHookDetect: CheckParameters: 4, 8B93D000, 0
21:30:50:969 4176 TDL3_FileDetect: Processing driver: USBSTOR
21:30:50:969 4176 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:50:969 4176 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:50:971 4176 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
21:30:50:971 4176
21:30:50:971 4176 DetectCureTDL3: DEVICE_OBJECT: 8827AAC8
21:30:50:971 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8827AAC8
21:30:50:971 4176 DetectCureTDL3: DEVICE_OBJECT: 8823A830
21:30:50:971 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8823A830
21:30:50:971 4176 KLMD_ReadMem: Trying to ReadMemory 0x8823A830[0x38]
21:30:50:971 4176 DetectCureTDL3: DRIVER_OBJECT: 880EEA90
21:30:50:971 4176 KLMD_ReadMem: Trying to ReadMemory 0x880EEA90[0xA8]
21:30:50:971 4176 KLMD_ReadMem: Trying to ReadMemory 0x871B1990[0x1E]
21:30:50:971 4176 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
21:30:50:971 4176 DetectCureTDL3: IrpHandler (0) addr: 8B942FC8
21:30:50:971 4176 DetectCureTDL3: IrpHandler (1) addr: 826329D2
21:30:50:971 4176 DetectCureTDL3: IrpHandler (2) addr: 8B943040
21:30:50:971 4176 DetectCureTDL3: IrpHandler (3) addr: 8B9430B8
21:30:50:971 4176 DetectCureTDL3: IrpHandler (4) addr: 8B9430B8
21:30:50:971 4176 DetectCureTDL3: IrpHandler (5) addr: 826329D2
21:30:50:971 4176 DetectCureTDL3: IrpHandler (6) addr: 826329D2
21:30:50:971 4176 DetectCureTDL3: IrpHandler (7) addr: 826329D2
21:30:50:971 4176 DetectCureTDL3: IrpHandler (8) addr: 826329D2
21:30:50:971 4176 DetectCureTDL3: IrpHandler (9) addr: 826329D2
21:30:50:971 4176 DetectCureTDL3: IrpHandler (10) addr: 826329D2
21:30:50:971 4176 DetectCureTDL3: IrpHandler (11) addr: 826329D2
21:30:50:971 4176 DetectCureTDL3: IrpHandler (12) addr: 826329D2
21:30:50:971 4176 DetectCureTDL3: IrpHandler (13) addr: 826329D2
21:30:50:971 4176 DetectCureTDL3: IrpHandler (14) addr: 8B942BC4
21:30:50:971 4176 DetectCureTDL3: IrpHandler (15) addr: 8B9367E4
21:30:50:971 4176 DetectCureTDL3: IrpHandler (16) addr: 826329D2
21:30:50:972 4176 DetectCureTDL3: IrpHandler (17) addr: 826329D2
21:30:50:972 4176 DetectCureTDL3: IrpHandler (18) addr: 826329D2
21:30:50:972 4176 DetectCureTDL3: IrpHandler (19) addr: 826329D2
21:30:50:972 4176 DetectCureTDL3: IrpHandler (20) addr: 826329D2
21:30:50:972 4176 DetectCureTDL3: IrpHandler (21) addr: 826329D2
21:30:50:972 4176 DetectCureTDL3: IrpHandler (22) addr: 8B94159C
21:30:50:972 4176 DetectCureTDL3: IrpHandler (23) addr: 8B93E7A2
21:30:50:972 4176 DetectCureTDL3: IrpHandler (24) addr: 826329D2
21:30:50:972 4176 DetectCureTDL3: IrpHandler (25) addr: 826329D2
21:30:50:972 4176 DetectCureTDL3: IrpHandler (26) addr: 826329D2
21:30:50:972 4176 KLMD_ReadMem: Trying to ReadMemory 0x8B938F26[0x400]
21:30:50:972 4176 TDL3_StartIoHookDetect: CheckParameters: 4, 8B93D000, 0
21:30:50:972 4176 TDL3_FileDetect: Processing driver: USBSTOR
21:30:50:972 4176 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:50:972 4176 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:50:973 4176 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
21:30:50:973 4176
21:30:50:973 4176 DetectCureTDL3: DEVICE_OBJECT: 868B49B0
21:30:50:973 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 868B49B0
21:30:50:973 4176 DetectCureTDL3: DEVICE_OBJECT: 84E05130
21:30:50:973 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84E05130
21:30:50:974 4176 DetectCureTDL3: DEVICE_OBJECT: 84E1B5F8
21:30:50:974 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84E1B5F8
21:30:50:974 4176 KLMD_ReadMem: Trying to ReadMemory 0x84E1B5F8[0x38]
21:30:50:974 4176 DetectCureTDL3: DRIVER_OBJECT: 84E088B0
21:30:50:974 4176 KLMD_ReadMem: Trying to ReadMemory 0x84E088B0[0xA8]
21:30:50:974 4176 KLMD_ReadMem: Trying to ReadMemory 0x84E08858[0x20]
21:30:50:974 4176 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvstor32, Driver Name: nvstor32
21:30:50:974 4176 DetectCureTDL3: IrpHandler (0) addr: 8363F60A
21:30:50:974 4176 DetectCureTDL3: IrpHandler (1) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (2) addr: 8363F565
21:30:50:974 4176 DetectCureTDL3: IrpHandler (3) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (4) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (5) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (6) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (7) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (8) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (9) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (10) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (11) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (12) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (13) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (14) addr: 8363F6CB
21:30:50:974 4176 DetectCureTDL3: IrpHandler (15) addr: 8360EEE3
21:30:50:974 4176 DetectCureTDL3: IrpHandler (16) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (17) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (18) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (19) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (20) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (21) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (22) addr: 8361488F
21:30:50:974 4176 DetectCureTDL3: IrpHandler (23) addr: 8363F8FE
21:30:50:974 4176 DetectCureTDL3: IrpHandler (24) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (25) addr: 826329D2
21:30:50:974 4176 DetectCureTDL3: IrpHandler (26) addr: 826329D2
21:30:50:974 4176 TDL3_FileDetect: Processing driver: nvstor32
21:30:50:974 4176 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\nvstor32.sys
21:30:50:974 4176 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\nvstor32.sys
21:30:50:988 4176 TDL3_FileDetect: C:\Windows\system32\drivers\nvstor32.sys - Verdict: Clean
21:30:50:988 4176
21:30:50:988 4176 DetectCureTDL3: DEVICE_OBJECT: 867B1580
21:30:50:988 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 867B1580
21:30:50:988 4176 DetectCureTDL3: DEVICE_OBJECT: 84E0C4F0
21:30:50:988 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84E0C4F0
21:30:50:988 4176 DetectCureTDL3: DEVICE_OBJECT: 84E1B998
21:30:50:988 4176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84E1B998
21:30:50:988 4176 KLMD_ReadMem: Trying to ReadMemory 0x84E1B998[0x38]
21:30:50:988 4176 DetectCureTDL3: DRIVER_OBJECT: 84E088B0
21:30:50:988 4176 KLMD_ReadMem: Trying to ReadMemory 0x84E088B0[0xA8]
21:30:50:988 4176 KLMD_ReadMem: Trying to ReadMemory 0x84E08858[0x20]
21:30:50:988 4176 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvstor32, Driver Name: nvstor32
21:30:50:988 4176 DetectCureTDL3: IrpHandler (0) addr: 8363F60A
21:30:50:988 4176 DetectCureTDL3: IrpHandler (1) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (2) addr: 8363F565
21:30:50:988 4176 DetectCureTDL3: IrpHandler (3) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (4) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (5) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (6) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (7) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (8) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (9) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (10) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (11) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (12) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (13) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (14) addr: 8363F6CB
21:30:50:988 4176 DetectCureTDL3: IrpHandler (15) addr: 8360EEE3
21:30:50:988 4176 DetectCureTDL3: IrpHandler (16) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (17) addr: 826329D2
21:30:50:988 4176 DetectCureTDL3: IrpHandler (18) addr: 826329D2
21:30:50:989 4176 DetectCureTDL3: IrpHandler (19) addr: 826329D2
21:30:50:989 4176 DetectCureTDL3: IrpHandler (20) addr: 826329D2
21:30:50:989 4176 DetectCureTDL3: IrpHandler (21) addr: 826329D2
21:30:50:989 4176 DetectCureTDL3: IrpHandler (22) addr: 8361488F
21:30:50:989 4176 DetectCureTDL3: IrpHandler (23) addr: 8363F8FE
21:30:50:989 4176 DetectCureTDL3: IrpHandler (24) addr: 826329D2
21:30:50:989 4176 DetectCureTDL3: IrpHandler (25) addr: 826329D2
21:30:50:989 4176 DetectCureTDL3: IrpHandler (26) addr: 826329D2
21:30:50:989 4176 TDL3_FileDetect: Processing driver: nvstor32
21:30:50:989 4176 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\nvstor32.sys
21:30:50:989 4176 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\nvstor32.sys
21:30:50:991 4176 TDL3_FileDetect: C:\Windows\system32\drivers\nvstor32.sys - Verdict: Clean
21:30:50:991 4176 UtilityBootReinit: Reboot required for cure complete..
21:30:50:991 4176 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000
21:30:50:992 4176 UtilityBootReinit: KLMD drop success
21:30:50:993 4176 KLMD_ApplyPendList: Pending buffer(322A_756E, 1360) dropped successfully
21:30:50:993 4176 UtilityBootReinit: Cure on reboot scheduled successfully
21:30:50:993 4176
21:30:50:994 4176 Completed
21:30:50:995 4176
21:30:50:996 4176 Results:
21:30:50:997 4176 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:30:50:998 4176 Registry objects infected / cured / cured on reboot: 5 / 0 / 5
21:30:50:999 4176 File objects infected / cured / cured on reboot: 5 / 0 / 5
21:30:51:000 4176
21:30:51:024 4176 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
21:30:51:024 4176 UtilityDeinit: KLMD(ARK) unloaded successfully


ComboFix 10-01-16.02 - Jillian 16/01/2010 21:38:09.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2815.1468 [GMT -6:00]
Running from: c:\users\Jillian\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\krl32mainweq.dll
c:\windows\system32\SIntf16.dll
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-13 09:25 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 09:25 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-07 08:42 . 2010-01-07 08:42 10752 ----a-w- c:\windows\DCEBoot.exe
2010-01-07 08:33 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-06 21:07 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-06 20:13 . 2010-01-06 20:13 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-06 20:13 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-06 20:13 . 2010-01-06 20:15 -------- d-----w- c:\programdata\Lavasoft
2010-01-06 20:13 . 2010-01-06 20:13 -------- d-----w- c:\program files\Lavasoft
2010-01-06 20:02 . 2010-01-06 20:02 -------- d-----w- c:\programdata\McAfee Security Scan
2010-01-06 20:02 . 2010-01-06 20:02 -------- d-----w- c:\program files\McAfee Security Scan
2009-12-30 19:07 . 2009-12-30 19:08 -------- d-----w- c:\windows\system32\ca-ES
2009-12-30 19:07 . 2009-12-30 19:08 -------- d-----w- c:\windows\system32\eu-ES
2009-12-30 19:07 . 2009-12-30 19:08 -------- d-----w- c:\windows\system32\vi-VN
2009-12-30 19:05 . 2008-03-18 15:31 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2009-12-30 18:35 . 2009-12-30 18:35 -------- d-----w- c:\windows\system32\EventProviders
2009-12-22 14:26 . 2009-12-22 14:25 4043544 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2009-12-22 14:26 . 2009-12-22 14:25 3966744 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-12-22 14:26 . 2009-12-18 15:19 294656 ----a-w- c:\programdata\avg9\update\backup\avglngx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 03:34 . 2009-05-22 18:23 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-01-17 03:32 . 2009-07-10 07:59 -------- d-----w- c:\users\Jillian\AppData\Roaming\WTablet
2010-01-17 03:32 . 2008-03-16 19:20 -------- d-----w- c:\programdata\NVIDIA
2010-01-17 03:32 . 2009-07-18 03:20 64861 ----a-w- c:\programdata\nvModes.dat
2010-01-10 12:58 . 2009-02-25 04:51 1 ----a-w- c:\users\Jillian\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-09 00:07 . 2009-09-30 06:28 -------- d-----w- c:\users\Jillian\AppData\Roaming\vlc
2010-01-07 19:35 . 2010-01-06 20:15 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-07 08:26 . 2009-03-07 04:32 -------- d-----w- c:\users\Jillian\AppData\Roaming\uTorrent
2010-01-06 20:15 . 2010-01-06 20:15 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-06 20:15 . 2010-01-06 20:15 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-06 20:15 . 2010-01-06 20:15 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-06 20:15 . 2010-01-06 20:15 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-06 20:15 . 2010-01-06 20:15 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-06 20:15 . 2010-01-06 20:15 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-06 20:15 . 2010-01-06 20:15 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-06 20:15 . 2010-01-06 20:15 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-06 20:15 . 2010-01-06 20:15 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-06 20:15 . 2010-01-06 20:15 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-06 20:15 . 2010-01-06 20:15 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-06 20:15 . 2010-01-06 20:15 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-06 20:09 . 2008-03-16 20:02 -------- d-----w- c:\program files\Yahoo!
2010-01-06 20:08 . 2009-05-03 03:20 -------- d-----w- c:\programdata\River Past G5
2010-01-06 20:08 . 2009-05-03 03:20 -------- d-----w- c:\program files\Common Files\River Past
2010-01-06 20:08 . 2009-05-03 03:20 -------- d-----w- c:\program files\River Past
2010-01-06 20:03 . 2008-03-16 20:04 -------- d-----w- c:\programdata\McAfee
2010-01-06 19:50 . 2009-02-18 01:55 -------- d-----w- c:\program files\Java
2009-12-30 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-30 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-30 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-30 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-30 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-30 19:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-30 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-30 19:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-18 03:59 . 2009-02-19 04:24 -------- d-----w- c:\users\Jillian\AppData\Roaming\Winamp
2009-12-16 19:39 . 2009-02-19 04:24 -------- d-----w- c:\program files\Winamp
2009-12-14 15:51 . 2008-03-16 19:28 -------- d-----w- c:\programdata\Microsoft Help
2009-12-02 13:19 . 2010-01-06 20:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-21 22:04 . 2009-09-10 00:29 -------- d-----w- c:\users\Jillian\AppData\Roaming\FrostWire
2009-11-21 22:02 . 2009-11-21 22:02 0 ----a-w- c:\users\Jillian\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-11-21 06:40 . 2009-12-14 14:26 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-14 14:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-14 14:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-14 14:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-16 04:16 . 2009-05-12 08:08 26 ----a-w- c:\windows\popcinfo.dat
2009-11-12 23:47 . 2009-02-18 01:43 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-12 23:47 . 2009-02-18 01:43 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-12 23:47 . 2009-02-18 01:43 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-12 23:47 . 2009-02-18 01:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-09 12:31 . 2009-12-14 15:51 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-14 15:51 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-14 15:51 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-05 22:54 . 2009-02-18 00:49 75848 ----a-w- c:\users\Jillian\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-03 02:42 . 2009-10-02 16:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 07:25 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-07 203296]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\users\Jillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:92,8b,4b,70,84,89,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [06/01/2010 2:15 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [17/02/2009 7:43 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [17/02/2009 7:43 PM 360584]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [16/03/2008 1:47 PM 269448]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/11/2009 5:47 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/11/2009 5:47 PM 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02/12/2009 7:19 AM 1181328]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 5:33 AM 232960]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [10/07/2009 1:57 AM 2789160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [17/02/2009 6:21 PM 42528]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [10/07/2009 1:57 AM 15656]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.ca.acer.yahoo.com
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Jillian\AppData\Roaming\Mozilla\Firefox\Profiles\8ts6w8m4.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-Apanel - c:\acersw\config\SetApanel.cmd
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 21:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-01-16 21:46:39
ComboFix-quarantined-files.txt 2010-01-17 03:46

Pre-Run: 69,167,853,568 bytes free
Post-Run: 70,852,513,792 bytes free

- - End Of File - - 02C56B3FAB46D277F92631B94334C308

Attached Files



#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:15 AM

Posted 17 January 2010 - 12:39 AM

Hi Samateus,



Please remove the outdated java version ( Java™ 6 Update 7) via programs and features. After that, please clean the java cache as instructed in this thread .

The culprit is gone. We need to scan the remnants with Kas Online Scanner. It will take some time to run the full course. Please be patient and do the following:

Step1

Please download Malwarebytes' Anti-Malware from Here or Here
  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select "Perform Quick Scan", then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  10. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  11. You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Step2

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step3

Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  1. Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  2. Click Accept button on the "Requirements and limitations".
  3. When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  4. It will be Downloading and installing the program and Updating the database.
  5. When Updating the database have finished, click on Settings.
  6. Make sure all boxes are checked. then click on the Save button.
  7. Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  8. Once the scan is completed, Click on View Scan Report.
  9. You may see a list of infected items over there. Click on Save Report As.
  10. Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  11. Please post the contents in your next reply.
  12. You can refer to this animation
Note for Internet Explorer 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.


1.MBAM log
2.Kas Online Scan Report

Tell me if you have any remaining issues on your pc.

Edited by sundavis, 17 January 2010 - 12:42 AM.


#7 Samateus

Samateus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 17 January 2010 - 07:42 PM

Looks like Kas has found something, but now my firefox is not showing webpage formatting (like here on BleepingComputer) nor is a great deal responding properly on facebook...


Malwarebytes' Anti-Malware 1.44
Database version: 3581
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

17/01/2010 12:41:21 AM
mbam-log-2010-01-17 (00-41-21).txt

Scan type: Quick Scan
Objects scanned: 102925
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, January 17, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 17, 2010 12:03:11
Records in database: 3323813
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Objects scanned: 190468
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:30:06


File name / Threat / Threats count
J:\My Stuff\artstuffage\Hellsing pictures\unamed manga\Dai-Doujin Monogatari--Kouta Hirano (1998).zip Infected: Exploit.HTML.CodeBaseExec 1

Selected area has been scanned.

Edited by Samateus, 17 January 2010 - 07:58 PM.


#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:15 AM

Posted 17 January 2010 - 08:41 PM

Hi Samateus,


Please navigate to the following filepath and delete the bolded infected folder.

J:\My Stuff\artstuffage\Hellsing pictures\unamed manga\Dai-Doujin Monogatari--Kouta Hirano (1998).zip

QUOTE
but now my firefox is not showing webpage formatting

It is likely your browsers were modified by the malware. Let's do some maintenance and hope to get those back to working order.

Step1

Open IE, select Tools > Internet Options. Select the Connections tab.
  1. If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
  2. In the "Proxy Server" area, uncheck the check mark next to Use a proxy server for ....
  3. Click OK.
  4. Click Advanced tab and click on Reset button
  5. In the Reset Internet Explorer Settings dialog box, click Reset to confirm.

Step2

1. Click the Microsoft Vista Start logo in the bottom left corner of the screen
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator
6. In the command window type the following and then hit enter:
    ipconfig /flushdns
7. You will see the following confirmation:

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

After that, you may proceed to check disk as instructed in this thread .

Step3

After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.

Since your Firefox can't work properly, you're well advised to uninstall FF completely and do a clean reinstall. You may backup Bookmark before proceeding. Please go to Here and Here .

Let me know if you still need assistance or you need the final instruction since we have done here. thumbup2.gif

#9 Samateus

Samateus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 17 January 2010 - 09:24 PM

Looks like all is in order now! Thank you SO much sundavis, and hopefully I will not have to bother you or those here on bleepingcomputer for a long time (or ever) Thank you again!!

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:15 AM

Posted 17 January 2010 - 09:48 PM

Hi Samateus,



QUOTE
Looks like all is in order now!

That sounds good. thumbup2.gif Now, your system appears clean. thumbup.gif If you have no remaining concerns on your pc, let's do some tidy up and we can send you on your way.


Step1

Click START then RUN
Now copy/paste ComboFix /Uninstall in the runbox and click OK.
Note the space between the X and the /Uninstall, it needs to be there.



This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step2

Download OTC by OldTimer and save it to your desktop.
  1. Double click OTC and let it run
  2. Then Click the Cleanup button.
  3. You will get a prompt saying "Being Cleanup Process". Please select Yes.
  4. Restart your computer when prompted.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  2. Update all these programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  3. Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!


#11 Samateus

Samateus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 17 January 2010 - 11:01 PM

Again, thank you SO much, and I'll be certain to check up on malware and different software issues in my system. Thank you for your assistance, and support!

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:15 AM

Posted 18 January 2010 - 10:58 AM

Since this issue appears resolved ... this Topic is closed.

Glad we could help.

Everyone else please begin a New Topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users