Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sinowal.gcv removal


  • This topic is locked This topic is locked
9 replies to this topic

#1 PixelHalo

PixelHalo

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 22 January 2010 - 11:38 AM

Hi everyone. This is my first post. I have Kaspersky antivirus, which has detected the Trojan: Sinowal.gcv on my computer. It disinfects the virus, but then it immediately re-appears. I ran Combifix, which didn't solve anything, and I have attached the log file it created. Is there anyone who could help me get rid of this damn thing?! Thanks.Attached File  log.txt_latest_combifix.txt   21.92KB   23 downloads

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:01 AM

Posted 29 January 2010 - 11:06 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 PixelHalo

PixelHalo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 29 January 2010 - 02:03 PM

Hi. I downloaded the latest version of Kaspersky, which unlike the version 6 that I had, doesn't prompt you for action but just immediately removes what it finds automatically. So, it seems to have deleted it, but I have ran the DDS scan and include the results just in case I'm being over optimistic...
Attached File  DDS.txt   11.99KB   11 downloads
Attached File  Attach.txt   15.7KB   14 downloads
I hope I've replied to this correctly, and I apologise if I haven't...

Attached Files

  • Attached File  DDS.txt   11.99KB   2 downloads


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:01 AM

Posted 30 January 2010 - 05:01 AM

Hi PixelHalo,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  1. Go to start > Run copy/paste the following line in the run box and click OK.

    cmd /c dir /a "c:\Documents and Settings" > log.txt&start log.txt

    A text file (log.txt) will be open. Please post its content to your reply.

  2. Delete your copy of Combofix from your desktop and download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.

    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#5 PixelHalo

PixelHalo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 30 January 2010 - 07:35 AM

Hi Farbar, and many thanks for your help. I hope I have followed your instructions correctly. here is the log text:

Volume in drive C has no label.
Volume Serial Number is C8E0-DFFF

Directory of c:\Documents and Settings

18/01/2010 03:21 PM <DIR> .
18/01/2010 03:21 PM <DIR> ..
22/01/2010 03:42 PM <DIR> Administrator
20/06/2008 02:06 PM <DIR> All Users
02/04/2008 05:39 PM <DIR> Default User
22/01/2010 04:14 PM <DIR> LocalService
30/01/2010 11:56 AM <DIR> Mick Lynch
22/01/2010 04:17 PM <DIR> NetworkService
0 File(s) 0 bytes
8 Dir(s) 20,480,688,128 bytes free

Here is the Combofix report:

ComboFix 10-01-29.08 - Mick Lynch 30/01/2010 12:04:58.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3007.2427 [GMT 0:00]
Running from: c:\documents and settings\Mick Lynch\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-25 17:53 . 2010-01-25 17:53 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-22 19:00 . 2010-01-22 19:00 -------- d-----w- c:\program files\WOT
2010-01-22 18:08 . 2010-01-22 18:08 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-22 18:08 . 2010-01-22 18:08 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-22 18:08 . 2010-01-22 18:08 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-22 18:08 . 2010-01-22 18:08 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-22 18:08 . 2010-01-22 18:08 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-22 18:05 . 2010-01-22 18:05 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-22 18:05 . 2010-01-22 18:05 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-22 17:58 . 2010-01-22 17:58 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-22 17:58 . 2010-01-22 17:58 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-22 15:42 . 2010-01-22 15:42 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-22 15:39 . 2010-01-22 15:39 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-22 14:04 . 2010-01-22 14:04 -------- d-----w- c:\windows\ERUNT
2010-01-22 14:00 . 2010-01-22 15:30 -------- d-----w- C:\SDFix
2010-01-22 13:38 . 2010-01-22 15:30 -------- d-----w- c:\program files\a-squared Free
2010-01-21 11:38 . 2010-01-22 15:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-20 21:23 . 2010-01-22 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-20 21:23 . 2010-01-22 15:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-20 14:30 . 2010-01-20 14:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-01-18 15:22 . 2010-01-18 15:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-18 12:13 . 2010-01-18 12:13 -------- d-----w- C:\77aa7aeb2ed19737e3f880a747ab099f
2010-01-14 14:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-03 14:10 . 2010-01-18 16:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-03 14:10 . 2010-01-18 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-01 20:04 . 2010-01-14 11:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 16:07 . 2009-12-31 16:07 -------- d-----w- c:\documents and settings\Mick Lynch\Local Settings\Application Data\Threat Expert
2009-12-31 15:06 . 2009-12-31 15:08 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 12:22 . 2008-04-03 13:14 -------- d-----w- c:\documents and settings\Mick Lynch\Application Data\MailWasherPro
2010-01-30 12:22 . 2008-04-11 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-30 12:20 . 2008-06-16 09:37 12398 ----a-w- c:\windows\system32\tablet.dat
2010-01-27 11:38 . 2009-01-02 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-25 17:53 . 2009-03-24 13:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 17:40 . 2009-05-18 12:48 -------- d-----w- c:\program files\FLIP Flash Album Deluxe
2010-01-23 14:09 . 2008-04-02 18:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 14:09 . 2008-04-10 17:54 -------- d-----w- c:\program files\NETGEAR
2010-01-22 17:56 . 2008-04-11 15:53 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-22 15:57 . 2009-03-24 14:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-07 16:07 . 2009-03-24 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-03-24 13:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 22:22 . 2008-04-10 17:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-01 17:01 . 2009-04-08 09:18 -------- d-----w- c:\program files\ThreatFire
2009-12-31 15:58 . 2009-04-08 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-31 14:16 . 2009-05-18 12:43 -------- d-----w- c:\program files\All-into-One Flash Mixer
2009-12-29 15:43 . 2009-12-29 15:43 -------- d-----w- c:\program files\Alwil Software
2009-12-29 12:48 . 2009-05-07 14:46 -------- d-----w- c:\documents and settings\Mick Lynch\Application Data\SoundSpectrum
2009-12-29 12:48 . 2009-05-07 14:44 -------- d-----w- c:\program files\SoundSpectrum
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 13:06 . 2009-11-14 13:06 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-04-16 16:10 . 2007-07-15 15:30 15196 ----a-w- c:\program files\moviemk.PNF
2009-04-16 16:10 . 2004-08-03 21:23 7379 ----a-w- c:\program files\moviemk.inf
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-03 17:37 . 2009-09-03 17:37 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-09-03 17:58 . 2009-09-03 17:58 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZPLED"="c:\program files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [2006-02-21 347648]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"DeltTray"="DeltTray.exe" [2004-08-26 56320]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Mick Lynch\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2008-10-19 18120904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-10-8 135680]
Slim Multimedia Keyboard.lnk - c:\program files\Slim Multimedia Keyboard\MagicKey.exe [2008-12-5 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=usbmn2x2.dll
"midi5"=usbmn2x2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk]
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 12:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 04:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-12 20:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2009-09-13 18:52 1048392 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2006-03-17 17:36 69632 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-07-14 12:34 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-07-08 23:03 1657376 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NewSoft\\Presto! VideoWorks 6\\VWorks6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DC Software\\DL10XP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [17/03/2009 15:46 18432]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [05/12/2008 20:17 11886]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [15/10/2007 15:32 237784]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [15/07/2009 13:26 4096]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [10/04/2008 17:54 17149]
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [28/03/2009 14:22 14272]
S3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys [28/03/2009 14:22 22304]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [10/04/2008 17:54 362944]
.
Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-01-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 17:36]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.05\AMVConverter\grab.html
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.05\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
FF - ProfilePath - c:\documents and settings\Mick Lynch\Application Data\Mozilla\Firefox\Profiles\jyuod1yu.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.co.uk
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 12:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-1123561945-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1085031214-1123561945-725345543-1004\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1085031214-1123561945-725345543-1004)
@Allowed: (Read) (S-1-5-21-1085031214-1123561945-725345543-1004)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\tabhook.dll

- - - - - - - > 'explorer.exe'(2980)
c:\windows\system32\WININET.dll
c:\windows\system32\tabhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\Tablet.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\DeltTray.exe
c:\program files\Slim Multimedia Keyboard\OSD.EXE
.
**************************************************************************
.
Completion time: 2010-01-30 12:27:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-30 12:27
ComboFix2.txt 2010-01-22 16:08

Pre-Run: 20,499,947,520 bytes free
Post-Run: 20,408,045,568 bytes free

- - End Of File - - 42ACE5D8B555FDB0C679A8AB3D67E31B

Thank you again.....

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:01 AM

Posted 30 January 2010 - 08:11 AM

Well done. thumbup2.gif

The rootkit is indeed removed effectively. There is a remaining firewall open gate from the infection.
  1. I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove Microsoft Security Essentials.

  2. Close any open browsers.

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    CODE
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"=-
    Skipfix::


    Save this as CFScript.txt, in the same location as ComboFix.exe




    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  3. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
    • Click the Download button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.


#7 PixelHalo

PixelHalo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 30 January 2010 - 09:26 AM

Hi again and many thanks for all your help. Here is the latest Combofix log:

ComboFix 10-01-29.08 - Mick Lynch 30/01/2010 14:09:34.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3007.2526 [GMT 0:00]
Running from: c:\documents and settings\Mick Lynch\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mick Lynch\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-25 17:53 . 2010-01-25 17:53 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-22 19:00 . 2010-01-22 19:00 -------- d-----w- c:\program files\WOT
2010-01-22 18:08 . 2010-01-22 18:08 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-22 18:08 . 2010-01-22 18:08 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-22 18:08 . 2010-01-22 18:08 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-22 18:08 . 2010-01-22 18:08 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-22 18:08 . 2010-01-22 18:08 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-22 18:05 . 2010-01-22 18:05 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-22 18:05 . 2010-01-22 18:05 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-22 17:58 . 2010-01-22 17:58 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-22 17:58 . 2010-01-22 17:58 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-22 15:42 . 2010-01-22 15:42 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-22 15:39 . 2010-01-22 15:39 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-22 14:04 . 2010-01-22 14:04 -------- d-----w- c:\windows\ERUNT
2010-01-22 14:00 . 2010-01-22 15:30 -------- d-----w- C:\SDFix
2010-01-22 13:38 . 2010-01-22 15:30 -------- d-----w- c:\program files\a-squared Free
2010-01-21 11:38 . 2010-01-22 15:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-20 21:23 . 2010-01-22 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-20 21:23 . 2010-01-22 15:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-20 14:30 . 2010-01-20 14:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-01-18 15:22 . 2010-01-18 15:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-18 12:13 . 2010-01-18 12:13 -------- d-----w- C:\77aa7aeb2ed19737e3f880a747ab099f
2010-01-14 14:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-03 14:10 . 2010-01-18 16:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-03 14:10 . 2010-01-18 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-01 20:04 . 2010-01-14 11:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 16:07 . 2009-12-31 16:07 -------- d-----w- c:\documents and settings\Mick Lynch\Local Settings\Application Data\Threat Expert
2009-12-31 15:06 . 2009-12-31 15:08 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 12:22 . 2008-04-03 13:14 -------- d-----w- c:\documents and settings\Mick Lynch\Application Data\MailWasherPro
2010-01-30 12:22 . 2008-04-11 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-30 12:20 . 2008-06-16 09:37 12398 ----a-w- c:\windows\system32\tablet.dat
2010-01-27 11:38 . 2009-01-02 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-25 17:53 . 2009-03-24 13:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 17:40 . 2009-05-18 12:48 -------- d-----w- c:\program files\FLIP Flash Album Deluxe
2010-01-23 14:09 . 2008-04-02 18:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 14:09 . 2008-04-10 17:54 -------- d-----w- c:\program files\NETGEAR
2010-01-22 17:56 . 2008-04-11 15:53 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-22 15:57 . 2009-03-24 14:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-07 16:07 . 2009-03-24 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-03-24 13:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 22:22 . 2008-04-10 17:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-01 17:01 . 2009-04-08 09:18 -------- d-----w- c:\program files\ThreatFire
2009-12-31 15:58 . 2009-04-08 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-31 14:16 . 2009-05-18 12:43 -------- d-----w- c:\program files\All-into-One Flash Mixer
2009-12-29 15:43 . 2009-12-29 15:43 -------- d-----w- c:\program files\Alwil Software
2009-12-29 12:48 . 2009-05-07 14:46 -------- d-----w- c:\documents and settings\Mick Lynch\Application Data\SoundSpectrum
2009-12-29 12:48 . 2009-05-07 14:44 -------- d-----w- c:\program files\SoundSpectrum
2009-12-21 19:14 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 13:06 . 2009-11-14 13:06 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-04-16 16:10 . 2007-07-15 15:30 15196 ----a-w- c:\program files\moviemk.PNF
2009-04-16 16:10 . 2004-08-03 21:23 7379 ----a-w- c:\program files\moviemk.inf
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-03 17:37 . 2009-09-03 17:37 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-09-03 17:58 . 2009-09-03 17:58 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-18_13.02.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2010-01-18 17:50 88140 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-12-31 14:36 88140 c:\windows\system32\perfc009.dat
- 2007-08-13 17:54 . 2009-10-29 07:45 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:54 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2009-10-29 07:45 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
- 2004-08-04 12:00 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll
+ 2009-09-09 18:01 . 2009-09-09 18:01 27675 c:\windows\system32\drivers\klopp.dat
+ 2009-10-02 18:39 . 2009-10-02 18:39 19472 c:\windows\system32\drivers\klmouflt.sys
+ 2009-09-14 13:42 . 2009-09-14 13:42 32272 c:\windows\system32\drivers\klim5.sys
+ 2009-10-14 20:18 . 2009-10-14 20:18 36880 c:\windows\system32\drivers\klbg.sys
- 2009-08-27 18:21 . 2009-10-29 07:45 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-08-27 18:21 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
- 2008-04-11 16:46 . 2009-10-29 07:45 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-11 16:46 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2009-10-29 07:45 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2008-04-02 17:45 . 2010-01-18 17:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-02 17:45 . 2010-01-18 12:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-10 17:40 . 2010-01-18 13:44 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-10 17:40 . 2009-12-31 14:32 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-10 17:40 . 2010-01-18 13:44 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-10 17:40 . 2009-12-31 14:32 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-10 17:40 . 2009-12-31 14:32 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-10 17:40 . 2010-01-18 13:44 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-10 17:40 . 2010-01-18 13:44 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-10 17:40 . 2009-12-31 14:32 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-10 17:40 . 2010-01-18 13:44 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-04-10 17:40 . 2009-12-31 14:32 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-04-10 17:40 . 2009-12-31 14:32 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-10 17:40 . 2010-01-18 13:44 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-01-22 23:17 . 2009-10-29 07:45 12800 c:\windows\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-01-22 23:17 . 2009-10-29 07:45 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-01-22 23:17 . 2009-10-29 07:45 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll
+ 2010-01-18 13:44 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll
+ 2010-01-18 13:44 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB955759\spmsg.dll
- 2008-04-10 17:40 . 2009-12-31 14:32 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-10 17:40 . 2010-01-18 13:44 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-08-04 12:00 . 2009-10-29 07:45 916480 c:\windows\system32\wininet(5).dll
+ 2004-08-04 12:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
- 2004-08-04 12:00 . 2009-06-16 14:36 119808 c:\windows\system32\t2embed.dll
- 2004-08-04 12:00 . 2009-12-31 14:36 500632 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-01-18 17:50 500632 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-10-29 07:45 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
- 2007-08-13 17:54 . 2009-10-29 07:45 594432 c:\windows\system32\msfeeds.dll
+ 2007-08-13 17:54 . 2009-12-21 19:14 594432 c:\windows\system32\msfeeds.dll
+ 2009-11-03 00:24 . 2009-11-03 00:24 257440 c:\windows\system32\Macromed\Flash\FlashUtil10d.exe
+ 2009-10-20 19:34 . 2009-10-20 19:34 219664 c:\windows\system32\klogon.dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2009-10-29 07:45 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2009-10-29 07:45 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe
+ 2010-01-22 17:36 . 2010-01-22 17:55 315408 c:\windows\system32\drivers\klif.sys
+ 2009-09-01 14:29 . 2009-09-01 14:29 128016 c:\windows\system32\drivers\kl1.sys
- 2004-08-04 12:00 . 2009-10-29 07:45 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
- 2004-08-04 12:00 . 2009-10-29 07:45 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
- 2008-04-11 16:46 . 2009-10-29 07:45 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-04-11 16:46 . 2009-12-21 19:14 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-08-27 18:21 . 2009-10-29 07:45 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-08-27 18:21 . 2009-12-21 19:14 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2004-08-04 12:00 . 2009-10-29 07:45 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2009-10-29 07:45 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2009-10-28 14:40 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-01-22 19:00 . 2010-01-22 19:00 281088 c:\windows\Installer\444399.msi
+ 2008-04-10 17:40 . 2010-01-18 13:44 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-04-10 17:40 . 2009-12-31 14:32 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-10 17:40 . 2010-01-18 13:44 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-10 17:40 . 2009-12-31 14:32 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-10 17:40 . 2009-12-31 14:32 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-10 17:40 . 2010-01-18 13:44 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-10 17:40 . 2009-12-31 14:32 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-10 17:40 . 2010-01-18 13:44 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-10 17:40 . 2009-12-31 14:32 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-10 17:40 . 2010-01-18 13:44 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-10 17:40 . 2010-01-18 13:44 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-04-10 17:40 . 2009-12-31 14:32 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-01-22 23:17 . 2009-10-29 07:45 916480 c:\windows\ie8updates\KB978207-IE8\wininet.dll
+ 2010-01-22 23:17 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-01-22 23:17 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-01-22 23:17 . 2009-10-29 07:45 206848 c:\windows\ie8updates\KB978207-IE8\occache.dll
+ 2010-01-22 23:17 . 2009-10-29 07:45 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-01-22 23:17 . 2009-10-29 07:45 246272 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-01-22 23:17 . 2009-10-29 07:45 184320 c:\windows\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-01-22 23:17 . 2009-10-29 07:45 387584 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-01-22 23:17 . 2009-10-28 14:40 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2010-01-22 14:04 . 2010-01-22 14:04 442368 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2010-01-22 14:04 . 2010-01-22 14:04 442368 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2010-01-18 13:44 . 2009-05-26 17:10 382840 c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2010-01-18 13:44 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2010-01-18 13:44 . 2008-04-14 00:11 451072 c:\windows\$NtUninstallKB955759$\aclayers.dll
+ 2010-01-18 13:44 . 2009-05-26 17:10 382840 c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2010-01-18 13:44 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-01-18 13:44 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-01-14 14:09 . 2009-11-21 15:40 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 1208832 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2009-10-29 07:45 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 1208832 c:\windows\system32\urlmon(5).dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 5942784 c:\windows\system32\mshtml.dll
- 2007-08-13 17:34 . 2009-10-29 07:45 1985536 c:\windows\system32\iertutil.dll
+ 2007-08-13 17:34 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll
- 2004-08-04 12:00 . 2009-10-29 07:45 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2009-12-21 19:14 5942784 c:\windows\system32\dllcache\mshtml.dll
- 2008-04-11 16:46 . 2009-10-29 07:45 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2008-04-11 16:46 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-01-22 17:59 . 2010-01-22 17:59 3426304 c:\windows\Installer\8b36d.msi
+ 2009-12-11 10:29 . 2009-12-11 10:29 5521408 c:\windows\Installer\7dd12.msp
+ 2010-01-22 23:17 . 2009-10-29 07:45 1208832 c:\windows\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-01-22 23:17 . 2009-10-29 07:45 5940736 c:\windows\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-01-22 23:17 . 2009-10-29 07:45 1985536 c:\windows\ie8updates\KB978207-IE8\iertutil.dll
+ 2010-01-22 14:04 . 2010-01-22 14:04 8171520 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2010-01-22 14:04 . 2010-01-22 14:04 8171520 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-04-17 14:55 . 2010-01-22 15:42 25951748 c:\windows\system32\Restore\rstrlog.dat
+ 2007-08-13 17:54 . 2009-12-21 19:14 11070464 c:\windows\system32\ieframe.dll
+ 2008-04-11 16:46 . 2009-12-21 19:14 11070464 c:\windows\system32\dllcache\ieframe.dll
+ 2010-01-22 23:17 . 2009-10-29 07:45 11069952 c:\windows\ie8updates\KB978207-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZPLED"="c:\program files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [2006-02-21 347648]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"DeltTray"="DeltTray.exe" [2004-08-26 56320]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Mick Lynch\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2008-10-19 18120904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-10-8 135680]
Slim Multimedia Keyboard.lnk - c:\program files\Slim Multimedia Keyboard\MagicKey.exe [2008-12-5 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=usbmn2x2.dll
"midi5"=usbmn2x2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk]
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 12:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 04:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-12 20:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2009-09-13 18:52 1048392 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2006-03-17 17:36 69632 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-07-14 12:34 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-07-08 23:03 1657376 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NewSoft\\Presto! VideoWorks 6\\VWorks6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DC Software\\DL10XP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [17/03/2009 15:46 18432]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [05/12/2008 20:17 11886]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [15/10/2007 15:32 237784]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [15/07/2009 13:26 4096]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [10/04/2008 17:54 17149]
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [28/03/2009 14:22 14272]
S3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys [28/03/2009 14:22 22304]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [10/04/2008 17:54 362944]
.
Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-01-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 17:36]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.05\AMVConverter\grab.html
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.05\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
FF - ProfilePath - c:\documents and settings\Mick Lynch\Application Data\Mozilla\Firefox\Profiles\jyuod1yu.default\
FF - prefs.js: browser.search.selectedEngine - eBay.co.uk
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 14:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-1123561945-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1085031214-1123561945-725345543-1004\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1085031214-1123561945-725345543-1004)
@Allowed: (Read) (S-1-5-21-1085031214-1123561945-725345543-1004)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\tabhook.dll

- - - - - - - > 'explorer.exe'(2676)
c:\windows\system32\WININET.dll
c:\windows\system32\tabhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-30 14:14:46
ComboFix-quarantined-files.txt 2010-01-30 14:14
ComboFix2.txt 2010-01-30 12:27
ComboFix3.txt 2010-01-22 16:08

Pre-Run: 20,409,950,208 bytes free
Post-Run: 20,395,106,304 bytes free

- - End Of File - - 9C491CE0DCAD1A254723F7894D7321CE

I have tried deleting Microsoft Security Essentials via the Control Panel, but when I click 'Remove' I get the following message: 'The Microsoft Security Essentials Installation Wizard can't find files that are necessary to complete the installation. To install this program please download the installation again'. If I try to download it again (in the hope of then trying to remove it), I get a message telling me that it is already installed on my computer! Is there any other way of deleting it? Thanks...

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:01 AM

Posted 30 January 2010 - 09:43 AM

The log looks good. thumbup2.gif
  1. Download the trial version of Your Uninstaller! (Free Fix)
      Install it and run it.
      Under Modules select Uninstaller.
      Highlight Microsoft Security Essentials and press Uninstall.
      It might give you an error, proceed anyway and it eventually removes the software.
      Let it remove all the files and folders and anything it founds.

  2. It is important to uninstall ComboFix.

    Go to Start => Run => copy and paste next command in the field then hit enter:

    ComboFix /Uninstall

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.


Happy Surfing.

#9 PixelHalo

PixelHalo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 30 January 2010 - 10:20 AM

Hi. All done! Your help was absolutely invaluable, and it really is appreciated. Do I need to do anything about the peer to peer issue you mentioned?
Best wishes.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:01 AM

Posted 30 January 2010 - 10:46 AM

You are most welcome PixelHalo. smile.gif

The p2p software could be uninstalled if you can't find a way to use it safe. Most people get infected while using it to download stuff.

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users