Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virtumonde ( i don't think it's gone) I get "DEP" popups closing windows explorer


  • Please log in to reply
13 replies to this topic

#1 cali_rockr

cali_rockr

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 02 December 2010 - 12:16 PM

For the past few weeks I have been having issues with my computer. For example, I get DEP popups saying for your computers protections Data Execution prevention has closed the following program - Windows Explorer. It will sometimes say Internet Explorer (which i never use, I love using Firefox or chrome. I got Prevx a few months back it seemed to work well fixed a few issues way back when, but now it seems to not find stuff, I see when it scans at the bottom it still shows virtumonde which I thought I got removed with Seek and Destroy a week or so ago. I've ran Prevx, Seek and Destroy, MalwareBytes Anti-malware and even housecall.trendmicro.com, currently they don't find anything save for a single "doubleclick" thing in the malware search. I'm at a loss. Can anyone help? or am I being silly thinking DEP shouldn't be popping up If I'm not on anything?
Thanks for any help or insight!!!! ~~Savvy



DDS (Ver_10-11-27.01) - NTFSx86
Run by Savvy at 1:44:11.56 on Thu 12/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\savvy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Callcentric]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\documents and settings\savvy\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: nezegegig - {2f5feb00-1825-47d3-82b4-b1606e2f46db} - c:\windows\system32\hihatofo.dll
STS: mujuzedij: {2f5feb00-1825-47d3-82b4-b1606e2f46db} - c:\windows\system32\hihatofo.dll
LSA: Notification Packages = scecli pinugevu.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\savvy\applic~1\mozilla\firefox\profiles\0ip4sf0m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\savvy\application data\mozilla\firefox\profiles\0ip4sf0m.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\savvy\application data\mozilla\firefox\profiles\0ip4sf0m.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\savvy\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\savvy\application data\mozilla\firefox\profiles\0ip4sf0m.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\savvy\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\savvy\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\savvy\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Ancestry.com Advanced Image Viewer: support@ancestry.com - c:\docume~1\savvy\applic~1\mozilla\firefox\profiles\0ip4sf0m.default\extensions\support@ancestry.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\savvy\applic~1\mozilla\firefox\profiles\0ip4sf0m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\docume~1\savvy\applic~1\mozilla\firefox\profiles\0ip4sf0m.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-12-02 08:58:30 -------- d-----w- C:\VundoFix Backups
2010-11-26 02:08:09 -------- d-----w- c:\documents and settings\savvy\Shared
2010-11-24 01:32:06 -------- d-----w- C:\ConverterOutput
2010-11-24 01:31:50 395776 ----a-w- c:\windows\system32\libmplayer.dll
2010-11-24 01:31:50 262144 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2010-11-24 01:31:50 2255360 ----a-w- c:\windows\system32\libavcodec.dll
2010-11-24 01:31:50 1761280 ----a-w- c:\windows\system32\ffdshow.ax
2010-11-24 01:31:50 172032 ----a-w- c:\windows\system32\ac3filter.ax
2010-11-24 01:31:50 112640 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2010-11-24 01:31:48 -------- d-----w- c:\program files\Cucusoft
2010-11-18 19:47:07 95600 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-17 01:43:50 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-11-06 21:52:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 21:52:30 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-03 18:36:23 -------- d-----w- c:\program files\Callcentric

==================== Find3M ====================

2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 19:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 19:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-03 23:20:40 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-09-03 23:20:40 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-09-03 23:20:40 359016 ----a-w- c:\windows\vncutil.exe
2010-09-03 23:20:40 1833576 ----a-w- c:\windows\SkyTel.exe
2010-09-03 23:20:28 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-09-03 23:20:28 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-09-03 23:20:18 54888 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-09-03 23:20:06 19573352 ----a-w- c:\windows\RTHDCPL.EXE
2010-09-03 23:20:06 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-09-03 23:19:54 2180712 ----a-w- c:\windows\MicCal.exe
2010-09-03 23:19:44 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-09-03 23:19:44 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-09-03 23:19:44 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2006-05-03 10:06:54 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 -csh--r- c:\windows\system32\nbDX.dll

============= FINISH: 1:44:43.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:25 PM

Posted 09 December 2010 - 09:44 PM

Welcome to BC :)

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs.
  • Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • if an unknown bootcode is found you will have further options available to you, at this time press N the press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • In your next reply, please include the log from MBRChecker.
Thanks
Microsoft MVP Consumer Security--2007-2010

#3 cali_rockr

cali_rockr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 10 December 2010 - 02:33 AM

As per request MBR text file is attached.

Thanks in advance for ANY insight!!! Also, if I'm just being retarded and thinking I have a problem when it's been fixed or something just let me know! (no hard feelings I promise!)


Thanks again!

Savvy

Attached Files



#4 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:25 PM

Posted 10 December 2010 - 11:10 AM

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Microsoft MVP Consumer Security--2007-2010

#5 cali_rockr

cali_rockr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 10 December 2010 - 01:48 PM

Combo Fix attached - I assumed since it was so long you wanted it attached rather than pasted into the reply, if you'd rather it pasted i can do that just as well.


Thanks again!

Attached Files



#6 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:25 PM

Posted 10 December 2010 - 02:28 PM

Posted Image Please download Malwarebytes' Anti-Malware from Here.



Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
Microsoft MVP Consumer Security--2007-2010

#7 cali_rockr

cali_rockr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 10 December 2010 - 03:36 PM

Showed clean prior to these other steps as well, even though I still got that DEP problem.

MBAM log -

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5289

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/10/2010 12:27:04 PM
mbam-log-2010-12-10 (12-27-04).txt

Scan type: Quick scan
Objects scanned: 161125
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:25 PM

Posted 10 December 2010 - 08:11 PM

how is everything running now?
Microsoft MVP Consumer Security--2007-2010

#9 cali_rockr

cali_rockr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 11 December 2010 - 02:52 PM

I am still getting the DEP problem. I've gotten it two times today already. I have attached a screen shot of the DEP. This is where my primary issue lies. That is what led me to believe that the Virtumonde trojan I did have might not have totally been removed by my previous efforts. If this is a completely separate problem then that then I suppose I will need to open a separate topic.

Either which way I thank you much for your help!

Savvy

#10 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:25 PM

Posted 11 December 2010 - 08:16 PM

no screen shot
Microsoft MVP Consumer Security--2007-2010

#11 cali_rockr

cali_rockr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 12 December 2010 - 02:21 PM

Sorry about that! Here it is.

Attached Files

  • Attached File  DEP.JPG   19.26KB   1 downloads


#12 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:25 PM

Posted 12 December 2010 - 02:34 PM

Go to Start ---> Run ---> Type sfc /scannow and allow it to verify your system files. let me know if it finds any problems.
Microsoft MVP Consumer Security--2007-2010

#13 cali_rockr

cali_rockr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 12 December 2010 - 05:54 PM

So far a popup says

"Files that are required for windows to run properly must be copied to the DLL Cache.

Insert your Windows XP Home Edition Cd-Rom now.

Retry| More Info| Cancel"

Course now it seems I must locate that pesky disk. I have to go to work and will update later on thank you again!

Savvy

#14 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:25 PM

Posted 12 December 2010 - 10:33 PM

Okay let me know when you can find the disc and finish it up. Thanks
Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users