Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Av Prog Says: Infected File: Perfc000.dat -- Virus: Bkdr_small.ehs


  • Please log in to reply
17 replies to this topic

#1 rockdove

rockdove

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 10 June 2007 - 07:01 AM

I recently had a problem where my Google search results were compromised (at leaast the first few pages) with bogus websites. I had a virus but I thought I took care of it. Now I'm getting constant pop-up alerts from my anti-virus program (Trend-Micro Internet Security 2007) that my computer is infected with the BKDR_SMALL.EHS virus and the infected file is perfc000.dat, which was the same file that was affected last time. After doing a little research, I'm now scared that some hacker has been logging my keystrokes and has my personal info (credit cards, etc...). I'll do anything that needs to be done, including a reformat if need be. I appreciate any and all help that you can provide!

Here's my HJ log file:

Logfile of HijackThis v1.99.1
Scan saved at 7:55:38 AM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1166772870\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166902662150
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks again.

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:25 PM

Posted 10 June 2007 - 09:57 PM

Please run HijackThis, Scan
Check box for:

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)

O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

Select: Fix checked
(You may get an error message "Error #X invalid procedure call or argument......etc. Click OK and press on.)

~~~~
Please download ComboFix to the Desktop:
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

A log, combofix.txt is produced.

~~~~
Now, run HijackThis once again to obtain a new log.

~~~~
Please post the following:
The ComboFix.txt
A new HijackThis log

Old duck...


#3 rockdove

rockdove
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 11 June 2007 - 12:30 AM

When I click on the link for Combofix i get a "404 file not found" message...??

#4 rockdove

rockdove
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 11 June 2007 - 12:41 AM

OK I saw another link on another thread and that one worked...the only difference in the shortcut that I could see was that the "C" and the "F" were capitalized in "ComboFix.exe" in the working link. Perhaps it's case sensitive...I'll have the logs up in a minute. Thanks.

#5 rockdove

rockdove
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 11 June 2007 - 01:05 AM

Hello,

Here is the new HijackThis! log:

Logfile of HijackThis v1.99.1
Scan saved at 1:59:35 AM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166902662150
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

And the Combo Fix log:

ComboFix 07-06-11.3 - C:\Documents and Settings\Adam\Desktop\ComboFix.exe
"Adam" - 2007-06-11 1:41:33 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Adam\APPLIC~1.\macromedia\Flash Player\#SharedObjects\CMF7S4SZ\www.broadcaster.com
C:\DOCUME~1\Adam\APPLIC~1.\macromedia\Flash Player\#SharedObjects\CMF7S4SZ\www.broadcaster.com\played_list.sol
C:\DOCUME~1\Adam\APPLIC~1.\macromedia\Flash Player\#SharedObjects\CMF7S4SZ\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\Adam\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Adam\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\perfc000.dat


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))


2007-06-11 01:40 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-09 04:36 <DIR> d-------- C:\DOCUME~1\Adam\APPLIC~1\Help
2007-06-09 04:13 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-09 04:13 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-09 04:13 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-06-09 04:13 <DIR> d-------- C:\Program Files\Winamp
2007-06-09 03:42 6,221,304 --a------ C:\Program Files\winamp535_full_emusic-7plus.exe
2007-06-09 03:39 520,350 --a------ C:\Program Files\SAmp320.exe
2007-06-02 21:06 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-06-02 21:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-06-02 20:56 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-01 12:47 21,822,168 --a------ C:\Program Files\AdbeRdr80_en_US.exe
2007-05-30 11:59 13,699,437 --a------ C:\Program Files\any-video-converter-free.exe
2007-05-30 11:59 <DIR> d-------- C:\Program Files\Any Video Converter
2007-05-30 11:50 <DIR> d-------- C:\iSofterOutput
2007-05-30 11:47 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2007-05-30 11:47 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-05-30 11:47 16,512 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2007-05-30 11:47 <DIR> d-------- C:\Program Files\iSofter
2007-05-30 11:46 8,632,120 --a------ C:\Program Files\dvdripperplatinum.exe
2007-05-30 11:39 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-05-30 11:39 <DIR> d-------- C:\DVD_VOLUME
2007-05-30 11:38 899,414 --a------ C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
2007-05-30 03:16 <DIR> d-------- C:\Program Files\Hijack This
2007-05-30 02:50 <DIR> d-------- C:\DOCUME~1\Adam\APPLIC~1\Tenebril
2007-05-30 02:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
2007-05-30 02:47 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-05-30 02:47 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-05-30 02:43 12,350,224 --a------ C:\Program Files\spycatcher-express.exe
2007-05-30 02:39 532,480 --a------ C:\Program Files\cwshredder.exe
2007-05-30 02:00 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-30 01:43 <DIR> d-------- C:\DOCUME~1\Adam\APPLIC~1\Lavasoft
2007-05-30 01:42 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-30 01:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-30 01:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-30 01:05 5,037,072 --a------ C:\Program Files\spybotsd14.exe
2007-05-30 01:04 4,850,920 --a------ C:\Program Files\aawsepersonal.exe
2007-05-30 01:02 5,149,152 --a------ C:\Program Files\rminstall.exe
2007-05-29 20:01 75,088 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-05-29 20:01 32,528 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-05-29 20:01 288,848 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-05-29 20:01 199,440 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-05-29 20:01 111,888 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2007-05-29 20:01 1,052,472 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-05-29 20:01 <DIR> d-------- C:\Program Files\Trend Micro
2007-05-29 20:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-05-29 18:22 1 --a------ C:\WINDOWS\pvc11.dll
2007-05-29 17:08 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-05-24 21:20 <DIR> d-------- C:\WINDOWS\pss
2007-05-24 20:28 40,336 --a------ C:\WINDOWS\57x.exe
2007-05-24 19:16 <DIR> d-------- C:\WINDOWS\system32\ActiveScan


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-09 08:36:02 -------- d-----w C:\Program Files\America Online 9.0
2007-05-30 08:01:59 -------- d-----w C:\Program Files\BAE
2007-05-30 07:11:44 -------- d-----w C:\Program Files\GemMaster
2007-05-30 03:31:25 -------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-05-30 03:20:03 -------- d-----w C:\Program Files\Digital Line Detect
2007-05-29 21:59:55 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-24 23:05:23 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-09 20:02:01 -------- d-----w C:\Program Files\AVIpreview
2007-05-09 07:54:28 102,006 ----a-w C:\WINDOWS\hpoins04.dat
2007-05-09 07:54:16 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-05-09 07:54:06 -------- d-----w C:\Program Files\HP
2007-05-09 07:50:22 47,541,144 ----a-w C:\Program Files\gc_ep_w01_enu.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 05:41:16 -------- d-----w C:\Program Files\Bethesda Softworks
2007-04-14 09:20:00 0 ----a-w C:\aoltpspd.bin
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-13 17:30:43 33,592 ----a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
2007-04-13 17:30:39 25,136 ----a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
2007-04-05 03:19:01 9,738 ----a-w C:\DOCUME~1\Adam\APPLIC~1\wklnhst.dat
2007-04-04 00:02:05 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2006-10-18 04:45:45 88 --sh--r C:\WINDOWS\system32\FCD0DF1D4E.sys
2006-10-18 04:45:46 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-23 20:41]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 02:26]
"RegistryMechanic"="" []
"@"="" []
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [2006-10-27 01:48]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Install.exe]
C:\WINDOWS\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wosa]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 01:47:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-11 1:49:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-11 01:49

--- E O F ---

Thank you!

#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:25 PM

Posted 11 June 2007 - 10:01 PM

Sorry about the ComboFix link!! My bad!! :thumbsup:

Looks as if the malware is gone from the HijackThis log. However, the ComboFix report has some questionable files.

Since scanners target different things, please do the following to see what else we can get rid of:

Download SuperAntiSpyware Home Edition Free Version
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the information in the SuperAntiSpyware log in your reply.


Posted Image

Edited by Aaflac, 11 June 2007 - 10:03 PM.

Old duck...


#7 rockdove

rockdove
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 12 June 2007 - 02:00 AM

From one avian to another, allow me to say that is a beautiful specimen of a Rock Dove :thumbsup: But I think your duck could beat my pigeon in a fight...

Anyway, here's the SuperAntiSpyware log...thanks again for all of your help!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/12/2007 at 02:24 AM

Application Version : 3.8.1002

Core Rules Database Version : 3252
Trace Rules Database Version: 1263

Scan type : Complete Scan
Total Scan Time : 00:29:33

Memory items scanned : 472
Memory threats detected : 0
Registry items scanned : 7192
Registry threats detected : 0
File items scanned : 38064
File threats detected : 24

Adware.Tracking Cookie
C:\Documents and Settings\Adam\Cookies\adam@advertising[1].txt
C:\Documents and Settings\Adam\Cookies\adam@ads.web.aol[1].txt
C:\Documents and Settings\Adam\Cookies\adam@ad.yieldmanager[1].txt
C:\Documents and Settings\Adam\Cookies\adam@hitbox[1].txt
C:\Documents and Settings\Adam\Cookies\adam@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Adam\Cookies\adam@2o7[1].txt
C:\Documents and Settings\Adam\Cookies\adam@imrworldwide[2].txt
C:\Documents and Settings\Adam\Cookies\adam@trafficmp[2].txt
C:\Documents and Settings\Adam\Cookies\adam@statse.webtrendslive[2].txt
C:\Documents and Settings\Adam\Cookies\adam@specificclick[2].txt
C:\Documents and Settings\Adam\Cookies\adam@xiti[1].txt
C:\Documents and Settings\Adam\Cookies\adam@doubleclick[1].txt
C:\Documents and Settings\Adam\Cookies\adam@mediaplex[1].txt
C:\Documents and Settings\Adam\Cookies\adam@ar.atwola[1].txt
C:\Documents and Settings\Adam\Cookies\adam@ads.adbrite[1].txt
C:\Documents and Settings\Adam\Cookies\adam@serving-sys[2].txt
C:\Documents and Settings\Adam\Cookies\adam@adbrite[1].txt
C:\Documents and Settings\Adam\Cookies\adam@revsci[2].txt
C:\Documents and Settings\Adam\Cookies\adam@bs.serving-sys[1].txt
C:\Documents and Settings\Adam\Cookies\adam@atwola[1].txt
C:\Documents and Settings\Adam\Cookies\adam@atdmt[2].txt
C:\Documents and Settings\Adam\Cookies\adam@tribalfusion[2].txt
C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[1].txt
C:\Documents and Settings\Adam\Cookies\adam@questionmarket[2].txt

#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:25 PM

Posted 12 June 2007 - 07:03 PM

The white ducks I have seen are domestic ducks, and they do not fly. Their wings are too short. I think the rock dove would win that match!! :thumbsup:


Just to make sure, please go to Virus Total:
http://www.virustotal.com/flash/index_en.html

Click Browse, and go to the following file:
C:\WINDOWS\pvc11.dll

Then, press: Send
It may take a little while to scan.

Also do the same for the following:
C:\WINDOWS\57x.exe
C:\WINDOWS\system32\FCD0DF1D4E.sys

When the scan completes, copy the report, and post the results for each.


~~~~
Also, are you still having malware problems?

Old duck...


#9 rockdove

rockdove
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 12 June 2007 - 11:00 PM

Hello,

There is no file on my computer with this path: C:\WINDOWS\system32\FCD0DF1D4E.sys

This is one of the three files that you told me to have scanned...is it bad that it no longer exists? I haven't deleted anything recently. Where did you see this file?

OK, well here are the results for the other two files...it's a little tough to read in this format so I'll make it easier--there were no virus/threats found in the first file; there were some threats found in the second one (in boldface):

C:\WINDOWS\pvc11.dll

Antivirus Version Update Result
AhnLab-V3 2007.6.12.2 06.12.2007 no virus found
AntiVir 7.4.0.32 06.12.2007 no virus found
Authentium 4.93.8 06.12.2007 no virus found
Avast 4.7.997.0 06.12.2007 no virus found
AVG 7.5.0.467 06.13.2007 no virus found
BitDefender 7.2 06.13.2007 no virus found
CAT-QuickHeal 9.00 06.12.2007 no virus found
ClamAV devel-20070416 06.12.2007 no virus found
DrWeb 4.33 06.12.2007 no virus found
eSafe 7.0.15.0 06.12.2007 no virus found
eTrust-Vet 30.7.3714 06.12.2007 no virus found
Ewido 4.0 06.12.2007 no virus found
FileAdvisor 1 06.13.2007 No threat detected
Fortinet 2.85.0.0 06.12.2007 no virus found
F-Prot 4.3.2.48 06.12.2007 no virus found
F-Secure 6.70.13030.0 06.13.2007 no virus found
Ikarus T3.1.1.8 06.12.2007 no virus found
Kaspersky 4.0.2.24 06.13.2007 no virus found
McAfee 5051 06.12.2007 no virus found
Microsoft 1.2503 06.13.2007 no virus found
NOD32v2 2325 06.12.2007 no virus found
Norman 5.80.02 06.12.2007 no virus found
Panda 9.0.0.4 06.13.2007 no virus found
Prevx1 V2 06.13.2007 no virus found
Sophos 4.18.0 06.12.2007 no virus found
Sunbelt 2.2.907.0 06.09.2007 no virus found
Symantec 10 06.13.2007 no virus found
TheHacker 6.1.6.132 06.11.2007 no virus found
VBA32 3.12.0.1 06.12.2007 no virus found
VirusBuster 4.3.23:9 06.12.2007 no virus found
Webwasher-Gateway 6.0.1 06.13.2007 no virus found

C:\WINDOWS\57x.exe

AhnLab-V3 2007.6.12.2 06.12.2007 no virus found
AntiVir 7.4.0.32 06.12.2007 HEUR/Crypted
Authentium 4.93.8 06.12.2007 no virus found
Avast 4.7.997.0 06.12.2007 no virus found
AVG 7.5.0.467 06.13.2007 no virus found
BitDefender 7.2 06.13.2007 no virus found
CAT-QuickHeal 9.00 06.12.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 06.12.2007 no virus found
DrWeb 4.33 06.12.2007 no virus found
eSafe 7.0.15.0 06.12.2007 suspicious Trojan/Worm
eTrust-Vet 30.7.3714 06.12.2007 no virus found
Ewido 4.0 06.12.2007 no virus found
FileAdvisor 1 06.13.2007 no virus found
Fortinet 2.85.0.0 06.13.2007 no virus found
F-Prot 4.3.2.48 06.12.2007 no virus found
F-Secure 6.70.13030.0 06.13.2007 Hupigon.gen83
Ikarus T3.1.1.8 06.12.2007 MalwareScope.Backdoor.Hupigon.1
Kaspersky 4.0.2.24 06.13.2007 no virus found
McAfee 5051 06.12.2007 New Malware.dq
Microsoft 1.2503 06.13.2007 Backdoor:Win32/Kollah.A
NOD32v2 2325 06.12.2007 a variant of Win32/Spy.Agent.PZ
Norman 5.80.02 06.12.2007 Hupigon.gen83
Panda 9.0.0.4 06.13.2007 no virus found
Prevx1 V2 06.13.2007 Malicious
Sophos 4.18.0 06.12.2007 no virus found
Sunbelt 2.2.907.0 06.09.2007 no virus found
Symantec 10 06.13.2007 no virus found
TheHacker 6.1.6.132 06.11.2007 no virus found
VBA32 3.12.0.1 06.12.2007 suspected of Trojan-Dropper.Delf.33 (paranoid heuristics)
VirusBuster 4.3.23:9 06.12.2007 no virus found
Webwasher-Gateway 6.0.1 06.13.2007 Heuristic.Crypted

Looking forward to your response. Thanks!

#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:25 PM

Posted 13 June 2007 - 10:15 PM

Please search for and remove:
C:\WINDOWS\57x.exe

Are you still having malware problems?

Old duck...


#11 rockdove

rockdove
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 13 June 2007 - 11:13 PM

I deleted the file. I'm not experiencing any malware problems, as far as I can tell. Thank you.

What about that file that I couldn't locate? Should I be concerned?

#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:25 PM

Posted 14 June 2007 - 11:58 AM

Enable the viewing of Hidden Files and Folders as follows:
-At your Desktop, go to Start > My Computer
-Select the Tools menu and then Folder Options
-After the new window appears select the View tab
-Select: Display the contents of system folders
-Under the Hidden files and folders section select: Show hidden files and folders
-Remove the checkmark from: Hide file extensions for known file types
-Remove the checkmark from: Hide protected operating system files (Recommended)
-Press the Apply button
Click OK

See if you can find:
C:\WINDOWS\system32\FCD0DF1D4E.sys

Then, post back.

Old duck...


#13 rockdove

rockdove
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 14 June 2007 - 06:57 PM

OK I had everything correct except for "hide protected operating system files" so when I unchecked that option the file magically appeared! Thank you.

So I sent it to VirusTotal.com and here are the results:

AhnLab-V3 2007.6.12.2 06.14.2007 no virus found
AntiVir 7.4.0.32 06.14.2007 no virus found
Authentium 4.93.8 06.15.2007 no virus found
Avast 4.7.997.0 06.14.2007 no virus found
AVG 7.5.0.467 06.14.2007 no virus found
BitDefender 7.2 06.15.2007 no virus found
CAT-QuickHeal 9.00 06.14.2007 no virus found
ClamAV devel-20070416 06.15.2007 no virus found
DrWeb 4.33 06.14.2007 no virus found
eSafe 7.0.15.0 06.14.2007 no virus found
eTrust-Vet 30.7.3719 06.14.2007 no virus found
Ewido 4.0 06.14.2007 no virus found
FileAdvisor 1 06.15.2007 no virus found
Fortinet 2.85.0.0 06.15.2007 no virus found
F-Prot 4.3.2.48 06.14.2007 no virus found
F-Secure 6.70.13030.0 06.14.2007 no virus found
Ikarus T3.1.1.8 06.14.2007 no virus found
Kaspersky 4.0.2.24 06.15.2007 no virus found
McAfee 5053 06.14.2007 no virus found
Microsoft 1.2503 06.14.2007 no virus found
NOD32v2 2330 06.15.2007 no virus found
Norman 5.80.02 06.14.2007 no virus found
Panda 9.0.0.4 06.15.2007 no virus found
Prevx1 V2 06.15.2007 no virus found
Sophos 4.18.0 06.12.2007 no virus found
Sunbelt 2.2.907.0 06.14.2007 no virus found
Symantec 10 06.15.2007 no virus found
TheHacker 6.1.6.133 06.14.2007 no virus found
VBA32 3.12.0.2 06.14.2007 no virus found
VirusBuster 4.3.23:9 06.14.2007 no virus found
Webwasher-Gateway 6.0.1 06.14.2007 no virus found

Once again, thank you so much for all of your help.

#14 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:25 PM

Posted 14 June 2007 - 07:32 PM

:thumbsup: Good job!!

Are you still having malware problems?

Old duck...


#15 rockdove

rockdove
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 15 June 2007 - 12:46 AM

No I'm not having malware problems anymore. So does this mean that my computer is clean now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users