Rtvscan.exe uses 100% CPU and infected with Trojan.Vundo [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Rtvscan.exe uses 100% CPU and infected with Trojan.Vundo [Solved]

Options

hammerman View Member Profile	Oct 3 2009, 10:21 AM Post #2
Trusted Helper Posts: 1,499 From: UK OS: XP	Hello BuzzBoy22 and welcome to GeeksToGo I'm hammerman and I'm going to help you fix your problem. Sorry for the delay in replying. Before we begin, here are some guidelines which will help us both in fixing your problem. I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know. Please do no attach logs or post them in Quote/Code boxes unless requested. When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked. Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know. If in doubt about anything, please ask. As it's been a while since you posted your logs, let's get some fresh ones. Please follow these steps. -- Step 1 -- Run Malwarebytes' Anti-Malware. Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version. Select the Scanner tab, select "Perform quick scan", then click Scan The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. -- Step 2 -- To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link. Download OTS to your Desktop Close ALL OTHER PROGRAMS. Double-click on OTS.exe to start the program. Check the box that says Scan All Users Under Additional Scans check the following: Reg - Shell Spawning File - Lop Check File - Purity Scan Evnt - EvtViewer (last 10) Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Please attach the log in your next post. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post -- Step 3 -- Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors). http://sites.google.com/site/sysprotantirootkit/ Unzip it into a folder on your desktop. Start the Sysprot.exe program. Click on the Log tab. In the Write to log box select all items. Click on the Create Log button on the bottom right. After a few seconds a new Window should appear. Make sure Scan all drives is selected and click on the Start button. When it is complete a new Window will appear to indicate that the scan is finished. The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

BuzzBoy22 View Member Profile	Oct 3 2009, 05:00 PM Post #3
New Member Posts: 9 OS: XP	hammerman, Thanks for helping me out. I ran MBAM, OTS and SysProt, but SysProt did not appear to run correctly. After about 8 minutes of scanning, the system clock hung up, and the scan never gave me a "completed" message. I waited an hour for the scan to complete, but after that time there was no disk drive activity and the rest of the computer had hung up. There was a text file in the SysProt folder, and I have included it below, but I'm not confident in its completeness. Here are the log files: Malwarebytes' Anti-Malware 1.41 Database version: 2900 Windows 5.1.2600 Service Pack 3 10/3/2009 10:17:49 AM mbam-log-2009-10-03 (10-17-49).txt Scan type: Quick Scan Objects scanned: 140681 Time elapsed: 25 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 1 Registry Values Infected: 4 Registry Data Items Infected: 3 Folders Infected: 3 Files Infected: 22 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\tehunevo.dll (Trojan.Vundo) -> Delete on reboot. c:\WINDOWS\system32\wobihasa.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fedoniko.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{d045846b-9cd4-48bf-b327-b0f6757c4d5f} (Trojan.Vundo.H) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wefowuwus (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d045846b-9cd4-48bf-b327-b0f6757c4d5f} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sebugeban (Trojan.Vundo.H) -> Delete on reboot. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\install (Rogue.SecurityTool) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wobihasa.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\wobihasa.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\15637184 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\17270004 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\JD\Application Data\6802223407 (Rogue.SecurityTool) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\system32\wobihasa.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\tehunevo.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\fedoniko.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\buloboti.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\derupili.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\foweriyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hizudenu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lahozunu.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nawodope.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nukatojo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pobefoli.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\setevari.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tenedefi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tigahifa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wowuneha.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yetogusu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yolefode.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\15637184\15637184 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\17270004\17270004 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\JD\Application Data\6802223407\6802223407.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\JD\Application Data\6802223407\6802223407.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\JD\Application Data\6802223407\6802223407.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. -------------------------------------------------------------------------------- OTS.Txt ( 240.79K ) Number of downloads: 7 -------------------------------------------------------------------------------- SysProt AntiRootkit v1.0.1.0 by swatkat **************************************************************************************** ************************************************************************************** Process: Name: [System Idle Process] PID: 0 Hidden: No Window Visible: No Name: System PID: 4 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\smss.exe PID: 760 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\csrss.exe PID: 888 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\winlogon.exe PID: 912 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 964 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\lsass.exe PID: 976 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\ati2evxx.exe PID: 1152 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1180 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1244 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1360 Hidden: No Window Visible: No Name: C:\Program Files\Ahead\InCD\InCDsrv.exe PID: 1388 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1568 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1648 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE PID: 1704 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE PID: 1984 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\spoolsv.exe PID: 316 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 552 Hidden: No Window Visible: No Name: C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe PID: 584 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PID: 620 Hidden: No Window Visible: No Name: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PID: 848 Hidden: No Window Visible: No Name: C:\Program Files\Bonjour\mDNSResponder.exe PID: 200 Hidden: No Window Visible: No Name: C:\Program Files\Symantec AntiVirus\DefWatch.exe PID: 1332 Hidden: No Window Visible: No Name: C:\WINDOWS\eHome\ehsched.exe PID: 1540 Hidden: No Window Visible: No Name: C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe PID: 1588 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\gearsec.exe PID: 1760 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1836 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1888 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PID: 1960 Hidden: No Window Visible: No Name: C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe PID: 2072 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PID: 2200 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 2384 Hidden: No Window Visible: No Name: C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe PID: 2424 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 2532 Hidden: No Window Visible: No Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe PID: 2644 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PID: 2740 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PID: 2804 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 2860 Hidden: No Window Visible: No Name: C:\Program Files\Symantec AntiVirus\Rtvscan.exe PID: 2952 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\wdfmgr.exe PID: 3072 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\MsPMSPSv.exe PID: 3332 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\searchindexer.exe PID: 3368 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\alg.exe PID: 3752 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\ati2evxx.exe PID: 2380 Hidden: No Window Visible: No Name: C:\WINDOWS\explorer.exe PID: 2888 Hidden: No Window Visible: No Name: C:\hp\KBD\kbd.exe PID: 3632 Hidden: No Window Visible: No Name: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe PID: 1444 Hidden: No Window Visible: No Name: C:\Program Files\Multimedia Card Reader\shwicon2k.exe PID: 3444 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\hphmon05.exe PID: 1396 Hidden: No Window Visible: No Name: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe PID: 1628 Hidden: No Window Visible: No Name: C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe PID: 2216 Hidden: No Window Visible: No Name: C:\PROGRA~1\SYMANT~1\VPTray.exe PID: 2116 Hidden: No Window Visible: No Name: C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe PID: 2332 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE PID: 1380 Hidden: No Window Visible: No Name: C:\PROGRA~1\VISION~1\PAPERP~1\FBDirect.exe PID: 2464 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft IntelliType Pro\itype.exe PID: 2636 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft IntelliPoint\ipoint.exe PID: 2724 Hidden: No Window Visible: No Name: C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe PID: 2716 Hidden: No Window Visible: No Name: C:\Program Files\iTunes\iTunesHelper.exe PID: 3512 Hidden: No Window Visible: No Name: C:\Program Files\PC Magazine Utilities\Startup Cop Pro\StartupCopPro.exe PID: 3248 Hidden: No Window Visible: No Name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PID: 864 Hidden: No Window Visible: No Name: C:\Program Files\DNA\btdna.exe PID: 2060 Hidden: No Window Visible: No Name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PID: 4196 Hidden: No Window Visible: No Name: C:\Program Files\Windows Desktop Search\WindowsSearch.exe PID: 4204 Hidden: No Window Visible: No Name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PID: 4224 Hidden: No Window Visible: No Name: C:\Program Files\Symantec AntiVirus\DoScan.exe PID: 4412 Hidden: No Window Visible: No Name: C:\Program Files\iPod\bin\iPodService.exe PID: 5212 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe PID: 5368 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 6140 Hidden: No Window Visible: No Name: C:\Documents and Settings\JD\Desktop\SysProt\SysProt\SysProt.exe PID: 4360 Hidden: No Window Visible: Yes ************************************************************************************** ************************************************************************************** Kernel Modules: Module Name: \??\C:\Documents and Settings\JD\Desktop\SysProt\SysProt\SysProtDrv.sys Service Name: SysProtDrv.sys Module Base: AB29E000 Module End: AB2A9000 Hidden: No Module Name: \WINDOWS\system32\ntoskrnl.exe Service Name: --- Module Base: 804D7000 Module End: 806FF000 Hidden: No Module Name: \WINDOWS\system32\hal.dll Service Name: --- Module Base: 806FF000 Module End: 8071FD00 Hidden: No Module Name: \WINDOWS\system32\KDCOM.DLL Service Name: --- Module Base: F7987000 Module End: F7989000 Hidden: No Module Name: \WINDOWS\system32\BOOTVID.dll Service Name: --- Module Base: F7897000 Module End: F789A000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ACPI.sys Service Name: ACPI Module Base: F75A8000 Module End: F75D6000 Hidden: No Module Name: \WINDOWS\System32\DRIVERS\WMILIB.SYS Service Name: --- Module Base: F7989000 Module End: F798B000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\pci.sys Service Name: PCI Module Base: F7597000 Module End: F75A8000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\isapnp.sys Service Name: isapnp Module Base: F75F7000 Module End: F7601000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\pciide.sys Service Name: PCIIde Module Base: F7A4F000 Module End: F7A50000 Hidden: No Module Name: \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Service Name: --- Module Base: F7707000 Module End: F770E000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys Service Name: MountMgr Module Base: F7607000 Module End: F7612000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys Service Name: Disk Module Base: F74D8000 Module End: F74F7000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\dmload.sys Service Name: dmload Module Base: F798B000 Module End: F798D000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\dmio.sys Service Name: dmio Module Base: F74B2000 Module End: F74D8000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys Service Name: PartMgr Module Base: F770F000 Module End: F7714000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys Service Name: VolSnap Module Base: F7617000 Module End: F7624000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\atapi.sys Service Name: atapi Module Base: F749A000 Module End: F74B2000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\disk.sys Service Name: --- Module Base: F7627000 Module End: F7630000 Hidden: No Module Name: \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Service Name: --- Module Base: F7637000 Module End: F7644000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys Service Name: FltMgr Module Base: F747A000 Module End: F749A000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sr.sys Service Name: sr Module Base: F7468000 Module End: F747A000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\Lbd.sys Service Name: Lbd Module Base: F7647000 Module End: F7656000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys Service Name: PxHelp20 Module Base: F7657000 Module End: F7660000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PQV2i.sys Service Name: PQV2i Module Base: F7452000 Module End: F7468000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys Service Name: KSecDD Module Base: F743B000 Module End: F7452000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys Service Name: Ntfs Module Base: F7B52000 Module End: F7BDF000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\NDIS.sys Service Name: NDIS Module Base: F740E000 Module End: F743B000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ppsio2.sys Service Name: ppsio2 Module Base: F789B000 Module End: F789E000 Hidden: No Module Name: srescan.sys Service Name: srescan Module Base: F7883000 Module End: F7897000 Hidden: Yes Module Name: C:\WINDOWS\system32\drivers\sbp2port.sys Service Name: sbp2port Module Base: F7667000 Module End: F7672000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys Service Name: ohci1394 Module Base: F7677000 Module End: F7687000 Hidden: No Module Name: \WINDOWS\System32\DRIVERS\1394BUS.SYS Service Name: --- Module Base: F7687000 Module End: F7695000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\Mup.sys Service Name: Mup Module Base: BAF46000 Module End: BAF60000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\agp440.sys Service Name: agp440 Module Base: F7697000 Module End: F76A2000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\intelppm.sys Service Name: intelppm Module Base: BAF90000 Module End: BAF99000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\ati2mtag.sys Service Name: ati2mtag Module Base: BA026000 Module End: BA0FB000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS Service Name: --- Module Base: BA012000 Module End: BA026000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\usbuhci.sys Service Name: usbuhci Module Base: F7757000 Module End: F775D000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS Service Name: --- Module Base: B9FEE000 Module End: BA012000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\LaCieUSBFilter.sys Service Name: LaCieUSBFilter Module Base: BAF80000 Module End: BAF89000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS Service Name: --- Module Base: F79BB000 Module End: F79BD000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\usbehci.sys Service Name: usbehci Module Base: F775F000 Module End: F7767000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\cx88vid.sys Service Name: CX23880 Module Base: B9FBE000 Module End: B9FEE000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\STREAM.SYS Service Name: --- Module Base: BAF60000 Module End: BAF6D000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ks.sys Service Name: --- Module Base: B9F9B000 Module End: B9FBE000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\cx88enc.sys Service Name: CX88ENC Module Base: B9F52000 Module End: B9F9B000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys Service Name: ltmodem5 Module Base: B9EB7000 Module End: B9F52000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS Service Name: Modem Module Base: F7767000 Module End: F776F000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\LaCieFWFilter.sys Service Name: LaCieFWFilter Module Base: F776F000 Module End: F7777000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\R8139n51.SYS Service Name: rtl8139 Module Base: BA9CA000 Module End: BA9D6000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\serial.sys Service Name: Serial Module Base: BA9BA000 Module End: BA9CA000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\serenum.sys Service Name: serenum Module Base: BAED2000 Module End: BAED6000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\fdc.sys Service Name: Fdc Module Base: F7777000 Module End: F777E000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\parport.sys Service Name: Parport Module Base: B9EA3000 Module End: B9EB7000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\imapi.sys Service Name: Imapi Module Base: BA9AA000 Module End: BA9B5000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS Service Name: cdrbsdrv Module Base: BAECE000 Module End: BAED2000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\AFS2K.SYS Service Name: AFS2K Module Base: BA99A000 Module End: BA9A4000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\pfc.sys Service Name: pfc Module Base: BAECA000 Module End: BAECD000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\cdrom.sys Service Name: Cdrom Module Base: BA98A000 Module End: BA99A000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\redbook.sys Service Name: redbook Module Base: BA97A000 Module End: BA989000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\InCDPass.sys Service Name: InCDPass Module Base: F777F000 Module End: F7787000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\incdrm.SYS Service Name: incdrm Module Base: F7787000 Module End: F778E000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\pwd_2k.SYS Service Name: pwd_2k Module Base: B9E86000 Module End: B9EA3000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys Service Name: GEARAspiWDM Module Base: F77AF000 Module End: F77B5000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ALCXWDM.SYS Service Name: ALCXWDM Module Base: B9C59000 Module End: B9E86000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\portcls.sys Service Name: --- Module Base: B9C35000 Module End: B9C59000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\drmk.sys Service Name: --- Module Base: BA95A000 Module End: BA969000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\serscan.sys Service Name: StillCam Module Base: F79BD000 Module End: F79BF000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\audstub.sys Service Name: audstub Module Base: F7A9E000 Module End: F7A9F000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys Service Name: Rasl2tp Module Base: F7577000 Module End: F7584000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\ndistapi.sys Service Name: NdisTapi Module Base: BAEB6000 Module End: BAEB9000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\ndiswan.sys Service Name: NdisWan Module Base: B9C1E000 Module End: B9C35000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\raspppoe.sys Service Name: RasPppoe Module Base: F7567000 Module End: F7572000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\raspptp.sys Service Name: PptpMiniport Module Base: F7557000 Module End: F7563000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\TDI.SYS Service Name: --- Module Base: BA37B000 Module End: BA380000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\psched.sys Service Name: PSched Module Base: B9C0D000 Module End: B9C1E000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\msgpc.sys Service Name: Gpc Module Base: F7547000 Module End: F7550000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\ptilink.sys Service Name: Ptilink Module Base: BA373000 Module End: BA378000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\raspti.sys Service Name: Raspti Module Base: BA36B000 Module End: BA370000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\rdpdr.sys Service Name: rdpdr Module Base: B9BB5000 Module End: B9BE5000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\termdd.sys Service Name: TermDD Module Base: F7537000 Module End: F7541000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\kbdclass.sys Service Name: Kbdclass Module Base: BA363000 Module End: BA369000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\mouclass.sys Service Name: Mouclass Module Base: BA35B000 Module End: BA361000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\swenum.sys Service Name: swenum Module Base: F79BF000 Module End: F79C1000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\update.sys Service Name: Update Module Base: B9AB7000 Module End: B9B15000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\mssmbios.sys Service Name: mssmbios Module Base: BAE9A000 Module End: BAE9E000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\dvd_2K.SYS Service Name: dvd_2K Module Base: BA353000 Module End: BA359000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS Service Name: NDProxy Module Base: BAFF0000 Module End: BAFFA000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\usbhub.sys Service Name: usbhub Module Base: BAFB0000 Module End: BAFBF000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\CX88TUNE.sys Service Name: CXTUNE Module Base: BA34B000 Module End: BA353000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\CX88XBARDUAL.sys Service Name: CX88XBAR Module Base: F79C5000 Module End: F79C7000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\nic1394.sys Service Name: NIC1394 Module Base: F76C7000 Module End: F76D7000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\flpydisk.sys Service Name: Flpydisk Module Base: BA343000 Module End: BA348000 Hidden: No Module Name: \??\C:\Program Files\Symantec AntiVirus\savrt.sys Service Name: SAVRT Module Base: AEE69000 Module End: AEEC1000 Hidden: No Module Name: \??\C:\Program Files\Symantec\SYMEVENT.SYS Service Name: SymEvent Module Base: AEE47000 Module End: AEE69000 Hidden: No Module Name: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys Service Name: SAVRTPEL Module Base: AEE33000 Module End: AEE47000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\IrBus.sys Service Name: IrBus Module Base: BA94A000 Module End: BA956000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\usbccgp.sys Service Name: usbccgp Module Base: BA33B000 Module End: BA343000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\hidusb.sys Service Name: HidUsb Module Base: BAEDE000 Module End: BAEE1000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS Service Name: --- Module Base: BA93A000 Module End: BA943000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS Service Name: --- Module Base: BA333000 Module End: BA33A000 Hidden: No Module Name: \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys Service Name: SunkFilt Module Base: F77DF000 Module End: F77E6000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS Service Name: USBSTOR Module Base: F778F000 Module End: F7796000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\hidir.sys Service Name: HidIr Module Base: F779F000 Module End: F77A4000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\kbdhid.sys Service Name: kbdhid Module Base: BAEDA000 Module End: BAEDE000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\mouhid.sys Service Name: mouhid Module Base: BAED6000 Module End: BAED9000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\NuidFltr.sys Service Name: NuidFltr Module Base: F77A7000 Module End: F77AE000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS Service Name: --- Module Base: F76D7000 Module End: F76E4000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys Service Name: Wdf01000 Module Base: AED68000 Module End: AEDE3000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\point32.sys Service Name: Point32 Module Base: F77B7000 Module End: F77BD000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS Service Name: Cdr4_xp Module Base: F7A59000 Module End: F7A5A000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Cdralw2k.SYS Service Name: Cdralw2k Module Base: F7A58000 Module End: F7A59000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Service Name: Fs_Rec Module Base: F79D9000 Module End: F79DB000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Null.SYS Service Name: Null Module Base: BAB19000 Module End: BAB1A000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS Service Name: Beep Module Base: F79DB000 Module End: F79DD000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\vga.sys Service Name: VgaSave Module Base: F77CF000 Module End: F77D5000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS Service Name: mnmdd Module Base: F79DD000 Module End: F79DF000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Service Name: RDPCDD Module Base: F79DF000 Module End: F79E1000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\cdudf_xp.SYS Service Name: cdudf_xp Module Base: AEBB2000 Module End: AEBF2000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\InCDrec.SYS Service Name: InCDrec Module Base: B9BE5000 Module End: B9BE8000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\InCDfs.SYS Service Name: InCDfs Module Base: AEB5F000 Module End: AEB78000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS Service Name: Msfs Module Base: F77D7000 Module End: F77DC000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS Service Name: Npfs Module Base: F77E7000 Module End: F77EF000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS Service Name: UdfReadr_xp Module Base: AEB2A000 Module End: AEB5F000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\rasacd.sys Service Name: RasAcd Module Base: B8FB5000 Module End: B8FB8000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\ipsec.sys Service Name: IPSec Module Base: AEADD000 Module End: AEAF0000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\tcpip.sys Service Name: Tcpip Module Base: AEA84000 Module End: AEADD000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\ipnat.sys Service Name: IpNat Module Base: AEA5E000 Module End: AEA84000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\SYMTDI.SYS Service Name: SYMTDI Module Base: AEA23000 Module End: AEA5E000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\arp1394.sys Service Name: Arp1394 Module Base: F76F7000 Module End: F7706000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\netbt.sys Service Name: NetBT Module Base: AE9FB000 Module End: AEA23000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\wanarp.sys Service Name: Wanarp Module Base: F7587000 Module End: F7590000 Hidden: No Module Name: C:\WINDOWS\System32\vsdatant.sys Service Name: vsdatant Module Base: AE990000 Module End: AE9FB000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys Service Name: WS2IFSL Module Base: AEED9000 Module End: AEEDC000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\afd.sys Service Name: AFD Module Base: AE96E000 Module End: AE990000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\netbios.sys Service Name: NetBIOS Module Base: B9BA5000 Module End: B9BAE000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\rdbss.sys Service Name: Rdbss Module Base: AE943000 Module End: AE96E000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\PQIMount.SYS Service Name: PQIMount Module Base: B9B85000 Module End: B9B8E000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys Service Name: MRxSmb Module Base: AE883000 Module End: AE8F3000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS Service Name: Fips Module Base: B9B75000 Module End: B9B80000 Hidden: No Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys Service Name: eeCtrl Module Base: AE825000 Module End: AE883000 Hidden: No Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys Service Name: EraserUtilRebootDrv Module Base: AE808000 Module End: AE825000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS Service Name: Fastfat Module Base: AE76C000 Module End: AE790000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys Service Name: --- Module Base: AE7BC000 Module End: AE7BF000 Hidden: No Module Name: C:\WINDOWS\System32\watchdog.sys Service Name: --- Module Base: F77F7000 Module End: F77FC000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys Service Name: --- Module Base: BA0FC000 Module End: BA0FD000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\elagopro.sys Service Name: elagopro Module Base: F780F000 Module End: F7816000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\ndisuio.sys Service Name: Ndisuio Module Base: AC568000 Module End: AC56C000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\mrxdav.sys Service Name: MRxDAV Module Base: AC19F000 Module End: AC1CC000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS Service Name: ParVdm Module Base: F79E9000 Module End: F79EB000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\elaunidr.sys Service Name: elaunidr Module Base: F798D000 Module End: F798F000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\MASPINT.SYS Service Name: MASPINT Module Base: F79A9000 Module End: F79AB000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\srv.sys Service Name: Srv Module Base: ABD29000 Module End: ABD7B000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS Service Name: Cdfs Module Base: ABA57000 Module End: ABA67000 Hidden: No Module Name: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091002.003\navex15.sys Service Name: NAVEX15 Module Base: AB60D000 Module End: AB74F000 Hidden: No Module Name: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091002.003\naveng.sys Service Name: NAVENG Module Base: AB5F9000 Module End: AB60D000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys Service Name: wdmaud Module Base: AB42C000 Module End: AB441000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys Service Name: sysaudio Module Base: ABB47000 Module End: ABB56000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\DMusic.sys Service Name: DMusic Module Base: AB4F9000 Module End: AB506000 Hidden: Yes Module Name: C:\WINDOWS\system32\drivers\kmixer.sys Service Name: kmixer Module Base: AB3DE000 Module End: AB409000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\drmkaud.sys Service Name: drmkaud Module Base: F7AA6000 Module End: F7AA7000 Hidden: Yes Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys Service Name: HTTP Module Base: AB09D000 Module End: AB0DE000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\SYMREDRV.SYS Service Name: SYMREDRV Module Base: AAD7D000 Module End: AAD87000 Hidden: No ************************************************************************************** ************************************************************************************** SSDT: Function Name: ZwConnectPort Address: AE9B1FC0 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwCreateFile Address: AE9AEC80 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwCreateKey Address: AE9C9170 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwCreatePort Address: AE9B2580 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwCreateProcess Address: AE9C6900 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwCreateProcessEx Address: AE9C6B10 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwCreateSection Address: AE9CAB10 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwCreateWaitablePort Address: AE9B2670 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwDeleteFile Address: AE9AF210 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwDeleteKey Address: AE9C99F0 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwDeleteValueKey Address: AEE5ACB0 Driver Base: AEE47000 Driver End: AEE69000 Driver Name: \??\C:\Program Files\Symantec\SYMEVENT.SYS Function Name: ZwDuplicateObject Address: AE9C6280 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwLoadKey Address: AE9C9F10 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwLoadKey2 Address: AE9C9F90 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwOpenFile Address: AE9AF070 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwOpenProcess Address: AE9C8180 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwOpenThread Address: AE9C7F40 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwRenameKey Address: AE9CA6F0 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwReplaceKey Address: AE9CA150 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwRequestWaitReplyPort Address: AE9B1BE0 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwRestoreKey Address: AE9CA540 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwSecureConnectPort Address: AE9B2190 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwSetInformationFile Address: AE9AF440 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwSetValueKey Address: AEE5AF10 Driver Base: AEE47000 Driver End: AEE69000 Driver Name: \??\C:\Program Files\Symantec\SYMEVENT.SYS Function Name: ZwSystemDebugControl Address: AE9C7200 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys Function Name: ZwTerminateProcess Address: AE9C7080 Driver Base: AE990000 Driver End: AE9FB000 Driver Name: \SystemRoot\System32\vsdatant.sys ************************************************************************************** ************************************************************************************** Kernel Hooks: Hooked Function: PsGetProcessWin32WindowStation At Address: 804F41EC Jump To: FD806070 Module Name: _unknown_ Hooked Function: PsGetProcessJob At Address: 804F41EC Jump To: FD806070 Module Name: _unknown_ ************************************************************************************** ************************************************************************************** IRP Hooks: Hooked Module: C:\WINDOWS\System32\DRIVERS\tcpip.sys Hooked IRP: IRP_MJ_CREATE Jump To: AE9D6880 Hooking Module: C:\WINDOWS\System32\vsdatant.sys Hooked Module: C:\WINDOWS\System32\DRIVERS\tcpip.sys Hooked IRP: IRP_MJ_CLOSE Jump To: AE9D6880 Hooking Module: C:\WINDOWS\System32\vsdatant.sys Hooked Module: C:\WINDOWS\System32\DRIVERS\tcpip.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: AE9D6880 Hooking Module: C:\WINDOWS\System32\vsdatant.sys Hooked Module: C:\WINDOWS\System32\DRIVERS\tcpip.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: AE9D6880 Hooking Module: C:\WINDOWS\System32\vsdatant.sys Hooked Module: C:\WINDOWS\System32\DRIVERS\tcpip.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: AE9D6880 Hooking Module: C:\WINDOWS\System32\vsdatant.sys ************************************************************************************** ************************************************************************************** Ports: Local Address: DESKTOP.HAWAII.RR.COM:139 Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: DESKTOP:27015 Remote Address: LOCALHOST:1041 Type: TCP Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe State: ESTABLISHED Local Address: DESKTOP:27015 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe State: LISTENING Local Address: DESKTOP:5354 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: LISTENING Local Address: DESKTOP:1041 Remote Address: LOCALHOST:27015 Type: TCP Process: C:\Program Files\iTunes\iTunesHelper.exe State: ESTABLISHED Local Address: DESKTOP:1039 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE State: LISTENING Local Address: DESKTOP:1027 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\alg.exe State: LISTENING Local Address: DESKTOP:14375 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\DNA\btdna.exe State: LISTENING Local Address: DESKTOP:2869 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: DESKTOP:445 Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: DESKTOP:135 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: DESKTOP.HAWAII.RR.COM:5353 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: DESKTOP.HAWAII.RR.COM:1900 Remote Address: NA Type: UDP Process: C:\Program Files\DNA\btdna.exe State: NA Local Address: DESKTOP.HAWAII.RR.COM:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: DESKTOP.HAWAII.RR.COM:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: DESKTOP.HAWAII.RR.COM:137 Remote Address: NA Type: UDP Process: System State: NA Local Address: DESKTOP.HAWAII.RR.COM:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: DESKTOP:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: DESKTOP:1053 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: DESKTOP:1052 Remote Address: NA Type: UDP Process: C:\WINDOWS\explorer.exe State: NA Local Address: DESKTOP:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: DESKTOP:51082 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: DESKTOP:14375 Remote Address: NA Type: UDP Process: C:\Program Files\DNA\btdna.exe State: NA Local Address: DESKTOP:4500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: DESKTOP:1434 Remote Address: NA Type: UDP Process: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe State: NA Local Address: DESKTOP:1025 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: DESKTOP:500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: DESKTOP:445 Remote Address: NA Type: UDP Process: System State: NA ************************************************************************************** ****************************************************************************************

hammerman View Member Profile	Oct 3 2009, 08:48 PM Post #4
Trusted Helper Posts: 1,499 From: UK OS: XP	Hello, Please follow these steps. -- Step 1 -- I notice you are running one or more Peer-to-Peer (P2P) programs. The files shared by P2P programs are often infected with viruses and malware, even though they may appear to be legitimate. For this reason, I would recommend you uninstall them. If you decide to keep them, I ask that you do not use them while we are fixing your problem. An article indicating the Dangers of P2P can be found here -- Step 2 -- While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent malware removal tools from fixing certain things. Please disable TeaTimer for now until you are clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. -- Step 3 -- Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button. QUOTE [Kill All Processes] [Unregister Dlls] [Registry - Safe List] < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ YN -> {0A87E45F-537A-40B4-B812-E2544C21A09F} [HKLM] -> Reg Error: Value error. [SpywareBlock Class] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar YN -> "" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YY -> "wefowuwus" -> C:\WINDOWS\System32\wobihasa.DLL [Rundll32.exe "c:\windows\system32\wobihasa.dll",a] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4249377541-764714509-3756006734-1006\] > -> HKEY_USERS\S-1-5-21-4249377541-764714509-3756006734-1006\Software\Microsoft\Internet Explorer\Extensions\ YN -> CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] -> [Reg Error: Key error.] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs AppInit_DLLs -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls YY -> c:\windows\system32\gisisema.dll -> C:\WINDOWS\System32\gisisema.dll YY -> c:\windows\system32\yudegoku.dll -> C:\WINDOWS\System32\yudegoku.dll YY -> tehunevo.dll -> C:\WINDOWS\System32\tehunevo.dll YY -> c:\windows\system32\wobihasa.dll -> C:\WINDOWS\System32\wobihasa.dll < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad YN -> "{324fc3bb-4f3e-4c51-84b7-1689cfe42ed0}" [HKLM] -> C:\WINDOWS\System32\yudegoku.dll [ganokiboy] YN -> "{de4e9e38-28ca-4548-8ac1-ad002276dd90}" [HKLM] -> C:\WINDOWS\System32\gisisema.dll [kawuhesud] YY -> "{d045846b-9cd4-48bf-b327-b0f6757c4d5f}" [HKLM] -> C:\WINDOWS\System32\wobihasa.dll [sebugeban] < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler YN -> "{324fc3bb-4f3e-4c51-84b7-1689cfe42ed0}" [HKLM] -> C:\WINDOWS\System32\yudegoku.dll [tokatiluy] YY -> "{d045846b-9cd4-48bf-b327-b0f6757c4d5f}" [HKLM] -> C:\WINDOWS\System32\wobihasa.dll [mujuzedij] YN -> "{de4e9e38-28ca-4548-8ac1-ad002276dd90}" [HKLM] -> C:\WINDOWS\System32\gisisema.dll [tokatiluy] < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List YN -> "C:\Documents and Settings\All Users\Application Data\14267034\14267034.exe" -> C:\Documents and Settings\All Users\Application Data\14267034\14267034.exe [C:\Documents and Settings\All Users\Application Data\14267034\14267034.exe::Enabled:14267034] YN -> "C:\Documents and Settings\All Users\Application Data\16496404\16496404.exe" -> C:\Documents and Settings\All Users\Application Data\16496404\16496404.exe [C:\Documents and Settings\All Users\Application Data\16496404\16496404.exe::Enabled:16496404] YN -> "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire] YN -> "E:\setup\HPZNUI01.EXE" -> E:\setup\HPZNUI01.EXE [E:\setup\HPZNUI01.EXE::Enabled:hpznui01.exe] < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 YN -> \{c5635f3c-be86-11dd-ab7d-000ea6c3bfc8} -> YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5635f3c-be86-11dd-ab7d-000ea6c3bfc8}\Shell\AutoRun\command -> YN -> \{c5635f3c-be86-11dd-ab7d-000ea6c3bfc8}\Shell\AutoRun\command\\"" -> J:\Autorun.exe [J:\Autorun.exe /run] YN -> \{c5635f3c-be86-11dd-ab7d-000ea6c3bfc8} -> YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5635f3c-be86-11dd-ab7d-000ea6c3bfc8}\Shell\Shell00\Command -> YN -> \{c5635f3c-be86-11dd-ab7d-000ea6c3bfc8}\Shell\Shell00\Command\\"" -> J:\Autorun.exe [J:\Autorun.exe /run] YN -> \{c5635f3c-be86-11dd-ab7d-000ea6c3bfc8} -> YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5635f3c-be86-11dd-ab7d-000ea6c3bfc8}\Shell\Shell01\Command -> YN -> \{c5635f3c-be86-11dd-ab7d-000ea6c3bfc8}\Shell\Shell01\Command\\"" -> J:\Autorun.exe [J:\Autorun.exe /action] YN -> \{c5635f3c-be86-11dd-ab7d-000ea6c3bfc8} -> YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5635f3c-be86-11dd-ab7d-000ea6c3bfc8}\Shell\Shell02\Command -> YN -> \{c5635f3c-be86-11dd-ab7d-000ea6c3bfc8}\Shell\Shell02\Command\\"" -> J:\Autorun.exe [J:\Autorun.exe /uninstall] [Files/Folders - Modified Within 30 Days] NY -> mehudebe -> C:\WINDOWS\System32\mehudebe NY -> wobihasa.dll -> C:\WINDOWS\System32\wobihasa.dll NY -> vokafifu.dll -> C:\WINDOWS\System32\vokafifu.dll NY -> famatoge.dll -> C:\WINDOWS\System32\famatoge.dll NY -> wayolelu.dll -> C:\WINDOWS\System32\wayolelu.dll [Files - No Company Name] NY -> wobihasa.dll -> C:\WINDOWS\System32\wobihasa.dll NY -> tehunevo.dll -> C:\WINDOWS\System32\tehunevo.dll NY -> fedoniko.dll -> C:\WINDOWS\System32\fedoniko.dll NY -> vokafifu.dll -> C:\WINDOWS\System32\vokafifu.dll NY -> famatoge.dll -> C:\WINDOWS\System32\famatoge.dll NY -> wayolelu.dll -> C:\WINDOWS\System32\wayolelu.dll [Custom Items] :files C:\Documents and Settings\All Users\Application Data\14267034 C:\Documents and Settings\All Users\Application Data\16496404 :end [Empty Temp Folders] [Start Explorer] [Reboot] The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here I will review the information when it comes back in. -- Step 4 -- Run Malwarebytes' Anti-Malware. Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version. Select the Scanner tab, select "Perform full scan", then click Scan The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. -- Step 5 -- Run OTL and select Minimal Output. Use the Quick Scan button to start a scan. Please post the OTL report in your reply. -- Step 6 -- Download the GMER Rootkit Scanner. Unzip it to your Desktop. Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Double-click gmer.exe. The program will begin to run. Caution These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised! If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click NO In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked. Now click the Scan button. Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt" Save it where you can easily find it, such as your desktop. Post the contents of GMER.txt in your next reply. Do you recognise this file? C:\Documents and Settings\JD\Start Menu\Programs\Startup\TempClean.bat

hammerman View Member Profile	Oct 4 2009, 09:57 AM Post #6
Trusted Helper Posts: 1,499 From: UK OS: XP	Hello, Can you post the latest OTS log file which you will find in the folder C:\_OTS\MovedFiles Please follow these steps. -- Step 1 -- Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL O2 - BHO: (no name) - {bffe81e7-ca83-45d4-893f-519c62f1bcfe} - File not found O33 - MountPoints2\{bdc5d164-4a56-11db-9c4d-000ea6c3bfc8}\Shell\AutoRun\command - "" = F:\PortableRoboForm.exe -- File not found O33 - MountPoints2\{bdc5d164-4a56-11db-9c4d-000ea6c3bfc8}\Shell\RoboForm2Go\command - "" = F:\PortableRoboForm.exe -- File not found [2009/10/03 17:30:08 \| 00,011,168 \| -H-- \| M] () -- C:\WINDOWS\System32\mehudebe [2009/10/03 17:25:58 \| 00,038,912 \| -HS- \| M] () -- C:\WINDOWS\System32\benugame.dll :Services :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- :Files :Commands [purity] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done This fix will produce a report. Please add this to your reply. -- Step 2 -- Run Malwarebytes' Anti-Malware. Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version. Select the Scanner tab, select "Perform quick scan", then click Scan The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

BuzzBoy22 View Member Profile	Oct 4 2009, 01:30 PM Post #7
New Member Posts: 9 OS: XP	hammerman, MBAM found no malicious items. Here are the logs: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bffe81e7-ca83-45d4-893f-519c62f1bcfe}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bffe81e7-ca83-45d4-893f-519c62f1bcfe}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdc5d164-4a56-11db-9c4d-000ea6c3bfc8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bdc5d164-4a56-11db-9c4d-000ea6c3bfc8}\ not found. File F:\PortableRoboForm.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdc5d164-4a56-11db-9c4d-000ea6c3bfc8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bdc5d164-4a56-11db-9c4d-000ea6c3bfc8}\ not found. File F:\PortableRoboForm.exe not found. C:\WINDOWS\System32\mehudebe moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\benugame.dll C:\WINDOWS\System32\benugame.dll NOT unregistered. C:\WINDOWS\System32\benugame.dll moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: Aimee ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: JD File delete failed. C:\Documents and Settings\JD\Local Settings\Temp\~DF745D.tmp scheduled to be deleted on reboot. ->Temp folder emptied: 322336 bytes File delete failed. C:\Documents and Settings\JD\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 198389 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 46344735 bytes ->Google Chrome cache emptied: 6299941 bytes ->Apple Safari cache emptied: 0 bytes User: Kids User: Laptop User: LocalService File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. ->Temp folder emptied: 65748 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_944.dat scheduled to be deleted on reboot. ->Temp folder emptied: 16384 bytes File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\temp\ZLT04d24.TMP scheduled to be deleted on reboot. Windows Temp folder emptied: 23200 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 50.87 mb OTL by OldTimer - Version 3.0.16.0 log created on 10042009_084725 Files\Folders moved on Reboot... C:\Documents and Settings\JD\Local Settings\Temp\~DF745D.tmp moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_944.dat not found! C:\WINDOWS\temp\ZLT04d24.TMP moved successfully. Registry entries deleted on Reboot... ------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.41 Database version: 2905 Windows 5.1.2600 Service Pack 3 10/4/2009 9:24:10 AM mbam-log-2009-10-04 (09-24-10).txt Scan type: Quick Scan Objects scanned: 140394 Time elapsed: 24 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

hammerman View Member Profile	Oct 4 2009, 02:19 PM Post #8
Trusted Helper Posts: 1,499 From: UK OS: XP	Hello, Please follow these steps and then give me an update on how your computer's running now. -- Step 1 -- Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. -- Step 2 -- This scan may take a few hours to run but it's very thorough. Please do an online scan with Kaspersky WebScanner Click on Accept You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post.

BuzzBoy22 View Member Profile	Oct 5 2009, 09:47 AM Post #9
New Member Posts: 9 OS: XP	hammerman, I ran JavaRa and reinstalled the latest JRE without a problem. So far when I have attempted to run Kapersky WebScanner, I haven't managed to get all the way through to the scan. The database download was only about 50% complete after 12 hours and then I started to get script errors. I was using Firefox, and I plan to attempt the scan again today with Explorer while I'm at work. Besides the failed Kapersky scan, the computer seems to be behaving and I have not received any virus alerts. Just wanted to give you an update. I'll post again after the second try at running Kapersky. Thanks for your help. BuzzBoy22

hammerman View Member Profile	Oct 5 2009, 10:05 AM Post #10
Trusted Helper Posts: 1,499 From: UK OS: XP	Thanks for letting me know. If you continue to have problems, use this scanner instead. Please bear in mind that these scans can take a few hours to complete. Please click here to download AVP Tool by Kaspersky. Save it to your desktop. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. Double click the setup file to run it. Click Next to continue. It will by default install it to your desktop folder.Click Next. Hit ok at the prompt for scanning in Safe Mode. It will then open a box There will be a tab that says Automatic scan. Under Automatic scan make sure these are checked. System Memory Startup Objects Disk Boot Sectors. My Computer. Also any other drives (Removable that you may have) After that click on *Security level* then choose *Customize* then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok. Then choose OK again then you are back to the main screen. Then click on Scan at the to right hand Corner. It will automatically Neutralize any objects found. If some objects are left un-neutralized then click the button that says Neutralize all If it says it cannot be Neutralized then chooose The delete option when prompted. After that is done click on the reports button at the bottom and save it to file name it Kas. Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply. *Note: This tool will self uninstall when you close it so please save the log before closing it.* This post has been edited by hammerman: Oct 5 2009, 10:06 AM

BuzzBoy22 View Member Profile	Oct 6 2009, 09:23 AM Post #11
New Member Posts: 9 OS: XP	hammerman, I was able to complete the scan on the second try. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, October 6, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, October 06, 2009 04:43:36 Records in database: 2920392 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ G:\ H:\ I:\ J:\ L:\ Scan statistics: Objects scanned: 254426 Threats found: 28 Infected objects found: 70 Suspicious objects found: 4 Scan duration: 07:28:22 File name / Threat / Threats count C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Email-Worm.Win32.Mydoom.a 1 C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst Infected: Email-Worm.Win32.Mydoom.a 1 C:\Documents and Settings\Administrator\My Documents\Email\Main\Deleted Items.dbx Infected: Email-Worm.Win32.Mydoom.a 1 C:\Documents and Settings\Aimee\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2 C:\Documents and Settings\Aimee\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Exploit.HTML.ObjData 1 C:\Documents and Settings\Aimee\My Documents\Email\Main\Deleted Items.dbx Infected: Email-Worm.Win32.Mydoom.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B80000\48FAC461.VBN Infected: Exploit.SWF.Downloader.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B80001\48FACA64.VBN Infected: not-a-virus:AdWare.Win32.BHO.dht 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\094C0000\4B6D6202.VBN Infected: Packed.Win32.Krap.p 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\094C0001\4B6D64F8.VBN Infected: Packed.Win32.Krap.p 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\094C0002\4B6D65AB.VBN Infected: Packed.Win32.Krap.p 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\094C0003\4B6D65D3.VBN Infected: Packed.Win32.Krap.p 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\094C0004\4B6D65FB.VBN Infected: Packed.Win32.Krap.p 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\094C0005\4B6D6623.VBN Infected: Packed.Win32.Krap.p 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\094C0006\4B6D664D.VBN Infected: Packed.Win32.Krap.p 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\094C0007\4B6D6675.VBN Infected: Packed.Win32.Krap.p 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\094C0008\4B6D669B.VBN Infected: Packed.Win32.Krap.p 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\094C0009\4B6D66C3.VBN Infected: Packed.Win32.Krap.p 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400000\4D5733D3.VBN Infected: Trojan.Win32.FraudPack.grt 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400001\4D5733EE.VBN Infected: Trojan.Win32.FraudPack.grt 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400002\4D574038.VBN Infected: Trojan.Win32.FraudPack.grt 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400003\4D574054.VBN Infected: Trojan-Downloader.Win32.Agent.ames 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C9C0000\4D9CFB79.VBN Infected: Trojan-Downloader.Win32.Zlob.aahv 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C9C0001\4D9CFBB6.VBN Infected: Trojan.Win32.Agent.aiar 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C9C0002\4D9D0508.VBN Infected: Trojan-Downloader.Win32.Small.afpi 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C9C0003\4D9D0D32.VBN Infected: Trojan-Downloader.Win32.Zlob.aaij 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C9C0004\4D9D1567.VBN Infected: Trojan-Downloader.Win32.Zlob.aasq 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C9C0005\4D9D1D6B.VBN Infected: Trojan-Downloader.Win32.Zlob.aahr 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C9C0006\4D9D2419.VBN Infected: Trojan.Win32.Agent.agyx 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C9C0007\4D9D2A27.VBN Infected: Hoax.Win32.Agent.ge 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D140000\4DB7E4AC.VBN Infected: Trojan-Downloader.Win32.Small.abfp 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00000\4DF2BCD2.VBN Infected: Trojan-Dropper.Win32.KGen.gjp 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD40001\4DDF68E7.VBN Infected: Trojan-Downloader.Win32.Injecter.ahh 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB40000\4FF7DB72.VBN Infected: P2P-Worm.Win32.Nugg.w 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB40001\4FF7DB8D.VBN Infected: P2P-Worm.Win32.Nugg.w 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB40002\4FFC9E5D.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB40003\4FFCA5F6.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EC00000\4FFB328A.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vdck 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ED80000\4EFCA90D.VBN Infected: Trojan-Downloader.Win32.Zlob.bxi 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080000.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080001.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080002.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080003.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080004.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080005.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080006.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080007.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080008.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080009.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F08000A.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F08000B.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F08000C.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F08000D.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F08000E.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F08000F.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080010.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080013.VBN Infected: Trojan-Downloader.Win32.Small.abax 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F180000.VBN Infected: Trojan-Downloader.Win32.FraudLoad.wbru 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300002\4FF7A889.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300003\4FF7A8BD.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300005\4FF7A92E.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300006\4FF7A974.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10900000\59FC5426.VBN Infected: Packed.Win32.Krap.p 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10900001\59FC55AE.VBN Infected: Packed.Win32.Krap.p 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10E80000\58EA35DF.VBN Infected: Trojan-Downloader.Win32.Small.abfp 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13A00000\5BE835E9.VBN Infected: Trojan.Win32.Monder.bzea 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1CB00000.VBN Infected: not-a-virus:PSWTool.Win32.Dialupass.dp 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1CB00001.VBN Infected: not-a-virus:PSWTool.Win32.Dialupass.dp 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1CB00002.VBN Infected: not-a-virus:PSWTool.Win32.Dialupass.dp 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1CB00003.VBN Infected: not-a-virus:PSWTool.Win32.Dialupass.dp 1 C:\Documents and Settings\Laptop\Aimee\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2 C:\Documents and Settings\Laptop\Aimee\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Exploit.HTML.ObjData 1 Selected area has been scanned.

hammerman View Member Profile	Oct 6 2009, 11:15 AM Post #12
Trusted Helper Posts: 1,499 From: UK OS: XP	Hello, You have some infected e-mail messages in Outlook so you may want to remove any e-mails with suspicious attachments and empty your deleted items folder. Apart from that, your computer appears clean Let's remove the tools we've been using. Please follow these steps. -- Step 1 -- Download OTC to your desktop and run it Click Yes to beginning the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. -- Step 2 -- Your backup files in the System Restore points may be infected and need to be cleared. The only way to do this is to turn off System Restore and then turn it back on again. This will delete all your backup files in the System Restore points, including any that are infected. You can then create a new restore point containing your clean files. Please follow these instructions. Right-click on My Computer and select Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply then click Yes to confirm. This will remove all your System Restore points and infected files. Now uncheck the Turn off System Restore, click Apply then OK. A new Restore Point has now been created containing backup files for your computer that are clean. You can create additional Restore Points at any time. Click here for instructions. Here are some measures you can take to ensure that your computer remains clean. 1. Updates Windows Updates It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically. Click Start Select Control Panel Click on Automatic (recommended) Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet. Click Apply then OK. Java Updates As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java. Click Start Select Control Panel Select Add or Remove Programs Remove all Java updates except the latest one you have just installed. Adobe Updates Your Adobe reader needs updating. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here. Other Updates Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc 2. Security Programs Here is a list of security programs that I would recommend. Firewall A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall. Zone Alarm is an excellent free basic firewall which is very easy to use. Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission. Antivirus An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly. AVG Avira Free Avast Anti-Malware Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only. Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer. Prevention SpywareBlaster is an excellent free tool for preventing the installation of spyware. SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm. Cleaner ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files. Browser Firefox is an alternative browser to Internet Explorer and is more secure. NoScript is an add-on for Firefox and prevents execution of malicious scripts. MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.

BuzzBoy22 View Member Profile	Oct 6 2009, 03:16 PM Post #13
New Member Posts: 9 OS: XP	hammerman, Thanks a million for helping me out of this mess... you're my hero. Before we close this post, I have a couple of quick questions I hope you can help me with. Is there a way to determine which email messages are infected? As you know, I've been using Symantec AntiVirus. In your experience, is this a program you would stick with, or would you switch to AVG or one of the other programs in your post? Thanks again, BuzzBoy22

hammerman View Member Profile	Oct 7 2009, 07:03 AM Post #14
Trusted Helper Posts: 1,499 From: UK OS: XP	Hello, QUOTE Is there a way to determine which email messages are infected? I'm afraid not. The files contain all your emails. QUOTE As you know, I've been using Symantec AntiVirus. In your experience, is this a program you would stick with, or would you switch to AVG or one of the other programs in your post? I would recommend Avira antivirus.

BuzzBoy22 View Member Profile	Oct 7 2009, 09:45 AM Post #15
New Member Posts: 9 OS: XP	hammerman, Thanks again for your help. My computer is running well with no sign of the virus. BuzzBoy22

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal PC has been infected with Trojan.Vundo [RESOLVED] 12	15 / 1,004	15th January 2008 - 12:49 PM OMGkorea started - last by Essexboy
Virus, Spyware and Trojan Removal computer infected with Trojan/Vundo... SOS! 12	19 / 1,330	17th December 2008 - 09:05 AM waiwai started - last by Gravity Gripp
Virus, Spyware and Trojan Removal Was infected with Trojan Vundo and hobolaku (and more, I think) [Solve	11 / 341	2nd May 2009 - 01:52 AM Cougar1966 started - last by fenzodahl512
Virus, Spyware and Trojan Removal Infected with Trojan.Vundo.H [Closed]	14 / 613	26th September 2009 - 06:55 AM little_angel started - last by Essexboy