Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan.vjundo / antivirus 2008 [RESOLVED]


  • This topic is locked This topic is locked

#1
dzdnconfuzd

dzdnconfuzd

    New Member

  • Member
  • Pip
  • 8 posts
Hi all,,, about a week ago I got a pop up from antivirus 2008 (I think the year is correct) offering a free scan which I promptly closed. However, since then the window has kept reappearing along with some pop up ads (some not suitable for younger viewers). I've tried all the fixes and software that I can find,,, but none have solved the issue. Nortons finds a trojan.vundo but can't delete/quarantine it. Please help be rid my computer of this annoying bug. Here's a copy of the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:40 PM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\PMService.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mobile automation\marchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mobile automation\rstate.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\MOBILE~1\rstate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\lotus\notes\ntmulti.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\program files\mobile automation\rsstatus.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\skeown\Desktop\procexp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Live Support Host] "c:\program files\mobile automation\marchost.exe" -servicehelper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DM Agent] c:\PROGRA~1\MOBILE~1\rstate.exe /LOGON
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: IDBackup
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

The HJT log you posted is incomplete. We'll get back to it later...please proceed with the below now:

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

Run a new HijackThis scan and post the entire log here.
  • 0

#3
dzdnconfuzd

dzdnconfuzd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I'm working on your suggestions now but it's going to be difficult at best,,, as my computer has gotten worse. I downloaded spyware doctor to give it a shot. It has detected several other problems. The current list is
antivirus 2008 (not detected by any program, just pops up often)
dumaru
cash_fiesta
metajuan
virtumonde
vundo

Yesterday I was getting a lot of popups and today,,, I can't access the internet. I'm using a borrowed laptop now to try and download the programs but it seems to be having issues as well. Both of these computers are company owned and I can't get any work done until I get this resolved. Our IT personel was "let go" when a new company took over,,, so I'm on my own. I appreciate any help that you can offer as this one is over my head.
  • 0

#4
dzdnconfuzd

dzdnconfuzd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Also, I have a strong hunch that the stuff listed above is being "spawned" by a well hidden trojan/virus. Most of them seem to delete without issues but come right back as soon as I log on or start another application.
  • 0

#5
dzdnconfuzd

dzdnconfuzd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok, I managed to get them installed and ran. Here are the logs

Malwarebytes

Malwarebytes' Anti-Malware 1.24
Database version: 1045
Windows 5.1.2600 Service Pack 2

12:03:12 PM 8/12/2008
mbam-log-8-12-2008 (12-03-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 67845
Time elapsed: 1 hour(s), 23 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\pmnnNdbA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\zftikp.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28fa0847-3a34-481d-a084-2c6a7cb3c2c1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{28fa0847-3a34-481d-a084-2c6a7cb3c2c1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f708c17b-370b-469f-abdd-c4919a54bdfe} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f708c17b-370b-469f-abdd-c4919a54bdfe} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm13988e55 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnnndba -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnnndba -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\zftikp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\pmnnNdbA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\AbdNnnmp.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\AbdNnnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fylqnwoy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yownqlyf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jctkdgsm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\msgdktcj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lywurlur.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rulruwyl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wmgibcpe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\epcbigmw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xcikreuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vuerkicx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pxyiajos.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\iwakjpsl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\oysdjihe.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\kqwgtjml.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\gqxuwjvt.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tidnjgav.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM13988e55.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM13988e55.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


Combofix

ComboFix 08-08-11.01 - 02keowns34 2008-08-12 13:04:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.724 [GMT -5:00]
Running from: C:\Documents and Settings\skeown\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\cyojxa.dll
C:\WINDOWS\system32\dyglvotn.dll
C:\WINDOWS\system32\eassop.dll
C:\WINDOWS\system32\eftawnxk.dll
C:\WINDOWS\system32\eghwxdee.dll
C:\WINDOWS\system32\fogsfhhn.dll
C:\WINDOWS\system32\gvritb.dll
C:\WINDOWS\system32\hqfkym.dll
C:\WINDOWS\system32\jwymgk.dll
C:\WINDOWS\system32\lcwonn.dll
C:\WINDOWS\system32\lecolepi.dll
C:\WINDOWS\system32\ndvlajkd.dll
C:\WINDOWS\system32\nkbwigjl.dll
C:\WINDOWS\system32\nkyqsraf.dll
C:\WINDOWS\system32\nrsikios.dll
C:\WINDOWS\system32\pfqmkdgf.ini
C:\WINDOWS\SYSTEM32\slakijep.ini
C:\WINDOWS\system32\slnhcaqm.dll
C:\WINDOWS\system32\tghvmt.dll
C:\WINDOWS\system32\uhktghax.dll
C:\WINDOWS\system32\vpuwmvhm.ini
C:\WINDOWS\SYSTEM32\wabslvgi.ini
C:\WINDOWS\system32\yulhsftu.dll
C:\WINDOWS\system32\zqrcjf.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-12 10:17 . 2008-08-12 10:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 10:17 . 2008-08-12 10:17 <DIR> d-------- C:\Documents and Settings\skeown\Application Data\Malwarebytes
2008-08-12 10:17 . 2008-08-12 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 10:17 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-12 10:17 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-08-12 08:58 . 2008-08-12 08:58 230 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.inf
2008-08-11 08:50 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-08-11 08:50 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-08-11 08:50 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-08-11 08:50 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-08-11 08:49 . 2008-08-12 11:27 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-11 08:49 . 2008-08-11 08:49 <DIR> d-------- C:\Documents and Settings\skeown\Application Data\PC Tools
2008-08-07 14:34 . 2008-08-11 08:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-07 14:34 . 2008-08-11 08:31 <DIR> d-------- C:\Documents and Settings\skeown\Application Data\SUPERAntiSpyware.com
2008-08-07 14:34 . 2008-08-07 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-07 12:26 . 2008-08-07 12:26 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-06 09:11 . 2008-08-06 09:11 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-08-06 09:04 . 2008-08-06 09:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-05 12:36 . 2008-08-12 13:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-05 12:30 . 2008-08-05 12:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-05 12:13 . 2008-08-05 12:13 1,136 --a------ C:\WINDOWS\SYSTEM32\history.aaw
2008-08-04 08:42 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-08-04 08:42 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-07-31 15:49 . 2008-08-04 09:26 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-07-29 12:10 . 2008-07-29 12:10 149 --a------ C:\WINDOWS\wininit.ini
2008-07-28 09:11 . 2008-07-28 09:11 294 --ahs---- C:\WINDOWS\SYSTEM32\mkijcioa.ini
2008-07-22 09:45 . 2008-07-22 09:49 <DIR> d-------- C:\Documents and Settings\skeown\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 18:06 --------- d-----w C:\Program Files\Mobile Automation
2008-08-12 17:59 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-11 17:44 --------- d-----w C:\Documents and Settings\skeown\Application Data\AdobeUM
2008-08-11 17:39 --------- d-----w C:\Program Files\orders plus client
2008-08-11 13:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 14:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-05 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-08-04 13:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 17:34 --------- d-----w C:\Documents and Settings\skeown\Application Data\Lavasoft
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-28 18:27 37,027 ----a-w C:\WINDOWS\atmoUn.exe
2007-08-17 16:56 91,128 -c--a-w C:\Documents and Settings\skeown\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44 679936]
"Live Support Host"="c:\program files\mobile automation\marchost.exe" [2007-06-12 00:31 217088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40 124656]
"DM Agent"="c:\PROGRA~1\MOBILE~1\rstate.exe" [2007-08-01 04:04 114688]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
IDBackup.exe [2005-07-06 13:35:24 134704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousUserGroupPolicy"= 0 (0x0)
"disablecad"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Intellimenus"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^skeown^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\skeown\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-03-23 13:26 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2004-08-04 02:56 143360 C:\WINDOWS\SYSTEM32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-09-09 08:41 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 EPA_GPO_PMService;Energy Star™ EZ GPO Power Management Configuration Tool;C:\WINDOWS\system32\PMService.exe [2007-08-05 21:05]
R2 marchost;Live Support Host;c:\program files\mobile automation\marchost.exe [2007-06-12 00:31]
R2 MobileAutmationAgentService;iPass Device Management Agent;c:\program files\mobile automation\rstate.exe [2007-08-01 04:04]
R2 OkiPar;OkiPar;C:\WINDOWS\system32\Drivers\OkiPar.SYS [2002-11-08 16:48]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 14:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb9acdaa-31c8-11da-9824-00c0a88bab54}]
\Shell\AutoRun\command - E:\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
MSConfigStartUp-e - C:\Program Files\XP Antivirus\xpscanner.exe
MSConfigStartUp-PopUpStopperFreeEdition - C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\skeown\Application Data\Mozilla\Firefox\Profiles\9w3vace6.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 13:06:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-12 13:08:10
ComboFix-quarantined-files.txt 2008-08-12 18:08:01

Pre-Run: 20,090,503,168 bytes free
Post-Run: 20,074,586,112 bytes free

167 --- E O F --- 2008-07-09 17:43:31


And, HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09, on 2008-08-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\PMService.exe
c:\program files\mobile automation\marchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mobile automation\rstate.exe
C:\lotus\notes\ntmulti.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MOBILE~1\rstate.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mobile automation\rsstatus.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Live Support Host] "c:\program files\mobile automation\marchost.exe" -servicehelper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DM Agent] c:\PROGRA~1\MOBILE~1\rstate.exe /LOGON
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: IDBackup.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MSAnet.com
O17 - HKLM\Software\..\Telephony: DomainName = MSAnet.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MSAnet.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Energy Star™ EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINDOWS\system32\PMService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Live Support Host (marchost) - iPass Inc. - c:\program files\mobile automation\marchost.exe
O23 - Service: iPass Device Management Agent (MobileAutmationAgentService) - iPass Inc. - c:\program files\mobile automation\rstate.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 4680 bytes
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Double click on C:\WINDOWS\wininit.ini to open it up in Notepad. Copy and paste the contents of that file here. Then go back and delete all the contents. Copy and paste the below two lines back to that file and save it:

[rename]
nul=

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
C:\WINDOWS\SYSTEM32\mkijcioa.ini

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

You should notice some improvement by now. How is it running so far?
  • 0

#7
dzdnconfuzd

dzdnconfuzd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
[rename]
c:\tempjunk7234.tmp=C:\WINDOWS\SYSTEM32\kHAPIAss.dll
nul=c:\tempjunk9865.tmp
c:\tempjunk9865.tmp=C:\WINDOWS\SYSTEM32\ikrgbwfg.dll_old

Yes, it's working much better now. The combofix locked up the first time I tried to use it which left my clock set in 24hr mode. I'm also having trouble accessing our inventory/invoicing software but everything else seems to be back to normal. Thanks a million for helping out. I'll try your latest suggestion and update soon.
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Try the CFScript again. If it still locks up, see if you can find and delete the following file:

C:\WINDOWS\SYSTEM32\mkijcioa.ini

Then run Combofix manually by double clicking on it. Post the log here.
  • 0

#9
dzdnconfuzd

dzdnconfuzd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I may not have been clear on my reply. The combofix locked up when I used it after running malwarebytes. I then tried it again and it ran fine. It also did fine with the CFscript. I did run it again (by dragging the CFscript file onto it) as you suggested and then ran it by double clicking it. I saved both logs and here they are

CFscript

ComboFix 08-08-11.01 - 02keowns34 2008-08-14 8:16:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.689 [GMT -5:00]
Running from: E:\ComboFix.exe
Command switches used :: C:\Documents and Settings\skeown\Desktop\cfscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\SYSTEM32\mkijcioa.ini
.

((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-14 07:56 . 2008-08-14 07:56 <DIR> d-------- C:\WINDOWS\LastGood
2008-08-13 16:19 . 2008-08-13 16:23 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-13 13:17 . 2008-08-13 13:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-13 12:49 . 2008-06-23 11:57 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-08-13 12:49 . 2007-04-17 04:32 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-08-13 12:49 . 2007-03-08 00:10 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-08-13 12:49 . 2008-06-23 11:57 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-08-13 12:49 . 2008-06-23 11:57 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-08-13 12:49 . 2008-06-23 11:57 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-08-13 12:49 . 2008-06-23 11:57 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-08-13 12:49 . 2008-06-23 11:57 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-08-13 12:49 . 2008-06-23 04:20 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-13 12:05 . 2008-08-13 12:05 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-13 08:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2008-08-13 08:16 . 2008-08-13 08:16 <DIR> d-------- C:\Program Files\4Team Corporation
2008-08-12 13:44 . 2008-08-12 14:00 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-12 13:44 . 2008-08-13 08:21 <DIR> d-------- C:\Program Files\Google
2008-08-12 13:40 . 2008-08-13 16:23 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-12 10:17 . 2008-08-12 10:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 10:17 . 2008-08-12 10:17 <DIR> d-------- C:\Documents and Settings\skeown\Application Data\Malwarebytes
2008-08-12 10:17 . 2008-08-12 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 10:17 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-12 10:17 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-08-11 08:50 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-08-11 08:50 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-08-11 08:50 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-08-11 08:50 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-08-11 08:49 . 2008-08-14 08:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-11 08:49 . 2008-08-11 08:49 <DIR> d-------- C:\Documents and Settings\skeown\Application Data\PC Tools
2008-08-07 14:34 . 2008-08-11 08:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-07 14:34 . 2008-08-11 08:31 <DIR> d-------- C:\Documents and Settings\skeown\Application Data\SUPERAntiSpyware.com
2008-08-07 14:34 . 2008-08-07 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-07 12:26 . 2008-08-07 12:26 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-06 09:11 . 2008-08-06 09:11 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-08-06 09:04 . 2008-08-06 09:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-05 12:36 . 2008-08-14 08:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-05 12:30 . 2008-08-05 12:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-05 12:13 . 2008-08-05 12:13 1,136 --a------ C:\WINDOWS\SYSTEM32\history.aaw
2008-08-04 08:42 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-08-04 08:42 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-07-31 15:49 . 2008-08-13 08:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-07-29 12:10 . 2008-08-13 11:08 14 --a------ C:\WINDOWS\wininit.ini
2008-07-22 09:45 . 2008-07-22 09:49 <DIR> d-------- C:\Documents and Settings\skeown\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 13:19 --------- d-----w C:\Program Files\Mobile Automation
2008-08-13 18:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 17:35 --------- d-----w C:\Program Files\orders plus client
2008-08-12 17:59 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-11 17:44 --------- d-----w C:\Documents and Settings\skeown\Application Data\AdobeUM
2008-08-06 14:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-05 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-08-04 13:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 17:34 --------- d-----w C:\Documents and Settings\skeown\Application Data\Lavasoft
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-24 15:57 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-05-28 18:27 37,027 ----a-w C:\WINDOWS\atmoUn.exe
2008-05-16 16:58 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2007-08-17 16:56 91,128 -c--a-w C:\Documents and Settings\skeown\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-12 14:14 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44 679936]
"Live Support Host"="c:\program files\mobile automation\marchost.exe" [2007-06-12 00:31 217088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40 124656]
"DM Agent"="c:\PROGRA~1\MOBILE~1\rstate.exe" [2007-08-01 04:04 114688]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
IDBackup.exe [2005-07-06 13:35:24 134704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousUserGroupPolicy"= 0 (0x0)
"disablecad"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Intellimenus"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^skeown^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\skeown\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-03-23 13:26 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2004-08-04 02:56 143360 C:\WINDOWS\SYSTEM32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-09-09 08:41 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 EPA_GPO_PMService;Energy Star™ EZ GPO Power Management Configuration Tool;C:\WINDOWS\system32\PMService.exe [2007-08-05 21:05]
R2 marchost;Live Support Host;c:\program files\mobile automation\marchost.exe [2007-06-12 00:31]
R2 MobileAutmationAgentService;iPass Device Management Agent;c:\program files\mobile automation\rstate.exe [2007-08-01 04:04]
R2 OkiPar;OkiPar;C:\WINDOWS\system32\Drivers\OkiPar.SYS [2002-11-08 16:48]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 14:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb9acdaa-31c8-11da-9824-00c0a88bab54}]
\Shell\AutoRun\command - E:\

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 08:18:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\skeown\LOCALS~1\Temp\RGI8.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-08-14 8:20:25
ComboFix-quarantined-files.txt 2008-08-14 13:20:01
ComboFix2.txt 2008-08-13 16:14:24
ComboFix3.txt 2008-08-12 18:08:11

Pre-Run: 17,969,115,136 bytes free
Post-Run: 17,953,890,304 bytes free

161 --- E O F --- 2008-08-13 21:23:39


Combofix log

ComboFix 08-08-11.01 - 02keowns34 2008-08-14 8:27:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.674 [GMT -5:00]
Running from: E:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-14 07:56 . 2008-08-14 07:56 <DIR> d-------- C:\WINDOWS\LastGood
2008-08-13 16:19 . 2008-08-13 16:23 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-13 13:17 . 2008-08-13 13:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-13 12:49 . 2008-06-23 11:57 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-08-13 12:49 . 2007-04-17 04:32 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-08-13 12:49 . 2007-03-08 00:10 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-08-13 12:49 . 2008-06-23 11:57 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-08-13 12:49 . 2008-06-23 11:57 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-08-13 12:49 . 2008-06-23 11:57 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-08-13 12:49 . 2008-06-23 11:57 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-08-13 12:49 . 2008-06-23 11:57 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-08-13 12:49 . 2008-06-23 04:20 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-13 12:05 . 2008-08-13 12:05 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-13 08:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2008-08-13 08:16 . 2008-08-13 08:16 <DIR> d-------- C:\Program Files\4Team Corporation
2008-08-12 13:44 . 2008-08-12 14:00 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-12 13:44 . 2008-08-13 08:21 <DIR> d-------- C:\Program Files\Google
2008-08-12 13:40 . 2008-08-13 16:23 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-12 10:17 . 2008-08-12 10:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 10:17 . 2008-08-12 10:17 <DIR> d-------- C:\Documents and Settings\skeown\Application Data\Malwarebytes
2008-08-12 10:17 . 2008-08-12 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 10:17 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-12 10:17 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-08-11 08:50 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-08-11 08:50 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-08-11 08:50 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-08-11 08:50 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-08-11 08:49 . 2008-08-14 08:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-11 08:49 . 2008-08-11 08:49 <DIR> d-------- C:\Documents and Settings\skeown\Application Data\PC Tools
2008-08-07 14:34 . 2008-08-11 08:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-07 14:34 . 2008-08-11 08:31 <DIR> d-------- C:\Documents and Settings\skeown\Application Data\SUPERAntiSpyware.com
2008-08-07 14:34 . 2008-08-07 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-07 12:26 . 2008-08-07 12:26 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-06 09:11 . 2008-08-06 09:11 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-08-06 09:04 . 2008-08-06 09:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-05 12:36 . 2008-08-14 08:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-05 12:30 . 2008-08-05 12:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-05 12:13 . 2008-08-05 12:13 1,136 --a------ C:\WINDOWS\SYSTEM32\history.aaw
2008-08-04 08:42 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-08-04 08:42 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-07-31 15:49 . 2008-08-13 08:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-07-29 12:10 . 2008-08-13 11:08 14 --a------ C:\WINDOWS\wininit.ini
2008-07-22 09:45 . 2008-07-22 09:49 <DIR> d-------- C:\Documents and Settings\skeown\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 13:29 --------- d-----w C:\Program Files\Mobile Automation
2008-08-13 18:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 17:35 --------- d-----w C:\Program Files\orders plus client
2008-08-12 17:59 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-11 17:44 --------- d-----w C:\Documents and Settings\skeown\Application Data\AdobeUM
2008-08-06 14:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-05 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-08-04 13:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 17:34 --------- d-----w C:\Documents and Settings\skeown\Application Data\Lavasoft
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-24 15:57 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-05-28 18:27 37,027 ----a-w C:\WINDOWS\atmoUn.exe
2008-05-16 16:58 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2007-08-17 16:56 91,128 -c--a-w C:\Documents and Settings\skeown\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-12 14:14 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44 679936]
"Live Support Host"="c:\program files\mobile automation\marchost.exe" [2007-06-12 00:31 217088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40 124656]
"DM Agent"="c:\PROGRA~1\MOBILE~1\rstate.exe" [2007-08-01 04:04 114688]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
IDBackup.exe [2005-07-06 13:35:24 134704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousUserGroupPolicy"= 0 (0x0)
"disablecad"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Intellimenus"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^skeown^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\skeown\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-03-23 13:26 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2004-08-04 02:56 143360 C:\WINDOWS\SYSTEM32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-09-09 08:41 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 EPA_GPO_PMService;Energy Star™ EZ GPO Power Management Configuration Tool;C:\WINDOWS\system32\PMService.exe [2007-08-05 21:05]
R2 marchost;Live Support Host;c:\program files\mobile automation\marchost.exe [2007-06-12 00:31]
R2 MobileAutmationAgentService;iPass Device Management Agent;c:\program files\mobile automation\rstate.exe [2007-08-01 04:04]
R2 OkiPar;OkiPar;C:\WINDOWS\system32\Drivers\OkiPar.SYS [2002-11-08 16:48]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 14:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb9acdaa-31c8-11da-9824-00c0a88bab54}]
\Shell\AutoRun\command - E:\

*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\skeown\Application Data\Mozilla\Firefox\Profiles\9w3vace6.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 08:28:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-14 8:30:06
ComboFix-quarantined-files.txt 2008-08-14 13:30:03
ComboFix2.txt 2008-08-14 13:20:26
ComboFix3.txt 2008-08-13 16:14:24
ComboFix4.txt 2008-08-12 18:08:11

Pre-Run: 17,964,163,072 bytes free
Post-Run: 17,950,081,024 bytes free

163 --- E O F --- 2008-08-13 21:23:39

Most everything still seems to be working fine. My only issues now are accessing our inventory database and my Nortons seems to be gone??? I should be able to get those resolved here once the plant manager returns.
Also, Combofix never seems to return my clock to the correct format,,, but that's no biggie,,, I can handle that one on my own,,, HA HA HA.
Thanks again for all your help.
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\imsins.BAK

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

You may reinstall Norton if it's acting up. If the clock is still not the correct format, you may change it manually like you said :)
  • 0

#11
dzdnconfuzd

dzdnconfuzd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
After clicking MoveIt! I got a message that the file couldn't be found

File/Folder C:\WINDOWS\imsins.BAK not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08152008_081044

As of now, the only problems that I'm having are with our inventory software (I get an "Invalid Date" error?) and with Nortons. I tried reinstalling it but get "an error occured while loading savrt32.dll" error.

Other than these two problems,,, all else seems as good as or better than before. I am trying to reinstall Nortons using the icon (installer previously loaded). So, hopefully I can get the disc from my manager when he returns on Monday. As for the inventory software, I can work around that as well and hopefully get that solved next week, too.

Thanks again for all your help.

O' and is there a problem with leaving combofix on here? Also, should I wait until I get the last two issues solved to remove it or is it safe to remove now?

Great info in the link that you posted. I have a few of the programs that you recommended but plan to load more of them,,, don't want to go through this again :)
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Remove Combofix now. There's no point keeping it as it will be outdated very shortly (it's always being updated). Plus it will remove other folders that it created and also restore some permissions.

Change your time back to the proper format if it still doesn't return after removing Combofix. I think that date format is messing up your inventory software. Try reinstalling when you get the disc and see if that fixes the issue.

I think your computer is free of malware now. If you want, we can leave this topic opened, but there's probably no point as it won't be malware related anymore.
  • 0

#13
dzdnconfuzd

dzdnconfuzd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Makes sense. I'll remove it now, reset the date/time, and reinstall the inventory software. I just heard that we're getting a new version of Norton this week,,, so that'll solve that issue. Thanks again :) and I agree that the topic should be closed. :)
  • 0

#14
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP