Jump to content

Help request for malware


Recommended Posts

Hello. I am currently having a problem running the Malware bytes anti-malware software and the hijack this. I installed the anti-malware software which then updated and brought up a tabbed application. I checked the update tab and hit update and it said I was up to date. Then I tried a quick scan, which ran for a few seconds before an abrupt exit. I tried looking for the tdsservice hidden device driver and could not find one by that name. And I downloaded HJTInstall, which ran and gave me an option to scan and save log. I selected and it looked like it was displaying a list of files from my drive for just a couple of seconds before an abrupt exit. No notepad output.

Can you offer any advice? I started these steps because I got a trojan of some kind I think it was the windows anti-virus pro variety and it has left me unable to change my background from their screen, I had to run devmgmt.msc in order to get my device manager to come up, and every morning my computer has been rebooted and tells me my system was recently updated. I know windows has (and needs) many update patches, but after the sixth day in a row one cannot help but become suspicious.

Thanks for your time

Link to post
Share on other sites

  • Staff

Yes.

Download RSIT by random/random and save it to your Desktop.

  • Double click RSIT.exe to start the tool and click Continue at the disclaimer.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Please post the contents of both logs here in your next reply.

Next, please run a GMER Rootkit scan:

Download GMER's application from here:

http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe

Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.

This will copy the results to your clipboard.

Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

-screen317

Link to post
Share on other sites

I was able to run GMER as instructed with the following output in the Rootkit/Malware tab after scanning

Thanks again for the help

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net

Rootkit scan 2009-08-29 20:13:27

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB64B16B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB64B1574]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB64B1A52]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB64B114C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB64B164E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB64B108C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB64B10F0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB64B176E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB64B172E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB64B18AE]

---- Kernel code sections - GMER 1.0.15 ----

? win32k.sys:1 The system cannot find the file specified. !

? win32k.sys:2 The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.exe[2632] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\C46BE666.x86.dll

.text C:\WINDOWS\Explorer.exe[2632] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\C46BE666.x86.dll

.text C:\WINDOWS\Explorer.exe[2632] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\C46BE666.x86.dll

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3024] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3040] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\C46BE666.x86.dll

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\C46BE666.x86.dll

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\C46BE666.x86.dll

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

.text C:\Program Files\iTunes\iTunesHelper.exe[3280] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\C46BE666.x86.dll

.text C:\Program Files\iTunes\iTunesHelper.exe[3280] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\C46BE666.x86.dll

.text C:\Program Files\iTunes\iTunesHelper.exe[3280] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\C46BE666.x86.dll

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3304] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[812] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002

IAT C:\WINDOWS\system32\services.exe[812] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

IAT C:\WINDOWS\Explorer.exe[2632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\C46BE666.x86.dll

IAT C:\WINDOWS\Explorer.exe[2632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\C46BE666.x86.dll

IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\C46BE666.x86.dll

IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\C46BE666.x86.dll

IAT C:\Program Files\iTunes\iTunesHelper.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\C46BE666.x86.dll

IAT C:\Program Files\iTunes\iTunesHelper.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\C46BE666.x86.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe [176] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\Program Files\RealVNC\VNC4\WinVNC4.exe [616] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1064] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1168] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1264] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1384] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1648] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1796] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [1844] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1960] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.exe [2632] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\Documents and Settings\bbburgess\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [2764] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3212] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [3280] 0x35670000

Library \\?\globalroot\Device\__max++>\C46BE666.x86.dll (*** hidden *** ) @ C:\Program Files\DNA\btdna.exe [3532] 0x35670000

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP765\A0042889.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP765\A0042906.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP765\A0042916.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP765\A0042921.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP765\A0042939.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP766\A0042972.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP766\A0042988.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP766\A0043004.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP766\A0043016.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP766\A0043029.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP767\A0043061.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP770\A0043166.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP771\A0043204.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP772\A0043239.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP773\A0043308.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP774\A0043350.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP774\A0044350.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP775\A0044381.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP776\A0044414.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP777\A0044457.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP778\A0044492.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP779\A0044525.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP780\A0044561.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP781\A0044609.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP782\A0045014.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP783\A0045062.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP783\A0045086.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP784\A0045133.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP785\A0045166.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP786\A0045202.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP787\A0045240.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP788\A0045273.sys:1 8192 bytes executable

ADS C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP789\A0045305.sys:1 8192 bytes executable

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hi,

Please download Win32kDiag.exe by AD to your Desktop. Double click on it. It will make a diagnostic and produce a report on the desktop. Post that report on your next reply:

-screen317

Hello,

Here is the output

Log file is located at: C:\Documents and Settings\bbburgess\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-07-07 08:10:58 24539592 C:\WINDOWS\system32\MRT.exe ()

[2] 2009-05-07 00:16:30 24699336 C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP710\A0039881.exe (Microsoft Corporation)

[2] 2009-06-01 11:51:12 23635392 C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP744\A0040844.exe (Microsoft Corporation)

[2] 2009-07-07 10:10:56 24539592 C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP765\A0042919.exe (Microsoft Corporation)

[2] 2009-07-07 08:10:58 24539592 C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP766\A0042960.exe (Microsoft Corporation)

[2] 2009-07-07 10:10:56 24539592 C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP766\A0042998.exe (Microsoft Corporation)

[2] 2009-07-07 08:10:58 24539592 C:\System Volume Information\_restore{141BA4B4-54D3-49A9-A2E5-FBFE895E0FE5}\RP767\A0043048.exe (Microsoft Corporation)

Cannot access: C:\WINDOWS\system32\scecli.dll

[1] 2004-08-04 07:00:00 180224 C:\WINDOWS\$NtServicePackUninstall$\scecli.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:05 181248 C:\WINDOWS\ServicePackFiles\i386\scecli.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:05 60928 C:\WINDOWS\system32\scecli.dll ()

[2] 2008-04-13 19:12:05 181248 C:\WINDOWS\system32\sceclt.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\system32\wbem\SET104.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET104.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET113.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET113.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET16F.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET16F.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET19.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET19.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET1F.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET1F.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET20.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET20.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET25.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET25.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET29C.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET29C.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET2C.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET2C.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET37.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET37.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET38.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET38.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET39.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET39.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET42.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET42.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET50.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET50.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET53.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET53.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET60.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET60.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET76.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET76.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET77.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET77.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SET8C.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SET8C.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SETA0.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SETA0.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\SETEE.tmp

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\SETEE.tmp ()

Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

[1] 2009-02-06 05:15:13 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe (Microsoft Corporation)

[1] 2004-08-04 07:00:00 218112 C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:40 218112 C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:40 218112 C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 04:41:05 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 05:15:13 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\dllcache\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\system32\wbem\wmiprvse.exe ()

Finished!

Thanks again

Link to post
Share on other sites

Here is the log from ComboFix. I will look to find a link to get a "fresh" copy of hijackthis and post it's output.

ComboFix 09-09-03.02 - bbburgess 09/04/2009 15:51.1.2 - NTFSx86

Running from: c:\documents and settings\bbburgess\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\BBBURG~1\LOCALS~1\Temp\1.wmv

c:\documents and settings\bbburgess\Desktop\starving1.jpg

c:\documents and settings\bbburgess\Desktop\starving1.jpg

c:\documents and settings\bbburgess\Start Menu\Programs\Windows Antivirus Pro

c:\documents and settings\bbburgess\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk

c:\program files\Gamevance\gvtl.dll

c:\recycler\S-1-5-21-1078081533-606747145-1801674531-1003

c:\recycler\S-1-5-21-1715567821-838170752-839522115-1003

c:\recycler\S-1-5-21-1993962763-1390067357-725345543-1003

c:\windows\ppp3.dat

c:\windows\ppp4.dat

c:\windows\system\Winaspi.dll

c:\windows\system\Wowpost.exe

c:\windows\system32\bennuar.old

c:\windows\system32\bincd32.dat

c:\windows\system32\Data

c:\windows\system32\dddesot.dll

c:\windows\system32\desot.exe

c:\windows\system32\images

c:\windows\system32\images\i1.gif

c:\windows\system32\images\i2.gif

c:\windows\system32\images\i3.gif

c:\windows\system32\images\j1.gif

c:\windows\system32\images\j2.gif

c:\windows\system32\images\j3.gif

c:\windows\system32\images\jj1.gif

c:\windows\system32\images\jj2.gif

c:\windows\system32\images\jj3.gif

c:\windows\system32\images\l1.gif

c:\windows\system32\images\l2.gif

c:\windows\system32\images\l3.gif

c:\windows\system32\images\pix.gif

c:\windows\system32\images\t1.gif

c:\windows\system32\images\t2.gif

c:\windows\system32\images\up1.gif

c:\windows\system32\images\up2.gif

c:\windows\system32\images\w1.gif

c:\windows\system32\images\w11.gif

c:\windows\system32\images\w2.gif

c:\windows\system32\images\w3.gif

c:\windows\system32\images\w3.jpg

c:\windows\system32\images\wt1.gif

c:\windows\system32\images\wt2.gif

c:\windows\system32\images\wt3.gif

c:\windows\system32\onhelp.htm

c:\windows\system32\sysnet.dat

c:\windows\system32\tapi.nfo

c:\windows\system32\UACekommvwiikxobys.log

c:\windows\system32\UACfewtbtswfrmlwti.dll

c:\windows\system32\UACffibuuehspiailb.dll

c:\windows\system32\UACfwrurajnkxdwpbx.dll

c:\windows\system32\UACfxtqgxaxtmotnee.dll

c:\windows\system32\uacinit.dll

c:\windows\system32\UACokohutckejuswpr.dat

c:\windows\system32\UACsqdskgnffrragxx.dll

c:\windows\system32\wispex.html

D:\install.exe

Infected copy of c:\windows\system32\scecli.dll was found and disinfected

Restored copy from - c:\windows\system32\sceclt.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ANTIPPRO2009_12

-------\Legacy_NEW_DRV

-------\Legacy_UACd.sys

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Service_AntipPro2009_12

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))

.

2009-08-29 20:05 . 2009-08-29 20:05 -------- d-----w- C:\rsit

2009-08-26 23:15 . 2009-08-26 23:15 -------- d-----w- c:\documents and settings\bbburgess\Application Data\Canneverbe_Limited

2009-08-26 23:15 . 2009-08-26 23:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Canneverbe Limited

2009-08-26 23:14 . 2009-08-26 23:14 -------- d-----w- c:\program files\CDBurnerXP

2009-08-23 19:07 . 2009-08-23 19:07 -------- d-----w- c:\program files\Trend Micro

2009-08-23 18:51 . 2009-08-23 18:51 -------- d-----w- c:\documents and settings\bbburgess\Application Data\Malwarebytes

2009-08-23 18:51 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-23 18:51 . 2009-08-23 19:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-23 18:51 . 2009-08-23 18:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2009-08-23 18:51 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-22 15:52 . 2009-08-22 15:52 -------- d-----w- c:\documents and settings\bbburgess\Local Settings\Application Data\PCHealth

2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\MSBuild

2009-08-22 08:05 . 2009-08-22 08:05 -------- d-----w- c:\program files\Reference Assemblies

2009-08-22 08:05 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-22 08:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-22 08:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-22 08:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-22 08:05 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-22 08:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-22 08:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-20 00:59 . 2009-08-20 00:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard Entertainment

2009-08-12 20:23 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-04 21:18 . 2008-10-12 20:53 -------- d-----w- c:\program files\DNA

2009-09-04 21:18 . 2008-10-12 20:53 -------- d-----w- c:\documents and settings\bbburgess\Application Data\DNA

2009-09-04 21:16 . 2008-12-24 20:33 -------- d-----w- c:\documents and settings\bbburgess\Application Data\WTablet

2009-09-04 21:06 . 2009-01-14 09:09 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet

2009-09-04 21:03 . 2009-06-07 01:49 -------- d-----w- c:\program files\Gamevance

2009-09-04 07:21 . 2008-06-23 22:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater

2009-09-01 02:49 . 2007-08-11 08:08 -------- d-----w- c:\program files\World of Warcraft

2009-08-31 02:08 . 2007-08-19 20:03 -------- d-----w- c:\documents and settings\bbburgess\Application Data\gtk-2.0

2009-08-30 03:30 . 2008-11-21 00:33 -------- d-----w- c:\documents and settings\bbburgess\Application Data\U3

2009-08-27 01:58 . 2008-10-12 20:54 -------- d-----w- c:\documents and settings\bbburgess\Application Data\BitTorrent

2009-08-26 23:15 . 2007-08-21 22:59 33672 ----a-w- c:\documents and settings\bbburgess\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-09 18:56 . 2005-04-23 22:13 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 00:01 . 2008-06-15 17:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion

2009-08-01 01:18 . 2008-12-05 05:52 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-18 23:53 . 2008-11-30 17:59 -------- d-----w- c:\program files\Roku Radio Snooper

2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:19 . 2007-08-11 06:50 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-27 139264]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 68856]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]

"Google Update"="c:\documents and settings\bbburgess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]

"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-07-30 1935360]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-08-02 9134080]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-13 136600]

"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2007-06-15 22528]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]

"SbUsb AudCtrl"="sbusbdll.dll" - c:\windows\system32\sbusbdll.dll [2003-08-06 68608]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\bburgess\Start Menu\Programs\Startup\

AdSubtract.lnk - c:\program files\interMute\AdSubtract\AdSub.exe [2005-4-25 790528]

c:\documents and settings\bbburgess\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

HP OfficeJet Series 700 Startup.lnk - c:\program files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe [2009-4-22 1175552]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-3-6 67128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-5 805392]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= c:\windows\system32\onhelp.htm

FriendlyName= tets

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=

"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Curse\\CurseClient.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Java\\jre1.6.0_04\\bin\\java.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5900:TCP"= 5900:TCP:RealVNC

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

R3 PciCon;PciCon;E:\PciCon.sys [x]

R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\DRIVERS\sbusb.sys [2003-09-15 892160]

R3 SUSCOM;Susteen Serial port driver;c:\windows\system32\DRIVERS\SUSCOM.SYS [2002-10-22 40448]

S2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe [2009-01-29 578920]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-01 3032360]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-09-04 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-11 11:42]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1770027372-725345543-1003Core.job

- c:\documents and settings\bbburgess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 00:12]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1770027372-725345543-1003UA.job

- c:\documents and settings\bbburgess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 00:12]

2009-09-03 c:\windows\Tasks\Norton PC Checkup Weekday Scanner.job

- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]

2009-08-30 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job

- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8

HKLM-Run-Gamevance - c:\program files\Gamevance\gamevance32.exe

HKLM-Run-SigmatelSysTrayApp - sttray.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

LSP: bmnet.dll

Trusted Zone: aol.com\free

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\bbburgess\Application Data\Mozilla\Firefox\Profiles\qm9j483q.default\

FF - plugin: c:\documents and settings\bbburgess\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.14);user_pref(yahoo.homepage.dontask, true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-04 16:16

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1770027372-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:cb,3c,81,bd,02,a3,be,c8,e3,7a,b7,45,06,58,26,40,ab,6e,06,83,3f,e9,b0,

a5,ae,1b,3c,60,43,d6,17,6d,ff,7e,0e,cd,f3,36,56,c0,e8,f8,50,9f,3a,65,64,57,\

"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-823518204-1770027372-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:fe,3e,35,30,8d,f3,ff,31,9d,a5,e2,54,60,ca,4c,1e,79,f8,24,c3,3d,

7c,2e,bb,cc,ab,ad,27,ae,46,9d,ac,c2,f8,f9,c6,a9,71,aa,9a,4b,75,ab,cc,da,ab,\

"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(840)

c:\windows\system32\bmnet.dll

- - - - - - - > 'explorer.exe'(3004)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\bmwebcfg.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTSVCCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

c:\program files\RealVNC\VNC4\winvnc4.exe

c:\windows\system32\MsPMSPSv.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\HP OfficeJet Series 700\Bin\hpovdx05.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

c:\program files\Logitech\SetPoint\LU\LULnchr.exe

c:\program files\Logitech\SetPoint\LU\LogitechUpdate.exe

c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe

c:\program files\Java\jre6\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2009-09-04 16:26 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-04 21:26

Pre-Run: 32,976,195,584 bytes free

Post-Run: 36,330,057,728 bytes free

322 --- E O F --- 2009-09-04 08:01

Link to post
Share on other sites

Hello again,

I tried running hijackthis and could not. I uninstalled and downloaded again but with same results. I get "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item" while trying to run C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

I do not see anything out of the ordinary with the file attributes. It does have a plain windows icon when I view that directory with the windows explorer window. But other than that it looks like a 387K application file.

Can you suggest something?

Thanks,

BBB

Link to post
Share on other sites

  • Staff

Hi,

Try running this instead:

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

After that, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

I ran F-Secure online scanner. When I tried to view the results it either presented them in the app window were I couldn't copy/paste or presented a webpage. I have attached the web page results from the scan as it was too large to post. It is fsecure.zip. I have also attached attach.zip which is one of the output logs from dds. When it finished running, there were two notepads open, neither were minimized. But the app alert said to zip attach.txt and post DDS.txt. So that's why I'm doing this. Thanks again for your help. I will do the security check now.

Here is DDS.txt

DDS (Ver_09-07-30.01) - NTFSx86

Run by bbburgess at 14:25:56.45 on Sat 09/05/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [MtdAcqu] "c:\program files\creative\mediasource5\MtdAcqu.exe" /s

uRun: [Google Update] "c:\documents and settings\bbburgess\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [intelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [symPCCheckup]

StartupFolder: c:\docume~1\bbburg~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpoffi~1.lnk - c:\program files\hewlett-packard\hp officejet series 700\bin\HPOstr05.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

LSP: bmnet.dll

Trusted Zone: aol.com\free

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186817808265

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bbburg~1\applic~1\mozilla\firefox\profiles\qm9j483q.default\

FF - plugin: c:\documents and settings\bbburgess\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.14);user_pref(yahoo.homepage.dontask, true

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-09-04 16:25 <DIR> -cd----- c:\windows\system32\dllcache\cache

2009-09-04 15:37 <DIR> --d----- C:\cmdcons

2009-09-04 15:35 230,912 a------- c:\windows\PEV.exe

2009-09-04 15:35 161,792 a------- c:\windows\SWREG.exe

2009-09-04 15:35 98,816 a------- c:\windows\sed.exe

2009-08-26 18:15 <DIR> --d----- c:\docume~1\bbburg~1\applic~1\Canneverbe_Limited

2009-08-26 18:15 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Canneverbe Limited

2009-08-23 14:07 <DIR> --d----- c:\program files\Trend Micro

2009-08-23 13:51 <DIR> --d----- c:\docume~1\bbburg~1\applic~1\Malwarebytes

2009-08-23 13:51 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-23 13:51 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-23 13:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-08-23 13:51 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes

2009-08-23 13:23 7,680 a--sh--- c:\windows\system32\Thumbs.db

2009-08-22 07:10 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat

2009-08-22 03:05 <DIR> --d----- c:\windows\system32\XPSViewer

2009-08-22 03:05 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-22 03:05 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-22 03:05 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-22 03:05 575,488 -------- c:\windows\system32\xpsshhdr.dll

2009-08-22 03:05 117,760 -------- c:\windows\system32\prntvpt.dll

2009-08-22 03:05 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll

2009-08-22 03:05 1,676,288 -------- c:\windows\system32\xpssvcs.dll

2009-08-19 19:59 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Blizzard Entertainment

2009-08-12 15:23 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx

2009-08-12 15:23 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll

==================== Find3M ====================

2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-07-03 12:09 915,456 -------- c:\windows\system32\wininet.dll

2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-12 07:31 80,896 a------- c:\windows\system32\tlntsess.exe

2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe

2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll

2009-06-10 09:13 84,992 a------- c:\windows\system32\avifil32.dll

2009-06-10 01:14 132,096 a------- c:\windows\system32\wkssvc.dll

2008-08-27 19:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 14:26:26.26 ===============

fsecure.zip

Attach.zip

Link to post
Share on other sites

Here is the result from securitycheck.exe

Results of screen317's Security Check version 0.98.9

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMIC entry does not exist for antivirus; attempting automatic update.

``````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 11

Java 6 Update 2

Java 6 Update 4

Java 6 Update 7

Java SE Development Kit 6 Update 11

Java DB 10.4.1.3

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Link to post
Share on other sites

Greetings,

The only noticeable difference now is the icons on my desktop. The titles for the icons all have a gray background, as though they were selected, but not that blue. I attached a screen shot. It's not really a problem, but I am just not sure if it points to another problem as my background was "hijacked" before. I'm not sure if this is some active desktop bs or what.

My other most noticeable problem was finding my computer rebooted every day and a message that it had been updated. I wont know if that still exists until tomorrow. I'll let you know.

Yeah, I know my desktop is a little cluttered, but that's how I roll.

Thanks again,

BBB

post-18231-1252200473_thumb.jpg

Link to post
Share on other sites

  • Staff

Hi,

Right-click your Desktop and click Properties. Check the Appearance and Settings tabs for options regarding the icon background. You should be able to make them transparent (or change them to how they were before) from there.

Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Adobe Reader 8.1.2

Java

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.