Jump to content

need help removing backdoor.bot


Recommended Posts

Chris --

Per your instructions:

MBAM 1.46 installed. Here is results of a Quick Scan.

=====================================

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

4/30/2010 3:35:55 PM

mbam-log-2010-04-30 (15-35-55).txt

Scan type: Quick scan

Objects scanned: 128893

Time elapsed: 13 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

==========================

I re-downloaded ComboFix and ran it. Here is its log file:

==========================================

ComboFix 10-04-29.05 - Karwoski 04/30/2010 15:42:29.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1966 [GMT 2:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

.

((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))

.

2010-04-25 05:27 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\setup.exe

2010-04-25 05:27 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ar00000\install.exe

2010-04-21 11:27 . 2010-02-26 05:43 251904 -c----w- c:\windows\system32\dllcache\iepeers.dll

2010-04-21 11:27 . 2010-03-10 04:33 1025024 -c----w- c:\windows\system32\dllcache\browseui.dll

2010-04-19 08:16 . 2010-04-19 08:16 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd312402.vdb\NAVEX32A.DLL

2010-04-19 08:16 . 2010-04-19 08:16 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd312402.vdb\NAVEX15.SYS

2010-04-19 08:16 . 2010-04-19 08:16 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd312402.vdb\NAVENG.SYS

2010-04-19 08:16 . 2010-04-19 08:16 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd312402.vdb\EECTRL.SYS

2010-04-19 08:16 . 2010-04-19 08:16 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd312402.vdb\CCERASER.DLL

2010-04-19 08:16 . 2010-04-19 08:16 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd312402.vdb\ECMSVR32.DLL

2010-04-19 08:16 . 2010-04-19 08:16 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd312402.vdb\NAVENG32.DLL

2010-04-19 08:16 . 2010-04-19 08:16 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd312402.vdb\ERASER.SYS

2010-04-17 05:57 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-11 23:38 . 2010-04-11 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-04-10 23:33 . 2010-04-10 23:33 -------- d-----w- c:\program files\iPod

2010-04-10 23:33 . 2010-04-10 23:34 -------- d-----w- c:\program files\iTunes

2010-04-10 23:33 . 2010-04-10 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-10 23:25 . 2010-04-10 23:26 -------- d-----w- c:\program files\QuickTime

2010-04-10 23:19 . 2010-04-10 23:19 -------- d-----w- c:\program files\Bonjour

2010-04-10 23:09 . 2010-04-10 23:09 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

2010-04-10 08:13 . 2010-04-10 08:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\tjnet

2010-04-09 21:55 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\Upgrade\setup1.exe

2010-04-09 21:55 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\Upgrade\install1.exe

2010-04-09 21:54 . 2010-04-25 05:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\mjusbsp

2010-04-08 20:25 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2010-04-08 20:25 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

2010-04-08 20:19 . 2010-04-08 20:19 -------- d-----w- c:\program files\Lexmark_ENA

2010-04-08 20:17 . 2003-09-23 08:32 69632 ----a-w- c:\windows\system32\lxbfscin.dll

2010-04-08 20:17 . 2010-04-08 20:25 -------- d-----w- c:\program files\Lexmark X6100 Series

2010-04-08 20:16 . 2010-04-08 20:16 -------- d-----w- C:\Lxk6100

2010-04-08 20:07 . 2006-12-23 08:10 188416 ----a-w- c:\windows\system32\ip9100pm.dll

2010-04-08 20:07 . 2010-04-08 20:07 -------- d-----w- c:\program files\Lexmark

2010-04-01 10:44 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-31 18:26 . 2010-04-30 12:58 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-03-31 15:22 . 2010-03-31 15:22 -------- d-----w- c:\program files\Common Files\Skype

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-30 13:39 . 2010-02-24 18:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype

2010-04-30 13:30 . 2005-04-05 17:21 -------- d-----w- c:\program files\C4ebreg

2010-04-30 13:16 . 2010-02-24 07:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-30 13:15 . 2007-03-05 22:09 40 ----a-w- c:\windows\system32\profile.dat

2010-04-30 13:15 . 2009-12-28 00:19 1165968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-04-30 13:14 . 2010-04-30 13:14 711168 ----a-w- c:\windows\isRS-000.tmp

2010-04-30 11:06 . 2006-03-27 21:50 -------- d-----w- c:\program files\WST

2010-04-30 07:14 . 2008-06-18 20:08 -------- d-----w- c:\program files\InfoSelect

2010-04-30 02:06 . 2006-01-24 00:45 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-04-29 16:54 . 2009-12-03 21:18 -------- d-----w- c:\program files\AT&T Network Client

2010-04-29 13:39 . 2010-02-24 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 13:39 . 2010-02-24 07:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-28 17:19 . 2010-02-10 02:10 -------- d-----w- c:\program files\Calibre2

2010-04-22 08:14 . 2008-06-18 00:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM

2010-04-17 05:57 . 2008-11-20 10:47 -------- d-----w- c:\program files\Java

2010-04-16 16:05 . 2009-02-22 23:28 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-04-13 23:29 . 2008-06-17 20:58 28124 ----a-w- c:\windows\system32\nvModes.dat

2010-04-12 01:18 . 2007-03-05 22:07 -------- d-----w- c:\program files\Symantec Client Security

2010-04-12 01:17 . 2008-06-29 16:14 -------- d-----w- c:\program files\RFA

2010-04-11 02:30 . 2008-09-07 17:01 -------- d-----w- c:\program files\Flickr Uploadr

2010-04-10 23:33 . 2008-06-20 13:43 -------- d-----w- c:\program files\Common Files\Apple

2010-04-08 21:01 . 2009-07-18 23:36 -------- d-----w- c:\program files\Microsoft Silverlight

2010-03-31 02:14 . 2010-03-31 02:14 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-11dd4151-n\msvcp71.dll

2010-03-31 02:14 . 2010-03-31 02:14 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-11dd4151-n\jmc.dll

2010-03-31 02:14 . 2010-03-31 02:14 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-11dd4151-n\msvcr71.dll

2010-03-31 02:14 . 2010-03-31 02:14 -------- d-----w- c:\program files\Common Files\Java

2010-03-31 02:14 . 2010-03-31 02:14 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-55799c75-n\decora-sse.dll

2010-03-31 02:14 . 2010-03-31 02:14 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-55799c75-n\decora-d3d.dll

2010-03-24 01:13 . 2010-03-23 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2010-03-24 01:13 . 2010-03-23 22:17 -------- d-----w- c:\program files\Common Files\BitDefender

2010-03-23 22:29 . 2010-03-23 22:29 -------- d-----w- c:\program files\BitDefender

2010-03-16 01:55 . 2010-03-16 01:55 -------- d-----w- c:\program files\Trend Micro

2010-03-14 23:00 . 2010-03-14 23:00 -------- d-----w- c:\program files\Synology Data Replicator 3

2010-03-02 02:17 . 2008-12-12 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

2010-03-02 02:17 . 2008-06-20 22:26 -------- d-----w- c:\program files\TechSmith

2010-02-28 11:46 . 2010-02-28 11:46 331776 ----a-w- c:\windows\system32\config\systemprofile\ntuser.tmp

2010-02-28 11:45 . 2010-02-28 11:45 237568 ----a-w- c:\documents and settings\NetworkService\NTUSER.tmp

2010-02-28 11:45 . 2010-02-28 11:45 237568 ----a-w- c:\documents and settings\LocalService\ntuser.tmp

2010-02-26 23:51 . 2010-02-26 23:51 138584 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ug00000\magicJack.dll

2010-02-26 23:51 . 2010-02-26 23:51 6870864 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ug00000\setup.exe

2010-02-26 23:51 . 2010-02-26 23:51 705936 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\magicJackLoader.exe

2010-02-26 23:51 . 2010-02-26 23:51 480608 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\octvqe1_apiw.dll

2010-02-26 23:51 . 2010-02-26 23:51 214360 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\TjVista.dll

2010-02-26 23:50 . 2010-02-26 23:50 324952 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\TjIpSys.dll

2010-02-26 23:50 . 2010-02-26 23:50 615792 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\SJHandsetMagicJack.dll

2010-02-26 23:50 . 2010-02-26 23:50 87384 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\st00000\mjsetup.exe

2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\st00000\magicJack.dll

2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\magicJack.dll

2010-02-26 23:46 . 2010-02-26 23:46 12526424 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\magicJack.exe

2010-02-26 23:45 . 2010-02-26 23:45 743872 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ug00000\install.exe

2010-02-26 23:45 . 2010-02-26 23:45 87384 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\mjsetup.exe

2010-02-26 23:45 . 2010-02-26 23:45 138584 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\magicJack.dll

2010-02-26 23:44 . 2010-02-26 23:44 138584 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\lr00000\magicJack.dll

2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ug00000\magicJackSplash.exe

2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\st00000\magicJackSplash.exe

2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\magicJackSplash.exe

2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\magicJackSplash.exe

2010-02-26 23:43 . 2010-02-26 23:43 50520 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe

2010-02-26 05:43 . 2004-08-04 05:00 667136 ----a-w- c:\windows\system32\wininet.dll

2010-02-26 05:43 . 2004-08-04 05:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-02-25 18:11 . 2005-07-29 18:05 64792 ----a-w- c:\windows\isamunin.exe

2010-02-15 16:53 . 2009-10-07 09:31 6400 ----a-w- c:\windows\system32\drivers\isamfilter.sys

2010-02-13 20:35 . 2005-04-04 17:43 86695 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-12 16:46 . 2010-02-12 16:46 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-02-12 16:46 . 2010-02-12 16:46 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-02-08 16:17 . 2008-06-24 14:03 65592 ---ha-w- c:\windows\system32\mlfcache.dat

2010-02-01 17:52 . 2010-02-05 14:48 15424 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT2\LTTCheck.exe

2009-10-19 23:59 . 2010-03-23 22:42 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-04-14_03.02.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-04-30 13:16 . 2010-04-30 13:16 16384 c:\windows\Temp\Perflib_Perfdata_e20.dat

+ 2010-04-30 13:17 . 2010-04-30 13:17 16384 c:\windows\Temp\Perflib_Perfdata_c48.dat

- 2008-08-01 01:45 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll

+ 2008-08-01 01:45 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll

+ 2004-08-04 05:00 . 2010-04-19 18:55 69230 c:\windows\system32\perfc009.dat

- 2004-08-04 05:00 . 2010-04-08 08:25 69230 c:\windows\system32\perfc009.dat

+ 2004-08-04 05:00 . 2010-02-26 05:43 81920 c:\windows\system32\dllcache\ieencode.dll

- 2004-08-04 05:00 . 2009-09-25 05:37 81920 c:\windows\system32\dllcache\ieencode.dll

+ 2010-04-21 11:29 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB954459\update\spcustom.dll

+ 2010-04-21 11:29 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB954459\spmsg.dll

- 2009-12-28 03:41 . 2010-03-31 15:52 7962 c:\windows\system32\config\systemprofile\Application Data\Intel\Wireless\Settings\AlertHistory.bin

+ 2009-12-28 03:41 . 2010-04-29 06:54 7962 c:\windows\system32\config\systemprofile\Application Data\Intel\Wireless\Settings\AlertHistory.bin

- 2004-08-04 05:00 . 2009-12-22 05:21 627712 c:\windows\system32\urlmon.dll

+ 2004-08-04 05:00 . 2010-02-26 05:43 627712 c:\windows\system32\urlmon.dll

- 2004-08-04 05:00 . 2010-04-08 08:25 435406 c:\windows\system32\perfh009.dat

+ 2004-08-04 05:00 . 2010-04-19 18:55 435406 c:\windows\system32\perfh009.dat

+ 2010-04-17 05:57 . 2010-04-12 15:29 153376 c:\windows\system32\javaws.exe

- 2010-03-31 02:13 . 2010-03-09 02:28 153376 c:\windows\system32\javaws.exe

- 2010-03-31 02:13 . 2010-03-09 02:28 145184 c:\windows\system32\javaw.exe

+ 2010-04-17 05:57 . 2010-04-12 15:29 145184 c:\windows\system32\javaw.exe

+ 2010-04-17 05:57 . 2010-04-12 15:29 145184 c:\windows\system32\java.exe

- 2010-03-31 02:13 . 2010-03-09 02:28 145184 c:\windows\system32\java.exe

+ 2004-08-04 05:00 . 2010-02-26 05:43 251904 c:\windows\system32\iepeers.dll

- 2004-08-04 05:00 . 2008-04-14 11:41 251904 c:\windows\system32\iepeers.dll

+ 2005-04-04 18:34 . 2010-04-18 13:40 312064 c:\windows\system32\FNTCACHE.DAT

- 2005-04-04 18:34 . 2010-04-06 15:14 312064 c:\windows\system32\FNTCACHE.DAT

+ 2010-02-16 15:17 . 2010-02-26 05:43 667136 c:\windows\system32\dllcache\wininet.dll

- 2010-02-16 15:17 . 2009-12-22 05:21 667136 c:\windows\system32\dllcache\wininet.dll

+ 2010-02-16 15:17 . 2010-02-26 05:43 627712 c:\windows\system32\dllcache\urlmon.dll

- 2010-02-16 15:17 . 2009-12-22 05:21 627712 c:\windows\system32\dllcache\urlmon.dll

+ 2010-04-21 11:29 . 2007-11-30 11:18 382840 c:\windows\$hf_mig$\KB954459\update\updspapi.dll

+ 2010-04-21 11:29 . 2007-11-30 11:18 755576 c:\windows\$hf_mig$\KB954459\update\update.exe

+ 2010-04-21 11:29 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB954459\spuninst.exe

- 2004-08-04 05:00 . 2009-12-22 05:21 1509888 c:\windows\system32\shdocvw.dll

+ 2004-08-04 05:00 . 2010-03-10 04:33 1509888 c:\windows\system32\shdocvw.dll

+ 2008-08-29 19:06 . 2008-09-10 01:14 1307648 c:\windows\system32\msxml6.dll

+ 2004-08-04 05:00 . 2010-02-26 05:43 3073024 c:\windows\system32\mshtml.dll

+ 2010-02-16 15:17 . 2010-03-10 04:33 1509888 c:\windows\system32\dllcache\shdocvw.dll

- 2010-02-16 15:17 . 2009-12-22 05:21 1509888 c:\windows\system32\dllcache\shdocvw.dll

+ 2010-02-13 20:34 . 2008-09-10 01:14 1307648 c:\windows\system32\dllcache\msxml6.dll

+ 2010-02-16 15:17 . 2010-02-26 05:43 3073024 c:\windows\system32\dllcache\mshtml.dll

+ 2004-08-04 05:00 . 2010-03-10 04:33 1025024 c:\windows\system32\browseui.dll

- 2004-08-04 05:00 . 2008-04-14 11:41 1025024 c:\windows\system32\browseui.dll

+ 2010-04-28 17:19 . 2010-04-28 17:19 1165824 c:\windows\Installer\283b127.msi

+ 2010-04-21 11:29 . 2008-09-10 01:10 1379840 c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NetSP - restore settings on power failure"="c:\program files\AT&T Network Client\NetSP.exe" [2007-01-13 24576]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 68856]

"Folder View"="c:\program files\Folder View\folderview.exe" [2005-01-17 856576]

"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-01 133104]

"LDTray"="c:\program files\Livescribe\Livescribe Desktop\LDTray.exe" [2009-12-16 647168]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

"SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe" [2009-08-28 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"pmonmh"="c:\program files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19" [X]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"stgclean"="c:\sdwork\w32main2.exe" [2010-04-14 299008]

"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2005-09-06 28672]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]

"vptray"="c:\progra~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 125168]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-05 13549568]

"nwiz"="nwiz.exe" [2008-12-05 1630208]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-17 425984]

"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-04-17 172032]

"TpShocks"="TpShocks.exe" [2007-11-22 181536]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-16 417792]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]

"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-16 61728]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]

"C4EBReg"="c:\program files\c4ebreg\c4ebreg.exe" [2010-02-25 482584]

"ISAMTray"="c:\program files\c4ebreg\isamtray.exe" [2010-02-25 285976]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-29 185688]

"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-08 91688]

"ussshreg"="c:\progra~1\ULEADW~1.0\Ussshreg.exe" [1999-07-13 32768]

"SKDaemon.exe"="c:\program files\Lenovo\Productivity Keyboard\SKDaemon.exe" [2007-02-09 262144]

"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-05 86016]

"ISSI Service"="c:\sdwork\issimsvc.exe" [2010-02-11 241392]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"MyHelpService"="c:\program files\IBM\My Help\workspace\service\delayStart.exe" [2009-03-13 94208]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

hott notes 4.lnk - c:\program files\hott notes 4\hottnotes.exe [2007-5-16 1249280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-26 813584]

Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-2-18 7042376]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]

2005-09-06 18:43 49152 ----a-w- c:\windows\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 20:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"IBMconfig"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\InfoSelect\\is.exe"=

"c:\\Program Files\\IBM\\My Help\\jre\\bin\\myhelpw.exe"=

"c:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.20090505-1200\\win32\\x86\\symphony.exe"=

"c:\\Program Files\\IBM\\Lotus\\Sametime Connect\\rcp\\eclipse\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200810071032\\jre\\bin\\sametime80w.exe"=

"c:\\Program Files\\AT&T Network Client\\NetClient.exe"=

"c:\\Program Files\\Synology\\Assistant\\DSAssistant.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\sdwork\\w32maing.exe"=

"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [1/7/2010 8:03 PM 911680]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 8:32 PM 19504]

R2 AdeonaClientService;AdeonaClientService;c:\program files\Adeona\cygrunsrv.exe [7/13/2008 9:30 PM 68096]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [1/7/2010 8:03 PM 2480048]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 7:32 AM 189736]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [1/7/2010 8:03 PM 160288]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 7:26 PM 102448]

R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [10/7/2009 11:31 AM 6400]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/24/2010 9:46 AM 20952]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 9:40 AM 135664]

S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [10/16/2009 1:55 PM 20096]

S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [8/3/2009 11:26 PM 129535]

S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\DRIVERS\SmartpenBus.sys --> c:\windows\system32\DRIVERS\SmartpenBus.sys [?]

S3 SmartpenCom;Smartpen Communications;c:\windows\system32\DRIVERS\SmartpenCom.sys --> c:\windows\system32\DRIVERS\SmartpenCom.sys [?]

S3 ZSMC0303;VIMICRO USB PC Camera (VC0303);c:\windows\system32\drivers\usbVM303.sys [9/27/2006 8:48 PM 391949]

.

Contents of the 'Scheduled Tasks' folder

2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 07:40]

2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 07:40]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2653012379-1038974990-1957949151-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-01 19:01]

2010-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2653012379-1038974990-1957949151-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-01 19:01]

2010-04-30 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-25 18:41]

2010-04-29 c:\windows\Tasks\Synology Data Replicator 3-IBM-5F4A0AF30B8-Karwoski.job

- c:\program files\Synology Data Replicator 3\Backup.exe [2010-03-14 22:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://w3.ibm.com/

uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm

uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/

uInternet Settings,ProxyOverride = w3-501.ibm.com;<local>;*.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\2007\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

TCP: interfaces = 9.0.8.1,9.0.9.1

TCP: {DA5F9F7B-E4FB-4210-BD0F-655065DDD669} = 9.0.8.1,9.0.9.1

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java

DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB

DPF: {5C0E257E-9DFE-4955-AA93-0A9B166BAB50} - hxxp://192.168.1.199:5000/surveillance/object/SSObject.cab

DPF: {8C28EFD7-767B-11D1-844B-0060972DC2AC} - hxxps://w3-03.ibm.com/Hyperion/zeroadmin/component/Brio.Insight.en.cab

DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab

DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} - hxxp://w3.ibm.com/tools/print/plugin/gpwsx.cab

DPF: {BA7A56EB-D1B9-443B-96E9-086532A378F1} - hxxp://karmor.endoftheinternet.org:9876/activex/decoder/aac_dec.cab

DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} - hxxp://karmor.endoftheinternet.org:9875/activex/decoder/intel_mpeg4_dec.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://karmor.endoftheinternet.org:9876/activex/AMC.cab

DPF: {E734BF43-7194-4E3A-832F-307606DDF665} - hxxps://cs.conferenceservers.com/components/WDPLUGIN.CAB

DPF: {E765747B-A0E4-4BD4-93E4-EA0E3500D57C} - hxxps://w3-03.ibm.com/software/executiveutilities/pdm/plugin/PDMPlugin.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k0a2h1sk.default\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-30 15:55

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

LDTray = c:\program files\Livescribe\Livescribe Desktop\LDTray.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\windows\system32\pcsinst.dll

- - - - - - - > 'explorer.exe'(7720)

c:\program files\Folder View\dialhk.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-04-30 15:59:07

ComboFix-quarantined-files.txt 2010-04-30 13:58

ComboFix2.txt 2010-04-14 03:06

ComboFix3.txt 2010-04-08 09:07

ComboFix4.txt 2010-04-04 17:55

Pre-Run: 337,397,239,808 bytes free

Post-Run: 337,407,361,024 bytes free

- - End Of File - - AE8444F4D3EA77977728646F6A10C3C3

=========================================

Have a great weekend!

John

Link to post
Share on other sites

Chris, the last file blocked by MBAM was on April 23.

I downloaded and ran DDS. Here are the results....

Attach.txt file

===========================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/11/2008 3:50:10 AM

System Uptime: 5/1/2010 6:47:26 AM (11 hours ago)

Motherboard: LENOVO | | 7663AK5

Processor: Intel® Core2 Duo CPU T7500 @ 2.20GHz | None | 2194/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 314.281 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 4/4/2010 7:27:54 PM - System Checkpoint

RP2: 4/5/2010 8:54:33 AM - OTS Restore Point

RP3: 4/6/2010 9:54:21 AM - System Checkpoint

RP4: 4/7/2010 10:16:14 AM - System Checkpoint

RP5: 4/8/2010 10:22:07 AM - System Checkpoint

RP6: 4/8/2010 6:29:08 PM - Software Distribution Service 3.0

RP7: 4/8/2010 10:18:52 PM - Printer Driver Lexmark X6100 Series Installed

RP8: 4/10/2010 2:43:01 AM - System Checkpoint

RP9: 4/11/2010 4:03:24 AM - System Checkpoint

RP10: 4/12/2010 4:46:57 AM - System Checkpoint

RP11: 4/13/2010 6:30:48 AM - System Checkpoint

RP12: 4/15/2010 11:58:46 PM - System Checkpoint

RP13: 4/17/2010 12:32:47 AM - System Checkpoint

RP14: 4/17/2010 7:57:31 AM - Installed Java 6 Update 20

RP15: 4/18/2010 8:46:00 AM - System Checkpoint

RP16: 4/19/2010 8:43:21 PM - System Checkpoint

RP17: 4/21/2010 7:13:52 AM - System Checkpoint

RP18: 4/21/2010 1:28:16 PM - Installed Windows XP KB980182.

RP19: 4/21/2010 1:29:26 PM - Installed Windows XP KB954459.

RP20: 4/22/2010 3:59:01 PM - System Checkpoint

RP21: 4/23/2010 10:03:43 AM - Unsigned driver install

RP22: 4/23/2010 10:04:24 AM - Unsigned driver install

RP23: 4/24/2010 10:23:02 AM - System Checkpoint

RP24: 4/25/2010 2:11:30 PM - System Checkpoint

RP25: 4/26/2010 5:56:16 PM - System Checkpoint

RP26: 4/27/2010 8:10:13 PM - System Checkpoint

RP27: 4/28/2010 7:17:55 PM - Installed calibre

RP28: 4/28/2010 7:20:11 PM - Removed calibre

RP29: 4/29/2010 8:22:04 PM - System Checkpoint

RP30: 5/1/2010 12:24:45 PM - System Checkpoint

==== Installed Programs ======================

Access IBM

Acronis

Link to post
Share on other sites

Chris, I have my fingers crossed, but still recall an earlier posting by you saying we are never 100% certain about this. Thank you for the good news though! I uploaded deployJava1.dll to Virustotal and received this ststus screen:

MD5: b8f7c6ca5f8e97249853dbe1dadd1fbc

First received: 2010.04.16 13:11:00 UTC

Date: 2010.04.30 04:32:16 UTC [>2D]

Results: 0/41

Permalink: analisis/e4fb1438b24c73de0b455265f80a775bd441fc17a0d9d66104b891e4aa4398fb-1272601936

You asked for me to post the results, so I saved the detailed results as a PDF file and have attached for you.

The next time the windows services crash I will record the file name and error message for you.

Thanks and have a great weekend.

John

virustotal_results.pdf

Link to post
Share on other sites

Chris, is it also time to start looking at Internet Explorer and Magic Jack startup issues again? I remember they seemed to start after I used defogger to change some windows default settings early in the malware investigation process.

Hi.

We'll address this and any residual problems after all malware has been removed.

It may be from defogger and you will run it again when you are clean.

-screen317

John

Link to post
Share on other sites

  • Staff

Hi John,

My apologies for the delay. Were the Internet Explorer and MagicJack issues fixed?

Please you go to Microsoft Update and obtain all available updates.

Next, please run the PCPitstop Full Tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

  • 4 weeks later...

Hi Chris - this was my turn to get distracted. I had some turmoil in my life as I moved my belongings to a new home in South Africa....will be here for a couple years. I have not had a chance to perform the software updates as you suggested. However, a new, better, solution has arisen....I am being provided a new computer in my new location, so I am now moving all my data and applications to it from my current computer. When the new computer has everything on it, I will re-image my current computer and wipe our all the damaged files and lurking viruses once and for all. I think you actually recommended as the best solution early in our debugging process.

I appreciate all your help and advice. I am astounded by how pernicious this rootbot trojan has been. Very scary!

Thanks, John aka 'Karmor'

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.