win32/vundo and others

Status
Not open for further replies.
Turned off anti-virus and anti-spyware, but something is stopping Combofix from running. The loading bar comes up, completes, then nothing.
 
Tried to run Trendmicro House call on "work" pc scanned 4147 resources then froze as I tried to start a reply in spybot forum. Both programs frozen. CA reports encountered an error while downloading and installing components. "please check your settings". Able to click on Start, Settings, Control panel then nothing....something preventing it from opening...will attempt to run Trendmicro House call in safe mode. Still unable to shut down pc other than by pulling power cord.
 
Combofix log from family pc....I left flash drive in and noticed E:Recycler\Desktop.ini during scan if that is relevant...did previously disinfect flash drive. Work pc unplugged.

ComboFix 09-03-29.02 - Visitor 2009-03-29 22:28:35.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1337 [GMT -4:00]
Running from: c:\documents and settings\Visitor\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\recycler\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-29 12:24 . 2009-03-29 12:24 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2009-03-29 12:24 . 2009-03-29 12:24 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-03-28 18:38 . 2009-03-28 19:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-28 18:38 . 2009-03-26 16:49 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-28 18:38 . 2009-03-26 16:49 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-26 16:09 . 2009-03-26 16:09 200,613 --a------ C:\caisslog.txt.encrypt
2009-03-26 16:09 . 2009-03-26 16:09 35,175 --a------ C:\caavsetupLog.txt.encrypt
2009-03-26 16:07 . 2009-03-29 19:42 0 --a------ c:\windows\SYSTEM32\DRIVERS\c1002347.sys
2009-03-26 16:06 . 2009-03-26 16:06 2 --a------ C:\-200506787
2009-03-26 14:52 . 2009-03-26 14:52 <DIR> d-------- c:\documents and settings\Visitor\Application Data\Malwarebytes
2009-03-25 19:57 . 2009-03-25 19:57 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-25 19:57 . 2009-03-25 19:57 1,409 --a------ c:\windows\QTFont.for
2009-03-02 16:52 . 2009-03-02 16:52 <DIR> d-------- c:\program files\Smilebox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 00:22 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-29 16:24 --------- d-----w c:\program files\Java
2009-03-29 13:14 --------- d-----w c:\program files\Viewpoint
2009-03-29 13:14 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-25 11:46 1,212,416 ----a-w c:\windows\SYSTEM32\mdmcls32.exe
2009-03-12 21:15 --------- d-----w c:\program files\Zune
2009-02-11 22:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-09 11:13 1,846,784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-01-31 21:51 921,632 ----a-w C:\PA7302.DAT
2009-01-17 02:35 3,594,752 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-19 09:10 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-12-05 06:54 144,896 ----a-w c:\windows\SYSTEM32\schannel.dll
2008-12-05 06:54 144,896 ------w c:\windows\SYSTEM32\DLLCACHE\schannel.dll
2008-06-10 23:10 30,720 --sha-w c:\windows\rnapxs\rnapxs.dat
2008-11-07 00:44 952 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-03-29_10.00.29.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-29 13:53:30 2,297,856 ----a-w c:\windows\rnapxs\CSDK\urlcache\domainNames.dat
+ 2009-03-29 17:20:11 2,301,952 ----a-w c:\windows\rnapxs\CSDK\urlcache\domainNames.dat
- 2009-03-29 13:53:30 28,966,912 ----a-w c:\windows\rnapxs\CSDK\urlcache\urlCacheDb.dat
+ 2009-03-29 22:17:23 28,966,912 ----a-w c:\windows\rnapxs\CSDK\urlcache\urlCacheDb.dat
- 2008-02-22 05:23:35 135,168 ----a-w c:\windows\SYSTEM32\java.exe
+ 2009-03-29 16:24:06 144,792 ----a-w c:\windows\SYSTEM32\java.exe
- 2008-02-22 05:23:39 135,168 ----a-w c:\windows\SYSTEM32\javaw.exe
+ 2009-03-29 16:24:06 144,792 ----a-w c:\windows\SYSTEM32\javaw.exe
- 2008-02-22 06:33:32 139,264 ----a-w c:\windows\SYSTEM32\javaws.exe
+ 2009-03-29 16:24:06 148,888 ----a-w c:\windows\SYSTEM32\javaws.exe
+ 2009-03-30 00:21:04 16,384 ----atw c:\windows\temp\Perflib_Perfdata_724.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"AIM"="c:\program files\AIM\aim.exe" [2004-12-08 67160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2005-03-15 135168]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-04-30 180269]
"mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2005-03-15 53248]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-14 257088]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-01-23 181488]
"dvHighMem"="c:\windows\cfgmng32.exe" [2007-11-14 11333632]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-09 234736]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"PNSMax4PNP"="c:\program files\Analog Devices\SoundMAX\PNSMax4PNP.exe" [2009-03-26 45056]
"PNdMAX\PNSMax4PNP"="c:\program files\Analog Devices\SoundMAX\PNSMax4PNP.exe" [2009-03-26 45056]
"PNoundMAX\PNSMax4PNP"="c:\program files\Analog Devices\SoundMAX\PNSMax4PNP.exe" [2009-03-26 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\SYSTEM32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2004-12-11 1158144]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-01-03 1527808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=7AB65E

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\RALINK\\Common\\ApUI.exe"=
"c:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\isafe.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\SYSTEM32\svcprs32.exe [2008-06-10 823296]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\SYSTEM32\DRIVERS\rt2870.sys [2009-01-03 560896]
S1 c1002347;c1002347;c:\windows\SYSTEM32\DRIVERS\c1002347.sys [2009-03-26 0]
S3 PAC7302;PAC7302 VGA USB Camera;c:\windows\SYSTEM32\DRIVERS\PAC7302.SYS [2009-01-02 457856]
S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\SYSTEM32\DRIVERS\MA111nd5.sys [2004-12-11 666624]
.
Contents of the 'Scheduled Tasks' folder

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-20 17:08]

2009-03-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Visitor\Application Data\Mozilla\Firefox\Profiles\72rmwta6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 22:33:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\winsflt.dll
.
Completion time: 2009-03-29 22:36:26
ComboFix-quarantined-files.txt 2009-03-30 02:35:40
ComboFix2.txt 2009-03-29 14:01:21

Pre-Run: 8,513,957,888 bytes free
Post-Run: 8,576,999,424 bytes free

177 --- E O F --- 2009-03-19 21:46:29

Thanks again

Mark
 
Mark,

Remove this entry with HJT.

O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\SYSTEM32\svcprs32.exe


Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it to your desktop, make sure the file type is All File and name it FixServices.bat



@echo off
sc stop WinSvchostManager
sc delete WinSvchostManager
exit
Click to expand...

Double click FixServices.bat. A window will open and close. This is normal.



Post a new HJT log
 
Ken

Two things:

I ran the HJET scan immediately after the FixServices window closed, should I have given it more time?

Secondly, when I ran the Kaspersky scan yesterday, under settings the first box was greyed out (it was what the program was scanning for, and I think it was trojans, worms.....the second line which was checked was malware etc if I recall correctly), was something interfereing with the scan?

HJT log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:10 AM, on 3/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\SYSTEM32\svcprs32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\mdmcls32.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [PNSMax4PNP] C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
O4 - HKLM\..\Run: [PNdMAX\PNSMax4PNP] C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PNoundMAX\PNSMax4PNP] C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 9501 bytes


Thanks

Mark
 
Good Morning Mark,

Not sure about the Kaspersky scan.

Your HJT log is fine :bigthumb:

Mark, years ago when I got into computing I mainly built systems, built about a dozen or so from the ground up and also took apart many used ones and made one good one out of a few bad ones, but my expertise changed five years ago into removing malware. Troubleshooting pcs can be really taxing and I got away from it. What we need to do is make sure this computer is running ok and then I will close the thread, then you need to start a new topic for the work pc, give me a heads up when you do and if another helper has not taken it then I will. If we run some programs on it and there is no malware present then it could be hardware or software related and at that point I can direct you to some windows support sites that deal with issues like that one.

How is this computer running now??
 
Forgot to mention that we need to make sure this file is gone, the bad service has been removed but the file may still be present.

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: 
:Files
C:\WINDOWS\SYSTEM32\svcprs32.exe

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
 
========== FILES ==========
C:\WINDOWS\SYSTEM32\svcprs32.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03302009_073856

Ken will restart pc andpost again in a minute
 
Good morning Ken

I've run old timer on the family pc, posted results and restarted pc. I still get constant error messages popping uo from the toolbar. Messages such as:

Warning!!!
Warning! Your media codec is out of date. Press ok to update now.

or

Critical Media Error
Windows detected a fatal error in your media system. Your video codec has been corrupted. System cant play audio video filesuntil issue is resolved. Update your media codec immediately.

or worse

Warning!

Media codec has been destroyed. Risk of losing all audio files high. To resolve this issue update your media codec immediately


I dont know if these are genuine or not. There is no "ok" to click on, and when you click on the red circle with a cross it attempts to open a web page, but hangs at "connecting"...I have no other problems accessing websites.

Also the display resolution changes after about 5 minutes to big text and icons.

Not sure if this is related to the video codec or if that alert is real even.

Any suggestions?

Thanks

Mark
 
Sorry Ken I forgot. Here it is:

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:27 AM, on 3/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [PNSMax4PNP] C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
O4 - HKLM\..\Run: [PNdMAX\PNSMax4PNP] C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PNoundMAX\PNSMax4PNP] C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 9420 bytes

Mark
 
Ken

I came accross this after last posting. This appears to be at least one of the infections that I had (have). I'm still experiencing the error messages as described in the ca article, and the virus did remove the tabs as it says.

Thought I'd post the link incase it helps, or can help others. Would be great if someone knew how to restore the tabs, and reverse the damage done.

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=78120#section4

Mark
 
Thanks Ken

I ran the tool as suggested and it found 5 items: 4 tracking cookies and 1 Trojan (Trojan/Bifrost HKEY_CURRENT_USER Software\wget )

The tool would only search, you had to purchase the product to delete detected items, so I have made a note of where they are and will use the CA link that I posted and download their fix as I have CA installed on the machine already.

Thanks again

Mark
 
Mark,

Lets hope CA gets it, it should. That tool was a stab in the dark as I have not run into this codec thing before

Let me know how it went??
 
Ken

I spoke with CA because I wasnt sure which signature file to download, they suggested I wait and have one of their malware specialists talk me through removal, and I wasnt going to argue!....I'll post when I've done it..maybe tomorrow.

I started a new case for the other pc if you get a chance.

Thanks for the help

Mark
 
After your finished with the removal with the help of CA, if your desktop and icons are still out of whack you can do this.


REGEDIT4

[HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
Click to expand...

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this
reg.jpg
 
Thanks Ken, still waiting for the callback "within 24 hours"...I'll let you know. Thanks for the fix also I'll tell you how I get on with it.

Other pc useless and offline, did open a new thread, but no response yet, probably because it looks like some of the "evidence" was destroyed, as I didnt refer to this thread.

If you can help there I would appreciate it...been unproductive for 2 days :buried:

Thanks

Mark
 
You need to enable windows to Show All Files and Folders.
Instructions Here


Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.

c:\windows\SYSTEM32\DRIVERS\c1002347.sys
 
Ken

I wasnt sure if your last post here related to this issue or the other thread.

I answered your request in the other thread, haven't done the above yet...I'll wait to hear back

Thanks for picking this up, much appreciated.

mark
 
Status
Not open for further replies.
Back
Top