Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware problem, maybe Vundo?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware problem, maybe Vundo?

Unread postby BobTIncredible » February 26th, 2008, 10:41 pm

I am sorry, I did forget the ComboFix log. I will past it at the end of this post. I tried running PandaScan from http://www.pandasecurity.com/homeusers/ ... ctivescan/ but the link to "Scan your PC now" did not work as a link for me. The Icon changed to the hand when I hovered over it... but clicking it produced nothing... I tried left click and all the open link options were greyed out, it was treating the icon like a picture only. I could not even save target as... Any other Ideas? Thank you and Here is the ComboFix log that should have been in the previous post.

ComboFix 08-02-25.3 - Tuck 2008-02-26 13:48:55.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1139 [GMT -6:00]
Running from: C:\Users\Tuck\Desktop\ComboFix.exe
Command switches used :: C:\Users\Tuck\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Users\Tuck\AppData\Local\Temp\cbxvu.dll
.

((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-25 12:17 . 2008-02-25 12:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 07:51 . 2008-02-24 07:51 <DIR> d-------- C:\VundoFix Backups
2008-02-15 18:18 . 2008-01-09 23:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-13 03:06 . 2008-02-13 03:06 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 03:06 . 2008-02-13 03:06 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 03:03 . 2008-02-13 03:03 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-11 17:42 . 2008-02-11 17:42 <DIR> d-------- C:\Program Files\PopCap Games
2008-02-10 15:35 . 2008-02-10 15:43 <DIR> d-------- C:\Users\Tuck\logitech
2008-02-10 15:35 . 2008-02-11 15:17 <DIR> d-------- C:\Users\Tuck\browser - logitech
2008-02-10 15:34 . 2008-02-10 15:34 <DIR> d-------- C:\Program Files\Logitech
2008-02-10 15:34 . 2008-02-10 15:35 <DIR> d-------- C:\Program Files\Common Files\Remote Control Software Common
2008-02-10 15:33 . 2008-02-10 15:33 <DIR> d-------- C:\Program Files\Common Files\Remote Control USB Driver
2008-02-08 14:24 . 2008-02-08 14:24 <DIR> d-------- C:\ProgramData\PopCap Games
2008-02-07 17:44 . 2008-02-07 17:44 <DIR> d-------- C:\Program Files\GameSpy
2008-02-07 17:42 . 2008-02-07 17:42 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-02-07 17:41 . 2008-02-07 17:41 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-02-07 17:30 . 2008-02-07 17:30 <DIR> d-------- C:\Program Files\Electronic Arts
2008-02-05 16:27 . 2008-02-05 16:27 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-02-05 16:13 . 2008-02-05 16:13 <DIR> d-------- C:\ProgramData\LightScribe
2008-02-04 18:13 . 2008-02-04 18:13 331 --a------ C:\Windows\doom3.ini
2008-02-04 18:02 . 2008-02-04 18:12 <DIR> d-------- C:\Program Files\DOOM 3
2008-02-02 19:12 . 2008-02-02 19:12 <DIR> d-------- C:\Program Files\Sonic Foundry
2008-02-01 18:34 . 2008-02-01 18:34 <DIR> d-------- C:\Windows\Intelliremote
2008-02-01 18:34 . 2008-02-01 18:34 <DIR> d-------- C:\Program Files\Melloware
2008-02-01 18:14 . 2008-02-01 18:14 <DIR> d-------- C:\Users\Tuck\AppData\Roaming\Vectir
2008-02-01 17:55 . 2008-02-01 17:55 <DIR> d-------- C:\Users\Tuck\AppData\Roaming\CyberLink
2008-02-01 17:48 . 2008-02-01 17:48 87 -rah----- C:\Windows\ctfile.rfc
2008-02-01 15:59 . 2008-02-01 15:59 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-01-30 15:55 . 2008-01-30 15:55 <DIR> d-------- C:\ProgramData\Creative Labs
2008-01-30 14:06 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-01-30 14:06 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-01-30 14:06 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-01-29 20:34 . 2008-01-29 20:34 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-01-29 20:34 . 2008-01-29 20:34 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-01-29 20:34 . 2008-01-29 20:34 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys
2008-01-29 20:34 . 2008-01-29 20:34 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2008-01-29 20:34 . 2008-01-29 20:34 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys
2008-01-29 20:34 . 2008-01-29 20:34 8,704 --a------ C:\Windows\System32\hcrstco.dll
2008-01-29 20:34 . 2008-01-29 20:34 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-01-29 20:34 . 2008-01-29 20:34 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2008-01-27 20:44 . 2008-01-27 20:44 <DIR> d-------- C:\Windows\Downloaded Installations
2008-01-27 20:24 . 2008-01-27 20:24 <DIR> d-------- C:\Program Files\Ubisoft
2008-01-27 16:56 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-01-27 16:56 . 2007-06-20 20:45 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2008-01-27 12:19 . 2008-01-27 12:19 1,029,120 --a------ C:\Windows\System32\d3d10.dll
2008-01-27 12:19 . 2008-01-27 12:19 187,392 --a------ C:\Windows\System32\d3d10core.dll
2008-01-27 12:19 . 2008-01-27 12:19 167,936 --a------ C:\Windows\System32\dxgi.dll
2008-01-27 11:57 . 2008-01-27 11:57 621,568 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-01-27 11:57 . 2008-01-27 11:57 37,376 --a------ C:\Windows\System32\cdd.dll
2008-01-26 18:28 . 2008-01-26 18:28 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-01-26 18:27 . 2008-01-26 18:27 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-01-26 15:13 . 2008-02-01 16:55 1,080 --a------ C:\Windows\System32\settingsbkup.sfm
2008-01-26 15:13 . 2008-02-01 16:55 1,080 --a------ C:\Windows\System32\settings.sfm
2008-01-26 12:37 . 2008-01-26 12:38 4,019 --a------ C:\Windows\System32\PATCH.ERR
2008-01-26 11:26 . 2008-01-26 11:26 <DIR> d-------- C:\Program Files\Common Files\Creative Labs Shared
2008-01-26 11:22 . 2008-02-26 13:28 64,756 --a------ C:\Windows\System32\DVCState-{00000004-00000000-00000007-00001102-00000005-002C1102}.rfx
2008-01-26 11:22 . 2008-02-26 13:28 54,324 --a------ C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000007-00001102-00000005-002C1102}.rfx
2008-01-26 11:22 . 2008-02-26 13:28 54,324 --a------ C:\Windows\System32\BMXState-{00000004-00000000-00000007-00001102-00000005-002C1102}.rfx
2008-01-26 11:18 . 2007-02-26 15:24 94,208 --a------ C:\Windows\System32\cttele32.dll
2008-01-26 11:16 . 2007-09-18 11:34 108,544 --a------ C:\Windows\System32\APOMngr.DLL
2008-01-26 11:16 . 2007-05-28 11:28 69,120 --a------ C:\Windows\System32\CmdRtr.DLL
2008-01-26 10:21 . 2007-05-27 21:57 1,732 --a------ C:\Windows\System32\drivers\nvphy.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k7
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k6
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k5
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k4
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k3
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k2
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k1
2008-02-26 19:28 311,198 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k0
2008-02-19 17:10 --------- d-----w C:\ProgramData\CA
2008-02-13 09:03 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 09:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 09:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 09:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 09:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 21:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 21:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 23:41 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-02-07 23:41 22,328 ----a-w C:\Users\Tuck\AppData\Roaming\PnkBstrK.sys
2008-02-07 23:41 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-07 23:39 --------- d-----w C:\ProgramData\Media Center Programs
2008-02-06 18:36 --------- d-----w C:\Users\Tuck\AppData\Roaming\Bioshock
2008-02-05 22:13 --------- d-----w C:\Users\Tuck\AppData\Roaming\Ahead
2008-02-01 23:56 --------- d-----w C:\Users\Tuck\AppData\Roaming\Creative
2008-02-01 23:55 --------- d-----w C:\ProgramData\Creative
2008-02-01 23:46 --------- d-----w C:\Program Files\Creative
2008-01-29 01:55 --------- d-----w C:\Program Files\THQ
2008-01-26 17:18 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-01-26 17:18 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-01-26 03:31 --------- d-----w C:\Users\Tuck\AppData\Roaming\Leadertech
2008-01-26 03:24 --------- d-----w C:\Program Files\Firaxis Games
2008-01-26 03:06 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-01-26 02:42 --------- d-----w C:\Program Files\Activision
2008-01-25 18:57 --------- d-----w C:\Program Files\The Adventure Company
2008-01-25 02:58 56,048 ----a-w C:\Windows\BS_DEF.sys
2008-01-25 00:14 --------- d-----w C:\Program Files\ASUS
2008-01-25 00:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-24 20:42 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-24 20:39 --------- d-----w C:\Program Files\Saitek
2008-01-24 02:37 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-24 02:36 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-24 02:36 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-24 01:57 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-24 01:52 --------- d-----w C:\ProgramData\Nero
2008-01-24 01:52 --------- d-----w C:\Program Files\Nero
2008-01-24 01:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-24 01:45 --------- d-----w C:\Program Files\Microsoft Works
2008-01-24 01:27 174 --sha-w C:\Program Files\desktop.ini
2008-01-24 01:20 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-24 01:20 --------- d-----w C:\Program Files\Windows Mail
2008-01-24 01:20 --------- d-----w C:\Program Files\Windows Defender
2008-01-24 01:20 --------- d-----w C:\Program Files\Windows Calendar
2008-01-24 01:15 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-24 01:15 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-24 01:15 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-24 01:14 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-24 01:14 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-24 01:14 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-24 01:14 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-24 01:14 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-24 01:14 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-24 01:14 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-24 01:14 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-24 01:14 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-24 01:14 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-24 01:14 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-24 01:13 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-24 01:13 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-01-24 01:11 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-24 01:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-24 01:11 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-01-24 01:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-24 01:11 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-24 01:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-24 01:10 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-01-24 01:10 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-01-24 01:10 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-01-24 01:10 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-01-24 01:10 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-01-24 01:10 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-01-24 01:10 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-01-24 01:10 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-01-24 01:10 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-01-24 01:09 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-01-24 01:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-24 01:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-24 01:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-24 01:07 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-01-24 01:07 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-01-24 01:07 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-01-24 01:07 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-01-24 01:07 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-01-24 01:07 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-01-24 01:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-24 01:07 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-01-24 01:07 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-01-24 01:07 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-01-24 01:06 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-24 01:04 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-01-24 01:04 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-24 01:04 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-23 19:05 1232896]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"Vectir"="C:\Program Files\Vectir\Vectir.exe" [ ]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 12:32 2289664]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 06:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-23 19:12 1006264]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 22:25 177416]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-01-22 19:47 14088]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 13:42 230664]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-02-19 11:10 1193224]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-02-19 11:10 173320]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"CTXFIREG"="CTxfiReg.exe" [2007-10-25 21:52 43520 C:\Windows\System32\Ctxfireg.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Profiler"="C:\Program Files\Saitek\Software\ProfilerU.exe" [2005-10-18 14:34 163840]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-11-03 11:09 126976]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 00:25 363008]
"NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2007-08-17 09:45 184864]
"CTHelper"="CTHELPER.EXE" [2007-10-25 21:56 19456 C:\Windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 21:56 19968 C:\Windows\System32\Ctxfihlp.exe]
"Module Loader"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 15:43 57344]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 15:43 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Users\Tuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-05-18 14:30 79368 C:\Windows\System32\UmxWNP.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6B3268F9-B204-48C9-8370-C2291B76B539}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{74E0DCFB-D9F3-41A7-BD88-0CB838B452E3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E89B5746-229C-4076-8987-4522599EA0B3}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{1906227C-5E30-4E23-890C-2ABAA7E5E957}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6EF9EC3B-2BAD-4A82-B46A-FB54542D636D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{4E1AC604-5D3A-4CB0-B34E-947EA2211414}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{019FE511-D2E9-444D-9F9A-E7F8AF3053EC}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{3232B34F-5B8E-4AC4-A80B-DED2C962EF42}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{3AE00376-8541-421D-BE1C-E620762C6F7D}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2CA6855C-4DE9-4EC8-80A9-527B122E25C0}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{B0610D40-8CC1-43CC-BCE4-4B7F86537EF3}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{EFB5E87E-2AC9-4140-AE97-34BEFDFE83F6}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

R0 KmxFw;KmxFw;C:\Windows\system32\DRIVERS\kmxfw.sys [2007-10-18 13:28]
R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\DRIVERS\nvrd32.sys [2007-07-03 00:37]
R1 KmxAgent;KmxAgent;C:\Windows\system32\DRIVERS\kmxagent.sys [2007-05-18 14:30]
R1 KmxFile;KmxFile;C:\Windows\system32\DRIVERS\KmxFile.sys [2007-05-18 14:30]
R1 KmxFilter;HIPS Core Filter Driver;C:\Windows\system32\DRIVERS\KmxFilter.sys [2007-10-18 09:46]
R2 KmxCF;KmxCF;C:\Windows\system32\DRIVERS\KmxCF.sys [2007-10-18 09:46]
R2 KmxSbx;KmxSbx;C:\Windows\system32\DRIVERS\KmxSbx.sys [2007-11-02 03:54]
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-04 08:23]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 08:39]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 14:30]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2007-10-25 23:33]
R3 KmxCfg;KmxCfg;C:\Windows\system32\DRIVERS\kmxcfg.sys [2007-09-12 11:02]
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-16 21:10]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;"C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe" [2008-01-26 11:26]
S3 SaiH075C;SaiH075C;C:\Windows\system32\DRIVERS\SaiH075C.sys [2006-07-27 05:49]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 01:51:25 C:\Windows\Tasks\CAAntiSpywareScan_Daily as Tuck at 7 47 PM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2008-02-26 15:56:41 C:\Windows\Tasks\User_Feed_Synchronization-{17700B31-0CE2-4B28-A290-68D391725D1C}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 13:51:51
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-26 13:53:18
ComboFix2.txt 2008-02-25 20:53:11
.
2008-02-22 21:57:29 --- E O F ---
BobTIncredible
Active Member
 
Posts: 10
Joined: February 24th, 2008, 12:16 pm
Advertisement
Register to Remove

Re: Malware problem, maybe Vundo?

Unread postby dan12 » February 27th, 2008, 3:57 am

Hi, Bob don't worry too much about that scan, I may off given you an out dated link.
hope to be back with you later. :D
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Malware problem, maybe Vundo?

Unread postby dan12 » February 27th, 2008, 3:37 pm

Thought I had another in my box of tricks. :D

TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.

See how that goes.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Malware problem, maybe Vundo?

Unread postby BobTIncredible » February 29th, 2008, 6:17 pm

Dan, Sorry it took so long to get back. I have been a little busy. The test ran fine found one bad file. I did not disinfect it. How should I proceed? Do you need any other logs? -Bob T Incredible


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-29 16:01:30
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
CA Anti-Virus 8.4.0.28 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\Windows\Nircmd.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
BobTIncredible
Active Member
 
Posts: 10
Joined: February 24th, 2008, 12:16 pm

Re: Malware problem, maybe Vundo?

Unread postby dan12 » February 29th, 2008, 7:08 pm

Hi,bob, was that the complete panda log? I'll deal with that for you shortly, but before I do as it's been a couple of days since I last saw a highjack log, as things can change on a daily basis, can you post me a fresh HJT log.

Regarding that file panda flagged:

It's not so much a virus it's been flagged up as a tracking program so I believe it to be a false positive.

This may be due to the panda scan I've just had you run!

Look here
see this thread
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Malware problem, maybe Vundo?

Unread postby BobTIncredible » February 29th, 2008, 10:39 pm

Yes that was all of the totalscan log.

Here is a new HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:24 PM, on 2/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Windows\System32\CTxfispi.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Creative\Entertainment Center\EAXLoadr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\removal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Vectir] C:\Program Files\Vectir\Vectir.exe /Startup
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ ... /CTPID.cab
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 8695 bytes
BobTIncredible
Active Member
 
Posts: 10
Joined: February 24th, 2008, 12:16 pm

Re: Malware problem, maybe Vundo?

Unread postby dan12 » March 1st, 2008, 4:44 pm

HI, Bob,


UNINSTALL COMBOFIX

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image
You can also delete any logs we have produced, and empty your Recycle bin.




Close all windows and try typing this command directly in and see if ComboFix runs.

Remember to use the " marks and there is a space between exe" and /killall

Start > Run > type "%userprofile%\desktop\combofix.exe" /killall

If ComboFix runs, please post the log.

------------------------------

Congratulations you are clean! :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Create a new System Restore Point
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore-Vista
  • Click the Vista/Start icon.
  • Right Click >> Computer
  • Click Properties.
  • Click the System Protection tab.
  • Uncheck All drives
  • Click "Turn Off System Restore" at the prompt then click "Apply".
  • Restart your computer.
Turn ON System Restore-Vista

  • Click the Vista/Start icon
  • Right Click >> Computer
  • Click Properties.
  • Click the System Protection tab.
  • Checkmark All drives that were selected previously then click "Apply".
Here are some free programs I recommend that could help you improve your computer's security.
(Vista users must ensure that any programs are Vista compatible BEFORE installing)

Spybot Search and Destroy 1.5.2
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
Find here changes from older version 1.4 here

Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Happy safe surfing!

Dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Malware problem, maybe Vundo?

Unread postby Gary R » March 5th, 2008, 3:44 pm

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware