1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

A Big Big Mess

Discussion in 'Virus & Other Malware Removal' started by noordinaryone, Jul 9, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. noordinaryone

    noordinaryone Thread Starter

    Joined:
    Jul 9, 2011
    Messages:
    29
    Okay so my virus scan discovered a backdoor virus and a p2p trojan virus. It said it was quarentined and fixed but as you can tell from the shotty typing, i'm having to post frommy tablet. I've confirmed that my wireless network is working and i can run mu outlook and vpn on the system but neither ie or safari can connect. And of course all of this happens when i have two major projects i need to finish this weekend.... grr :eek:

    Now the issue i have is getting these log files attached because my ereader/tablet won't let me attach or copy paste in this forumn. Is there anyway i can email them to someone or something?
     
  2. noordinaryone

    noordinaryone Thread Starter

    Joined:
    Jul 9, 2011
    Messages:
    29
    Borrowed a laptop from a friend so I could get you the logs you need. They are attached. Please let me know if there is anything else that you might need!
     

    Attached Files:

  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Answer the following please:

    There is a Proxy server running from Internet explorer, did you set that up?

    There is evidence of 3 Antivirus programs on your system Norton, AVG and Lavasoft Adaware with AV. What is your preferred set up?
     
  4. noordinaryone

    noordinaryone Thread Starter

    Joined:
    Jul 9, 2011
    Messages:
    29
    The proxy is probably from when I VPN in to my office. But we can take it down if we need to.

    I don't know where the Norton is coming from on the system. AVG and Adaware were both setup in an effort to get rid of this mess. I prefer AVG.
     
  5. noordinaryone

    noordinaryone Thread Starter

    Joined:
    Jul 9, 2011
    Messages:
    29
    Of course after reading that... I don't even know if a proxy can be taken down - so just disregard that if I don't know what I'm talking about.

    Thanks!
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    I`d rather get rid of the proxy, you can set it back up later if required, as follows please :-

    Step 1

    Check for proxy server settings in your browser, the following are the most common used, check which ever is applicable.

    Internet Explorer:
    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". ok, apply (only if applicable), ok.

    Firefox:
    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

    Chrome:
    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

    Safari
    • Launch Safari
    • Go to general settings menu
    • Then in Preferences/ Advanced
    • Then on line click Proxies change settings ...
    • Click Internet Options, then click the Connections tab, click Network Settings.
    • Disable option (uncheck) for the use of proxy server ...

    Step 2

    Turn off the AV component in Adaware as follows:

    You can turn off the anti-virus component as follows:

    • Open Ad-Aware
    • Click on switch to advanced mode
    • Click on Settings
    • Click on the Ad-watch live! tab and under Detection layers ensure Antivirus engine is UNchecked
    • Click OK and close Ad-Aware

    If you cannot turn it off uninstall Lavasoft Adaware altogether.

    Step 3

    Download and install the Norton removal tool from Here

    Alternative link

    Install and run the tool, follow any prompts that are given.

    Step 4

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Post log from Malwarebytes in your reply, also give update on current issues/concerns...

    Kevin
     
  7. noordinaryone

    noordinaryone Thread Starter

    Joined:
    Jul 9, 2011
    Messages:
    29
    Okay - I've run run everything as you instructed and am currently in the restart process. The log file for Malware Bytes is attached!

    What's up next?! :)

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7067

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    07.10.11 5:44:44 PM
    mbam-log-2011-07-10 (17-44-44).txt

    Scan type: Quick scan
    Objects scanned: 220160
    Time elapsed: 13 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 2
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 9

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\system32\aucplmnt32.exe (Trojan.Tracur.Wow) -> Quarantined and deleted successfully.
    c:\documents and settings\localservice\application data\0200000019739ee61379c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\localservice\application data\0200000019739ee61379o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\localservice\application data\0200000019739ee61379p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\localservice\application data\0200000019739ee61379s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\0200000019739ee61379c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\0200000019739ee61379o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\0200000019739ee61379p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\0200000019739ee61379s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
     
  8. noordinaryone

    noordinaryone Thread Starter

    Joined:
    Jul 9, 2011
    Messages:
    29
    Oh I forgot to point out... after the virus happened a tmp file appeared on my desktop and it's still not going away. The file is titled ymfipcndzd.tmp
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    What`s up next.....

    You tell me how your system is responding and if there is any improvement. I`d also like a fresh set of DDS logs, please copy and paste to reply, do not attach them....

    • Download DDS by sUBs from one of the following links.* Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.* *
    • When done, DDS will open two (2) logs
      * * * * *1. DDS.txt
      * * * * *2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
      *
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note:* You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.*
    Information on A/V control HERE

    Kevin
     
  10. noordinaryone

    noordinaryone Thread Starter

    Joined:
    Jul 9, 2011
    Messages:
    29
    Internet Explorer seems to be back up in running. Safari is running but extremely slow and the TMP file is still showing up on the desktop and keeps coming back even if I try to delete it.

    Here are the logs:

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 7.0.5730.13
    Run by KHillman at 18:05:48 on 2011-07-10
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.219 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\DesktopCentral_Agent\bin\dcagentservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\AVG\AVG10\avgmfapx.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar =
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://one.colonialprop.com
    uWindow Title = Road Runner High Speed Online
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: {03502a7d-456b-4077-a4fe-6ba9d76b44e1} - c:\windows\system32\AUCPLMNT32.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - LimeWire Toolbar
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
    TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
    uRun: [ctfmon.exe (1)] c:\windows\system32\ctfmon.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [KADxMain] c:\windows\system32\KADxMain.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [Adobe Reader Speed Launcher (1)] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    mPolicies-system: DisableCAD = 1 (0x1)
    mPolicies-system: DisableStatusMessages = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    Trusted Zone: bluemoon.com\www
    Trusted Zone: colonialprop.com
    Trusted Zone: colonialprop.com\cc
    Trusted Zone: colonialprop.com\mriweb
    Trusted Zone: colonialprop.com\one
    Trusted Zone: colonialprop.com\vpn
    Trusted Zone: craigslist.org
    Trusted Zone: craigslist.org\post
    Trusted Zone: gotomeeting.com\www
    Trusted Zone: gotomeeting.com\www1
    Trusted Zone: intersourcing.com\www6
    Trusted Zone: residentworks.com\colonialproperties
    Trusted Zone: ultiprotime.com\colonialtime
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://bhmsqlbis/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=sqfkesjeu0tapwa5ageoem2c&ControlID=cc57a7e9f66349808260aca270d26930&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.20/uploader2.cab
    DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266789087772
    DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266789069100
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {977231BF-B887-4CD7-8156-6F429268F7E2} - hxxp://mrispeedtest.colonialprop.com/MRINet.cab
    DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://bluemoon.webex.com/client/T27LB/support/ieatgpc.cab
    DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} - hxxp://bhmsqlbis/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=nonwskmnxh1g4knavjtmc355&ControlID=b0745b5a713e4f008994fa5cf3c363fd&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{CD73C668-6A1A-4BA3-BED6-3FA46E8009F2} : DhcpNameServer = 192.168.1.1
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\windows\system32\l2gpstore32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? apusbsnt;Sierra Wireless USB Modem Device Driver
    R? AVG Security Toolbar Service;AVG Security Toolbar Service
    R? easytether;easytether
    R? F-Secure BlackLight Sensor;F-Secure BlackLight Sensor
    R? fsbl;F-Secure BlackLight Engine Driver
    R? Lavasoft Kernexplorer;Lavasoft helper driver
    R? ManageEngine Desktop Central 6 - Remote Control;ManageEngine Desktop Central 6 - Remote Control
    R? MBAMSwissArmy;MBAMSwissArmy
    R? pneteth;PdaNet Broadband
    R? PTDCWWAN;PANTECH PC Card WWAN Controller device driver
    R? SwiWiFiComm;SwiWiFiComm
    S? ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor
    S? AVGIDSAgent;AVGIDSAgent
    S? AVGIDSDriver;AVGIDSDriver
    S? AVGIDSEH;AVGIDSEH
    S? AVGIDSFilter;AVGIDSFilter
    S? AVGIDSShim;AVGIDSShim
    S? Avgldx86;AVG AVI Loader Driver
    S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
    S? Avgrkx86;AVG Anti-Rootkit Driver
    S? Avgtdix;AVG TDI Driver
    S? avgwd;AVG WatchDog
    S? DXEC01;DXEC01
    S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service






    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 02.14.08 10:08:27 AM
    System Uptime: 07.10.11 5:46:46 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0KU184
    Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 23.288 GiB free.
    D: is CDROM ()
    E: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP Color LaserJet 3000
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet 3000
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    470_Help
    470_Readme
    Ad-Aware
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 8.2.1
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2011
    AVG PC Tuneup 2011
    Bonjour
    BPD_HPSU
    BPDSoftware
    BPDSoftware_Ini
    Broadcom ASF Management Applications
    Broadcom Management Programs
    BufferChm
    Byki
    Byki Express
    Cisco AnyConnect VPN Client
    Conduit Engine
    Conexant HDA D330 MDC V.92 Modem
    Convert AVI to MP4 1.3
    Coupon Printer for Windows
    Dell Driver Download Manager
    Dell Touchpad
    Dell Wireless WLAN Card
    DeviceDiscovery
    DeviceManagementQFolder
    Digital Line Detect
    DVD Decoder Pak for Windows XP
    eSupportQFolder
    F-Secure PSC Prerequisites
    GoToMeeting 4.8.0.721
    H470
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Product Detection
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver
    IntelliSonic Speech Enhancement
    iTunes
    Java(TM) 6 Update 20
    Malwarebytes' Anti-Malware version 1.51.0.1200
    MetaFrame Presentation Server Client
    MFCLOC
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WinUsb 1.0
    Microsoft WinUsb 2.0
    MPM
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    NetWaiting
    OGA Notifier 2.0.0048.0
    Palm Desktop by ACCESS
    Palm Outlook Conduits Updater
    PDF Settings
    Picasa 3
    PolicyMaker™ Standard Edition Client
    ProductContext
    QuickTime
    Rosetta Stone Ltd Services
    Rosetta Stone TOTALe
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 9 (KB936782)
    SigmaTel Audio
    SolutionCenter
    SP 5100N
    SplashMoney
    Status
    Swag Bucks Toolbar
    Toolbox
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    WebFldrs XP
    WebReg
    Windows Imaging Component
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    07.10.11 5:45:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP Network Devices Support service to connect.
    07.10.11 5:45:57 PM, error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07.10.11 5:45:57 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
    07.09.11 8:00:35 AM, error: NETLOGON [5719] - No Domain Controller is available for domain COLPROPB due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    07.09.11 6:35:43 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    07.09.11 4:33:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    07.09.11 4:33:57 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    07.09.11 4:33:57 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    07.09.11 4:33:57 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    07.09.11 4:33:57 PM, error: Service Control Manager [7001] - The Cisco AnyConnect VPN Agent service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    07.09.11 4:33:57 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    07.09.11 4:33:57 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    07.09.11 3:56:48 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    07.09.11 3:54:52 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
    07.09.11 12:25:20 AM, error: Service Control Manager [7001] - The Windows Search service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    07.09.11 12:25:20 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    07.09.11 11:30:58 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
    07.09.11 10:28:51 AM, error: Service Control Manager [7000] - The SwiWiFiComm service failed to start due to the following error: The system cannot find the path specified.
    07.09.11 10:28:51 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
    07.09.11 10:01:18 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
    07.09.11 1:14:01 AM, error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.
    .
    ==== End Of File ===========================
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    You will have to uninstall AVG to allow the next tool to run, go here http://www.avg.com/us-en/utilities and use the uninstall utility... Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  12. noordinaryone

    noordinaryone Thread Starter

    Joined:
    Jul 9, 2011
    Messages:
    29
    Okay so I am trying to run ComboFix, however it continues to tell me that AVG is still installed even though I ran the removal tool.
     
  13. noordinaryone

    noordinaryone Thread Starter

    Joined:
    Jul 9, 2011
    Messages:
    29
    Okay so the issue with combofix is because I also had an AVG registry cleaner that I forgot about. Once I removed that we were good to go. It took about 15 miniutes to run Combofix which I'm hoping is a good sign.

    New addition to the issues I'm having... When I go into gmail, if type in my user name an hour glass comes up before it will allow a cursor in the password blank. I haven't used it since that is suspicious to me, but you've asked for an update on how things are running along with the logs so I wanted to bring that up.

    Here is the log from the combofix run:

    ComboFix 11-07-10.05 - KHillman 07.10.11 22:16:35.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.265 [GMT -4:00]
    Running from: c:\documents and settings\khillman\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\SplashMoney.ico
    c:\documents and settings\Backup-khillman\g2mdlhlpx.exe
    c:\documents and settings\khillman\g2mdlhlpx.exe
    c:\documents and settings\khillman\GoToAssistDownloadHelper.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-10 21:29 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-10 21:29 . 2011-07-10 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-07-10 21:29 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-10 16:40 . 2011-07-09 16:07 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-07-10 01:56 . 2011-07-10 01:56 -------- d-----w- C:\$AVG
    2011-07-09 22:19 . 2011-07-09 22:19 -------- d-----w- c:\program files\Trend Micro
    2011-07-09 16:07 . 2011-07-09 16:07 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-07-09 16:04 . 2011-06-20 14:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-07-09 16:03 . 2011-07-09 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2011-07-09 16:03 . 2011-07-09 16:03 -------- d-----w- c:\program files\Lavasoft
    2011-07-09 14:36 . 2011-07-11 01:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-07-09 14:25 . 2011-07-09 14:25 -------- d-----w- C:\found.000
    2011-07-08 17:59 . 2011-07-10 02:32 -------- d-----w- c:\windows\HaxFix
    2011-07-08 01:05 . 2011-07-09 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-07-07 23:41 . 2011-07-07 23:41 0 ---ha-w- c:\documents and settings\khillman\ymfjpcndzd.tmp
    2011-07-07 15:45 . 2011-07-07 15:45 160256 --sha-w- c:\windows\system32\l2gpstore32.dll
    2011-07-07 03:40 . 2011-07-07 03:40 359936 ----a-w- c:\windows\system32\AUCPLMNT32.dll
    2011-07-04 20:49 . 2011-07-04 21:27 -------- d-----w- c:\program files\softendo.com
    2011-07-03 21:52 . 2011-07-03 21:52 -------- d-----w- c:\documents and settings\khillman\Application Data\Windows Search
    2011-06-12 00:47 . 2011-06-12 00:47 -------- d-----w- c:\program files\iPod
    2011-06-12 00:47 . 2011-06-12 00:49 -------- d-----w- c:\program files\iTunes
    2011-06-12 00:44 . 2011-06-12 00:44 -------- d-----w- c:\program files\Apple Software Update
    2011-06-12 00:44 . 2011-05-10 12:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-06-12 00:44 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-06-12 00:43 . 2011-06-12 00:47 -------- d-----w- c:\program files\Common Files\Apple
    2011-06-11 13:53 . 2011-06-11 13:53 -------- d-----w- c:\documents and settings\khillman\Application Data\Windows Desktop Search
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-14 13:06 . 2011-05-20 15:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03502A7D-456B-4077-A4FE-6BA9D76B44E1}]
    2011-07-07 03:40 359936 ----a-w- c:\windows\system32\AUCPLMNT32.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 20:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
    2011-01-17 20:54 175912 ----a-w- c:\program files\Swag_Bucks\prxtbSwag.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-06-18 39816]
    "ctfmon.exe (1)"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
    "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
    "Adobe Reader Speed Launcher (1)"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-5 50688]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 1 (0x1)
    "DisableStatusMessages"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\l2gpstore32.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /p \??\g:\0autocheck autochk *\0lsdelete
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2111925415-921512754-2013803672-20026\Scripts\Logon\0\0]
    "Script"=\\bhmsrv9\ezaudits\ezstart.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
    "c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone TOTALe\\RosettaStoneTOTALe.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
    "139:TCP"= 139:TCP:mad:xpsp2res.dll,-22004
    "445:TCP"= 445:TCP:mad:xpsp2res.dll,-22005
    "137:UDP"= 137:UDP:mad:xpsp2res.dll,-22001
    "138:UDP"= 138:UDP:mad:xpsp2res.dll,-22002
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
    "Enabled"= 1 (0x1)
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07.09.11 12:04 PM 64512]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12.19.06 4:21 PM 79432]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [06.20.11 10:31 AM 2151640]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [05.17.10 2:45 PM 1615176]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12.17.09 6:32 PM 497856]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11.02.06 2:32 PM 97536]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [06.20.11 10:31 AM 15232]
    S2 ManageEngine Desktop Central 6 - Agent;ManageEngine Desktop Central 6 - Agent;c:\program files\DesktopCentral_Agent\bin\dcagentservice.exe [12.08.08 7:06 PM 442368]
    S2 SwiWiFiComm;SwiWiFiComm; [x]
    S3 apusbsnt;Sierra Wireless USB Modem Device Driver; [x]
    S3 easytether;easytether; [x]
    S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor; [x]
    S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\program files\F-Secure\Anti-Virus\fsbldrv.sys --> c:\program files\F-Secure\Anti-Virus\fsbldrv.sys [?]
    S3 ManageEngine Desktop Central 6 - Remote Control;ManageEngine Desktop Central 6 - Remote Control; [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [07.10.11 5:29 PM 39984]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [11.29.10 8:13 PM 13312]
    S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver; [x]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 11:19]
    .
    2011-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2011-07-10 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2004-08-11 00:12]
    .
    2009-05-20 c:\windows\Tasks\System Restore.job
    - c:\windows\system32\Restore\rstrui.exe [2004-08-11 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.yahoo.com
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    Trusted Zone: bluemoon.com\www
    Trusted Zone: colonialprop.com
    Trusted Zone: colonialprop.com\cc
    Trusted Zone: colonialprop.com\mriweb
    Trusted Zone: colonialprop.com\one
    Trusted Zone: colonialprop.com\vpn
    Trusted Zone: craigslist.org
    Trusted Zone: craigslist.org\post
    Trusted Zone: gotomeeting.com\www
    Trusted Zone: gotomeeting.com\www1
    Trusted Zone: intersourcing.com\www6
    Trusted Zone: residentworks.com\colonialproperties
    Trusted Zone: ultiprotime.com\colonialtime
    TCP: DhcpNameServer = 192.168.1.1
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://bhmsqlbis/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=sqfkesjeu0tapwa5ageoem2c&ControlID=cc57a7e9f66349808260aca270d26930&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
    DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
    DPF: {977231BF-B887-4CD7-8156-6F429268F7E2} - hxxp://mrispeedtest.colonialprop.com/MRINet.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-Picasa 3 - g:\program files\Picasa3\Uninstall.exe
    AddRemove-{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1 - g:\convert avi to mp4\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-10 22:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(596)
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2011-07-10 22:37:30
    ComboFix-quarantined-files.txt 2011-07-11 02:37
    .
    Pre-Run: 25,444,200,448 bytes free
    Post-Run: 25,648,582,656 bytes free
    .
    - - End Of File - - 7521010F65AAEECFCC146F72A228B0FC
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    I want you to upload a file for analysis before we go any further, as follows please...

    We need to upload a file to Jotti

    1. Click HERE to get to Jotti's site.

    2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

    c:\windows\system32\l2gpstore32.dll

    3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

    4. Please provide me with the results of the analysis.

    Upload same File to Virustotal
    Please visit Virustotal
    • Click the Browse... button
    • Navigate to the file c:\windows\system32\l2gpstore32.dll
    • Click the Open button
    • Click the Send button
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.

    Let me see the results please..

    Kevin
     
  15. noordinaryone

    noordinaryone Thread Starter

    Joined:
    Jul 9, 2011
    Messages:
    29
    Good Morning - Here are the results you asked for. And if I haven't mentioned it yet - I am SO SO very thankful for the help you're providing. Getting up and running for work this morning is KEY!

    Jotti's malware scan

    Filename: l2gpstore32.dll Status: Scan finished. 0 out of 20 scanners reported malware.
    Scan taken on: Mon 11 Jul 2011 13:24:50 (CET) Permalink


    Additional info

    File size: 160256 bytes Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit MD5: fccf4b5efa706d404eeed1849fe687e0 SHA1: ee6793f8e5d135a6a4ab6d6802735cd6d2f56d84








    Scanners

    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-10 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-10 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-11 Found nothing
    [​IMG] 2011-07-10 Found nothing
    [​IMG] 2011-07-10 Found nothing






    AntivirusVersionLast UpdateResultAhnLab-V32011.07.11.012011.07.11-AntiVir7.11.11.532011.07.11-Antiy-AVL2.0.3.72011.07.11-Avast4.8.1351.02011.07.11-Avast55.0.677.02011.07.11-AVG10.0.0.11902011.07.11-BitDefender7.22011.07.11-CAT-QuickHeal11.002011.07.11-ClamAV0.97.0.02011.07.11-Commtouch5.3.2.62011.07.11-Comodo93502011.07.11-DrWeb5.0.2.033002011.07.11-Emsisoft5.1.0.82011.07.11-eSafe7.0.17.02011.07.07-eTrust-Vet36.1.84372011.07.11-F-Prot4.6.2.1172011.07.10-F-Secure9.0.16440.02011.07.11-Fortinet4.2.257.02011.07.11-GData222011.07.11-IkarusT3.1.1.104.02011.07.11-Jiangmin13.0.9002011.07.10-K7AntiVirus9.108.48912011.07.10-Kaspersky9.0.0.8372011.07.11-McAfee5.400.0.11582011.07.11-McAfee-GW-Edition2010.1D2011.07.11-Microsoft1.70002011.07.11TrojanDownloader:Win32/Tracur.BNOD3262832011.07.11-Norman6.07.102011.07.11-nProtect2011-07-11.012011.07.11-Panda10.0.3.52011.07.10Suspicious filePCTools8.0.0.52011.07.11-Prevx3.02011.07.11-Rising23.66.00.032011.07.11-Sophos4.67.02011.07.11-SUPERAntiSpyware4.40.0.10062011.07.11-Symantec20111.1.0.1862011.07.11-TheHacker6.7.0.1.2522011.07.11-TrendMicro9.200.0.10122011.07.11-TrendMicro-HouseCall9.200.0.10122011.07.11-VBA323.12.16.42011.07.11-VIPRE98322011.07.11-ViRobot2011.7.11.45622011.07.11-VirusBuster14.0.117.02011.07.10-Additional information
    Show all
    MD5 : fccf4b5efa706d404eeed1849fe687e0SHA1 : ee6793f8e5d135a6a4ab6d6802735cd6d2f56d84SHA256: acf04b312a26a2ab51de82e91767e8eddc4b0e29497e394ccc7f7a371050bbc0ssdeep: 3072:BO5hpDyVqUM4GaEaNTFPLcbG0+pJ8tUYGVNk0CC7zvTP7i:ChB54Xzh8OYMNk0CC/r7File size : 160256 bytesFirst seen: 2011-07-08 12:30:43Last seen : 2011-07-11 11:19:31TrID:
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    VXD Driver (0.1%)sigcheck:
    publisher....: CrypKey Inc.
    copyright....: Copyright (c) 2000-2006
    product......: Casper
    description..: InternetClient DLL
    original name: InetCli.dll
    internal name: InternetClient
    file version.: 2, 0, 0, 225
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x7B3A
    timedatestamp....: 0x4BAE1790 (Sat Mar 27 14:34:56 2010)
    machinetype......: 0x14c (I386)

    [[ 8 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x9000, 0x8200, 6.52, 766d926320ea3bbb53a6c3facdaaf0b5
    .data, 0xA000, 0xF000, 0xF000, 7.53, b0b514cc3b532be3d4eed741c039c5f3
    .rdata, 0x19000, 0xF000, 0xEC00, 7.48, 33ed3f8edfdf4058ede353b55a79c7c9
    .bss, 0x28000, 0x4000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
    .edata, 0x2C000, 0x1000, 0x200, 3.95, 366fd233aa7907cc65de9e5c817fe186
    .idata, 0x2D000, 0x1000, 0x600, 4.47, 7ed9a33c963d5ac65ded35875e3719b3
    .rsrc, 0x2E000, 0x1000, 0x400, 2.71, b9e1fe5229bb5e3a4cdfb436d8033bd2
    .reloc, 0x2F000, 0x38C, 0x400, 5.15, 1cf37a55314c723caeae28e217675265

    [[ 6 import(s) ]]
    ADVAPI32.dll: LookupAccountSidA, RegDeleteValueA, SetPrivateObjectSecurityEx, GetSecurityDescriptorSacl
    KERNEL32.dll: ExitProcess, GetModuleHandleA, GetProcAddress, GlobalReAlloc, LoadLibraryA, SetPriorityClass, VirtualAlloc, VirtualFree
    ole32.dll: CoTaskMemAlloc, CreateAntiMoniker, IIDFromString, IsValidPtrOut, IsEqualGUID, IsAccelerator
    USER32.dll: CharNextW, GetAltTabInfoW, GetIconInfo, IsDialogMessageA, MessageBoxIndirectA, NotifyWinEvent, OpenClipboard, RegisterDeviceNotificationW, ScreenToClient, TileWindows, UnhookWinEvent, FindWindowExA
    security.dll: DeleteSecurityContext, MakeSignature
    MSVCRT.dll: exit, _stricmp, _except_handler3, __set_app_type, __p__commode, __getmainargs

    [[ 11 export(s) ]]
    FazbeznitkzHi, MxjbgakplAXqkj, csqukIgIqcfaydYcmf, dldbdfmVadYibecz, enRcNbvwupgbx, foUtwcfKwtPulfu, muqitjWtGjawfuhod, pVDedkvlrfxoqyFchU, vgtxbzzxMffFh, xqJzegxmVjYyyoAfdj, yHfvwtHyDgdf
    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 36864
    CompanyName: CrypKey Inc.
    EntryPoint: 0x7b3a
    FileDescription: InternetClient DLL
    FileFlagsMask: 0x003f
    FileOS: Windows NT 32-bit
    FileSize: 156 kB
    FileSubtype: 0
    FileType: Win32 DLL
    FileVersion: 2, 0, 0, 225
    FileVersionNumber: 2.0.0.225
    ImageVersion: 1.0
    InitializedDataSize: 173056
    InternalName: InternetClient
    LanguageCode: English (U.S.)
    LegalCopyright: Copyright 2000-2006
    LinkerVersion: 2.38
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 4.0
    ObjectFileType: Dynamic link library
    OriginalFilename: InetCli.dll
    PEType: PE32
    ProductName: Casper
    ProductVersion: 2, 0, 0, 0
    ProductVersionNumber: 2.0.0.0
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2010:03:27 15:34:56+01:00
    UninitializedDataSize: 16384
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1006555