Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Patched User 32 problem..
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 02-03-2009, 05:03 AM   #1 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 6
OS: xp


Patched User 32 problem..
Hi Guys
I have a problem with a PUP, Patched User 32, which even after McAfee has removed, keeps re-occurring. It has been shown as in
C:\Windows\System32\DLLCACHE\user32.dll and C:\Windows\System32\user32DLL
Symptoms are as follows:
Microsoft Office programs will close unexpectedly and often. Internet Explorer freezes and will not respond. When shutting down my laptop various dialogue boxes appear (with random progs or processes) saying that they are not responding. Sometimes the machine will not shut down at all, and I have to resort to switching off.
My Laptop is a Dell Inspiron 1150
Intel Celeron 2.60Ghz, 512Mb RAM, 37.1GB hard drive, running Windows XP home edition Version 2002 with service pack 3.

DDS logs are below, and attached are the attach.txt and ark.txt.

Thanks in advance and I look forward to hearing from someone.
Aidan.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Laptop 4 at 18:34:35.74 on 02/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.141 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
c:\windows\explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Laptop 4\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.orange.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
mWinlogon: Shell=c:\windows\explorer.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Sonic RecordNow!]
uRun: [eyeBeam SIP Client]
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VirusScan] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -onlytray
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [DSLAGENTEXE] c:\program files\bt voyager 205 adsl router\adsl\dslagent.exe
mRun: [GSISETUP] c:\docume~1\laptop~1\locals~1\temp\gsiinst.exe install c:\docume~1\laptop~1\locals~1\temp\.\V205Res 13
mRun: [SiteAdvisor] c:\program files\siteadvisor\6253\SiteAdv.exe
mRun: [AS00_Gear511] c:\program files\netgear\wg511scu\utility\Gear511.exe -hide
mRun: [btbb_McciTrayApp] c:\program files\bt broadband desktop help\bin\BTHelpNotifier.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [<NO NAME>] c:\documents and settings\laptop 4\.exe /i
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: adobe.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 TgbVPN;GTA Mobile VPN Client;c:\windows\system32\drivers\TgbVpn.sys [2006-5-10 97920]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-22 207656]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-11-10 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-22 144704]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2007-5-5 16194]
R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-22 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-22 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-22 40488]
S2 TgbIKE Starter;TgbIke Starter; [x]
S3 iadusb;BT Voyager 205 ADSL Router;c:\windows\system32\drivers\glauiad.sys [2007-3-6 30371]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-22 34152]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2007-5-5 449888]

=============== Created Last 30 ================

2009-02-02 15:52 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-02-02 07:53 22,784 a------- c:\windows\system32\drivers\amd64si.sys
2009-02-02 07:53 9,285 ----h--- c:\documents and settings\laptop 4\.exe
2009-01-25 15:57 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-14 08:54 <DIR> --d----- C:\4636eef1035f9f948ca0cccdc34c00

==================== Find3M ====================

2008-12-30 12:22 246 a------- c:\windows\system32\drivers\atmapi.sys
2008-12-30 12:21 578,560 a------- c:\windows\system32\user32.DLL
2008-12-30 12:21 578,560 a------- c:\windows\system32\dllcache\user32.dll
2008-12-30 12:21 290,816 a------- c:\windows\system32\nvaux32.dll
2008-12-13 06:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-09 15:00 410,984 a------- c:\windows\system32\deploytk.dll
2008-09-14 16:24 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091420080915\index.dat

============= FINISH: 18:37:12.86 ===============
Attached Files
File Type: txt ark.txt (7.0 KB, 1 views)
File Type: txt Attach.txt (9.5 KB, 1 views)
aidbiggles is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 02-04-2009, 12:09 PM   #2 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Patched User 32 problem..
Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-05-2009, 03:39 AM   #3 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 6
OS: xp


Re: Patched User 32 problem..
Hi Angelfire777

I have run combofix and the log is below. Thanks again for your help.

omboFix 09-02-04.04 - Laptop 4 2009-02-05 10:16:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.248 [GMT 0:00]
Running from: c:\documents and settings\Laptop 4\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Laptop 4\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081212003446460.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081212032556217.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081212120633149.log
c:\windows\system32\drivers\atmapi.sys

.
((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))
.

2009-02-02 18:56 . 2009-02-03 10:32 250 --a------ c:\windows\gmer.ini
2009-02-02 15:52 . 2009-02-02 16:02 <DIR> d-------- c:\documents and settings\Laptop 4\Application Data\skypePM
2009-02-02 15:52 . 2009-02-02 15:52 56 --ah----- c:\windows\SYSTEM32\ezsidmv.dat
2009-02-02 15:51 . 2009-02-02 15:51 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-02 07:53 . 2009-02-02 07:53 22,784 --a------ c:\windows\SYSTEM32\DRIVERS\amd64si.sys
2009-02-02 07:53 . 2009-02-02 07:53 9,285 ---h----- c:\documents and settings\Laptop 4\.exe
2009-01-30 10:00 . 2009-01-30 10:02 <DIR> d-------- c:\documents and settings\Laptop 4\Application Data\U3
2009-01-25 15:57 . 2009-01-25 15:57 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-14 08:54 . 2009-01-14 08:55 <DIR> d-------- C:\4636eef1035f9f948ca0cccdc34c00

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 10:23 --------- d-----w c:\program files\lx_cats
2009-02-05 08:51 --------- d-----w c:\program files\McAfee
2009-02-02 19:11 --------- d-----w c:\documents and settings\Laptop 4\Application Data\Skype
2009-01-21 12:24 --------- d-----w c:\program files\Common Files\Adobe
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 14:59 --------- d-----w c:\program files\Java
2008-09-14 16:24 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008091420080915\index.dat
.
file copied: c:\windows\system32\user32.dll -> c:\qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir ( 578560 bytes )
Infected c:\windows\system32\user32.dll hex repaired


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 847872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-03-04 487424]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-22 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-22 507904]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-17 98304]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2006-01-25 286720]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 65536]
"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 36904]
"AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2006-01-20 1122412]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-04-07 635019]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-05-07 450560]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2004-12-11 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 TgbVPN;GTA Mobile VPN Client;c:\windows\SYSTEM32\DRIVERS\TgbVpn.sys [2006-05-10 97920]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\SYSTEM32\AWINDIS5.SYS [2007-05-05 16194]
R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S2 0293991233823955mcinstcleanup;McAfee Application Installer Cleanup (0293991233823955);c:\windows\TEMP\029399~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\029399~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 TgbIKE Starter;TgbIke Starter; [x]
S3 iadusb;BT Voyager 205 ADSL Router;c:\windows\SYSTEM32\DRIVERS\glauiad.sys [2007-03-06 30371]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\SYSTEM32\DRIVERS\wg511nd5.sys [2007-05-05 449888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0293991233823955MCINSTCLEANUP

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6856cd40-6ab8-11db-9c39-000f1f1decc7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL game.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dc7d6d0-eeb4-11dd-a1a3-000f1f1decc7}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dc7d6d1-eeb4-11dd-a1a3-000f1f1decc7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL game.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c20ba342-44b4-11dc-9e4d-00106076e40d}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL game.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2007-12-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sonic RecordNow! - (no file)
HKCU-Run-eyeBeam SIP Client - (no file)
HKLM-Run-VirusScan - c:\progra~1\mcafee.com\vso\mcvsshld.exe
HKLM-Run-DSLAGENTEXE - c:\program files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
HKLM-Run-btbb_McciTrayApp - c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.orange.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
Trusted Zone: adobe.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 10:23:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3816527462-2746887979-1290444408-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\SYSTEM32\igfxsrvc.exe
c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\windows\SYSTEM32\lxcycoms.exe
.
**************************************************************************
.
Completion time: 2009-02-05 10:31:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-05 10:31:32

Pre-Run: 8,963,092,480 bytes free
Post-Run: 9,184,075,776 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

193 --- E O F --- 2009-01-14 08:59:03
aidbiggles is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-05-2009, 04:07 PM   #4 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Patched User 32 problem..
Hi,

*I see you have Viewpoint installed...
Viewpoint related software are considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player


*Go to start > control panel > add or remove programs and uninstall these older versions of Java

Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05

They take unnecessary space and they are vulnerable for infections.


*I would like you to scan a file for me.

Please go HERE. Copy and paste the following file path in to the box.

c:\windows\SYSTEM32\DRIVERS\amd64si.sys

Then click submit.

Do the same for this file:

c:\documents and settings\Laptop 4\.exe

Please post the results to your next reply.


We'll continue cleaning once I get the results from those two files.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-06-2009, 02:28 AM   #5 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 6
OS: xp


Re: Patched User 32 problem..
Hi Angelfire777

I have removed the programs you suggested.
Below are the results of the files scanned.

c:\windows\SYSTEM32\DRIVERS\amd64si.sys


Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.06 -
AhnLab-V3 5.0.0.2 2009.02.06 -
AntiVir 7.9.0.74 2009.02.06 -
Authentium 5.1.0.4 2009.02.05 -
Avast 4.8.1335.0 2009.02.06 -
AVG 8.0.0.229 2009.02.05 -
CAT-QuickHeal 10.00 2009.02.06 -
ClamAV 0.94.1 2009.02.06 -
Comodo 965 2009.02.05 -
DrWeb 4.44.0.09170 2009.02.06 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6345 2009.02.06 -
F-Prot 4.4.4.56 2009.02.05 -
F-Secure 8.0.14470.0 2009.02.06 -
Fortinet 3.117.0.0 2009.02.06 -
GData 19 2009.02.06 -
Ikarus T3.1.1.45.0 2009.02.06 -
K7AntiVirus 7.10.620 2009.02.05 -
Kaspersky 7.0.0.125 2009.02.06 -
McAfee 5517 2009.02.06 -
McAfee+Artemis 5517 2009.02.06 -
Microsoft 1.4306 2009.02.05 -
NOD32 3831 2009.02.05 -
Norman 6.00.02 2009.02.05 -
nProtect 2009.1.8.0 2009.02.06 -
Panda 9.5.1.2 2009.02.05 -
PCTools 4.4.2.0 2009.02.06 -
Prevx1 V2 2009.02.06 -
Rising 21.15.40.00 2009.02.06 -
SecureWeb-Gateway 6.7.6 2009.02.06 -
Sophos 4.38.0 2009.02.06 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.02.06 -
TheHacker 6.3.1.5.248 2009.02.06 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.06 -
Additional information
File size: 22784 bytes
MD5...: 6508b937fd2a0042a5b84e14fd97e3d9
SHA1..: 6eb92c0162b8fcfae5a353db56530ac3185b2900
SHA256: 5c3ac06e29b15971068ac8e2ef8b218e044ce9bb9908217c0f822ab254217e9b
SHA512: 31d73363d0f64f32bdf2c97698a3f152d38ef5176aa601aa1035d662037a5b59
476382d8de2122fec19610cc4a167db951b09b59c719d128eca68ac7371153f5

ssdeep: 3::

PEiD..: -
TrID..: File type identification
OpenGL object (29.2%)
Lotus 123 Worksheet (generic) (14.6%)
HSC music composer song (9.2%)
Game Music Creator Music (8.2%)
MacBinary 1 header (7.5%)
PEInfo: -


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.


2nd file:
File .exe received on 02.06.2009 10:12:33 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 21/39 (53.85%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 42 and 60 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.06 Trojan-Dropper.Kobcka!IK
AhnLab-V3 5.0.0.2 2009.02.06 -
AntiVir 7.9.0.74 2009.02.06 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2009.02.05 -
Avast 4.8.1335.0 2009.02.06 -
AVG 8.0.0.229 2009.02.05 Win32/Heur
BitDefender 7.2 2009.02.06 Trojan.Dropper.Kobcka.Gen.1
CAT-QuickHeal 10.00 2009.02.06 Trojan.Agent.bnwy
ClamAV 0.94.1 2009.02.06 -
Comodo 965 2009.02.05 -
DrWeb 4.44.0.09170 2009.02.06 Trojan.DownLoad.28430
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6345 2009.02.06 Win32/Donloz.CL
F-Prot 4.4.4.56 2009.02.05 -
F-Secure 8.0.14470.0 2009.02.06 Trojan.Win32.Agent.bnwy
Fortinet 3.117.0.0 2009.02.06 -
GData 19 2009.02.06 Trojan.Dropper.Kobcka.Gen.1
Ikarus T3.1.1.45.0 2009.02.06 Trojan-Dropper.Kobcka
K7AntiVirus 7.10.620 2009.02.05 -
Kaspersky 7.0.0.125 2009.02.06 Trojan.Win32.Agent.bnwy
McAfee 5517 2009.02.06 BackDoor-DTX
McAfee+Artemis 5517 2009.02.06 BackDoor-DTX
Microsoft 1.4306 2009.02.05 TrojanDownloader:Win32/Cutwail.AI
NOD32 3831 2009.02.05 -
Norman 6.00.02 2009.02.05 W32/Agent.LCTX
nProtect 2009.1.8.0 2009.02.06 Trojan-Dropper/W32.Small.9286
Panda 9.5.1.2 2009.02.05 -
PCTools 4.4.2.0 2009.02.06 -
Prevx1 V2 2009.02.06 Malicious Software
Rising 21.15.40.00 2009.02.06 -
SecureWeb-Gateway 6.7.6 2009.02.06 Trojan.Crypt.XPACK.Gen
Sophos 4.38.0 2009.02.06 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.02.06 Downloader
TheHacker 6.3.1.5.248 2009.02.06 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.6.1594 2009.02.06 Dropper.Small.9286
VirusBuster 4.5.11.0 2009.02.06 Trojan.DR.Pandex.Gen.9
Additional information
File size: 9285 bytes
MD5...: dd90fac71f631f6492b3fb77ea988008
SHA1..: abad7d6f175f3a491ceaff824830e1773b4872fd
SHA256: fcbc4319f78299d061a3d66bff2e4dabf1e6b2f06c056bc05586a031eae0b712
SHA512: 129d8ad4f343080a88c9e9493757bd4ce41823999de70abcb173440b5160929e
0118d47d9702e3b968a1ecd5ec16f400e6e7d343503c0129947e7fc512a58632

ssdeep: 192:ID625Uw85m72oWysiW2mOkZRxjVeiiQgLFZ9Id1GTsZVFV:IEpQ72oBJmO+j
joiiQeZ9IdZVD

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x12a3
timedatestamp.....: 0x49834288 (Fri Jan 30 18:10:16 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x834 0x836 6.64 b908596ba90567b67f26949bf167e129
.data 0x2000 0xac 0x8d 3.47 a433629efb18297b84b0e9995bad705d
.rsrc 0x3000 0x1648 0x1645 7.93 8bab9d9c8f8e2085fc279674c5632e5e

( 2 imports )
> KERNEL32.dll: ExitProcess
> USER32.dll: BeginPaint, CreateWindowExA, DefWindowProcA, DispatchMessageA, EndPaint, FindWindowA, GetMessageA, GetSystemMetrics, LoadCursorA

( 0 exports )

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=C6B7AA7245C5D8BA249000524600B3002B08DF03' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=C6B7AA7245C5D8BA249000524600B3002B08DF03</a>


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
aidbiggles is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-06-2009, 10:57 AM   #6 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Patched User 32 problem..
Hi,

delete these two files:

c:\windows\SYSTEM32\DRIVERS\amd64si.sys
c:\documents and settings\Laptop 4\.exe


*Next, it's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


On your next reply, please include a
  • Fresh DDS log (just dds.txt)
  • kaspersky scan log
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-07-2009, 02:35 AM   #7 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 6
OS: xp


Re: Patched User 32 problem..
Hi Angelfire777

Ok, the two files have been deleted.
Below are the DDS log and Kaspersky scan log.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Laptop 4 at 7:50:57.90 on 07/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.233 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Laptop 4\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.orange.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -onlytray
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [SiteAdvisor] c:\program files\siteadvisor\6253\SiteAdv.exe
mRun: [AS00_Gear511] c:\program files\netgear\wg511scu\utility\Gear511.exe -hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: adobe.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 TgbVPN;GTA Mobile VPN Client;c:\windows\system32\drivers\TgbVpn.sys [2006-5-10 97920]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-22 207656]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-11-10 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-22 144704]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2007-5-5 16194]
R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-22 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-22 35240]
S2 0293991233823955mcinstcleanup;McAfee Application Installer Cleanup (0293991233823955);c:\windows\temp\029399~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\029399~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 TgbIKE Starter;TgbIke Starter; [x]
S3 iadusb;BT Voyager 205 ADSL Router;c:\windows\system32\drivers\glauiad.sys [2007-3-6 30371]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-22 34152]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-22 40488]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2007-5-5 449888]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-22 605512]

=============== Created Last 30 ================

2009-02-05 10:13 <DIR> a-dshr-- C:\cmdcons
2009-02-05 10:07 161,792 a------- c:\windows\SWREG.exe
2009-02-05 10:07 98,816 a------- c:\windows\sed.exe
2009-02-02 18:56 250 a------- c:\windows\gmer.ini
2009-02-02 15:52 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-01-25 15:57 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-14 08:54 <DIR> --d----- C:\4636eef1035f9f948ca0cccdc34c00

==================== Find3M ====================

2008-12-30 12:21 578,560 a------- c:\windows\system32\user32.DLL
2008-12-30 12:21 578,560 a------- c:\windows\system32\dllcache\user32.dll
2008-12-13 06:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-09 15:00 410,984 a------- c:\windows\system32\deploytk.dll
2008-09-14 16:24 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091420080915\index.dat

============= FINISH: 7:52:00.37 ===============


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, February 7, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, February 06, 2009 22:14:45
Records in database: 1761397
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
E:\

Scan statistics:
Files scanned: 149024
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 03:29:18


File name / Threat name / Threats count
C:\Documents and Settings\Laptop 4\Desktop\BBDesktopHelpInstall.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\user32.dll.vir Infected: Trojan.Win32.Patched.dr 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_user32_.dll.zip Infected: Trojan.Win32.Patched.dr 1
C:\RECYCLER\S-1-5-21-3816527462-2746887979-1290444408-1006\Dc2.exe Infected: Trojan.Win32.Agent.bnwy 1
C:\WINDOWS\Motive\btbb\UninstallHelper.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1

The selected area was scanned.



Best Regards
aidbiggles.
aidbiggles is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-07-2009, 10:13 AM   #8 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Patched User 32 problem..
*Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
@=""
Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

after that. empty your recycle bin.


How is it running?
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2009, 02:49 AM   #9 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 6
OS: xp


Re: Patched User 32 problem..
Hello Angelfire777

Thank you for the 'present'.

All appears to be running well now, though I have not been using the laptop as much as normal. The next few days will give me a better idea as to performance.

Thanks so much for your help, you are really good to take time to help us 'numpties' with our problems.

Thanks
Aidbiggles...
aidbiggles is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2009, 10:48 AM   #10 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Patched User 32 problem..
You're welcome :)

Click start > run > copy and paste:

combofix /u

That will hide your system files, clear your system restore cache and uninstall combofix.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Read TonyKlein's How Did I Get Infected In The First Place?.

Please check out miekiemoes' "How to Prevent Malware"

Happy safe surfing!

Note: Please reply to this thread one last time so I could mark it as resolved.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-11-2009, 05:06 AM   #11 (permalink)
Registered User
 
Join Date: Feb 2009
Posts: 6
OS: xp


Re: Patched User 32 problem..
Angelfire777

Thanks again for your help, will make a donation at the end of the month when the pay cheque arrives!

all seems to be running as it was before.

Have also read the advice threads.....duly noted.

All the best

Aidbiggles.
aidbiggles is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:54 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85