|
|
| Next: Share the way to rip DVD and convert video (For M.. |
| Author |
Message |
johnnyshipwreck
Joined: Feb 06, 2009
Posts: 5
|
 Posted: Fri Feb 06, 2009 10:16 pm Post subject: Help with a Hi Jack This Log |
|
|
Hello,
I am new to these forums and hope that some generous person can be of help. Yesterday my computer started acting up. All of the desktop items disappear shortly after starting up the computer. They reappear for a few seconds, but disappear moments later. I ran Avira anti-virus on the computer, but it did not solve the problem. It did discover the following:
TR/Crypt.XPACK.Gen
EXP/Java.Gimsh.A.41
TR/Dropper.Gen
BDS/TDSS.JW
BDS.TDSS.ACS
When I try to defragment drive C, I get a message that disk defragmentation could not start.
I am a total novice, so any help is greatly appreciated (and any dumbing down of explanations on how to fix the problem would be appreciated, too). Thanks so much. Here is a list of the results of my hijack this log. Let me know if another format (eg. as an attachment) would be better.
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe |
|
| Back to top |
|
 |
greyknight17
Joined: Feb 03, 2003
Posts: 5924
Location: Brooklyn, NY
|
| Posted: Sun Feb 08, 2009 11:20 am Post subject: |
|
|
Welcome to Lockergnome.
The HijackThis log you posted is incomplete (cutoff). Please post the entire log here again.
Right click on My Computer and go to Properties. Then go to the Hardware tab and click on Device Manager. Go to View > Show hidden devices. Then go to Non-Plug and Play Drivers and expand it. Look for TDSservs.sys and when found, right click on it and choose Disable. See if you can download the security programs now.
Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Double-click on mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here. |
|
| Back to top |
|
|
johnnyshipwreck
Joined: Feb 06, 2009
Posts: 5
|
| Posted: Mon Feb 09, 2009 8:16 pm Post subject: Reply |
|
|
Hello,
Thanks so much for your help. I don't know what I would have done.
I disabled TDSservs.sys and then ran Malwarebytes. It found a number of infections. I will post that report below. The computer seems to be running fine now, but should I still run combofix? Also, do I need to enable TDSservs.sys?
Thanks again. Here's the malware report:
Malwarebytes' Anti-Malware 1.33
Database version: 1740
Windows 5.1.2600 Service Pack 3
2/8/2009 9:46:42 PM
mbam-log-2009-02-08 (21-46-42).txt
Scan type: Quick Scan
Objects scanned: 63463
Time elapsed: 5 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 26
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 23
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\geBuUlLb.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ce4a3e-d695-4169-a6d1-5fff69ef93d7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{44ce4a3e-d695-4169-a6d1-5fff69ef93d7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxpjdsk (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ce4a3e-d695-4169-a6d1-5fff69ef93d7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uwaaunqi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uwaaunqi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uwaaunqi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\seneka (Trojan.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\geBuUlLb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\geBuUlLb.dllbox (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\c:\windows\system32\gebuullb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bLlUuBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bLlUuBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXPJDSK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekabxvtkayv.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\senekavyxjbqlx.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\kziwpoyn.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\seneka.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekawlgidupo.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\xcnwrosmae.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekadlaogxcn.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekagogvimot.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekamesenmkj.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully. |
|
| Back to top |
|
|
greyknight17
Joined: Feb 03, 2003
Posts: 5924
Location: Brooklyn, NY
|
| Posted: Wed Feb 11, 2009 6:09 pm Post subject: |
|
|
| Please post ComboFix as indicated in the instructions. We still need that log file as there may be other files hidden there. Don't enable TDS back unless you want to encounter the same problem again. We will need to remove it if ComboFix does not clean it properly. |
|
| Back to top |
|
|
johnnyshipwreck
Joined: Feb 06, 2009
Posts: 5
|
| Posted: Fri Feb 13, 2009 3:32 pm Post subject: Combofix log |
|
|
Thanks so much for your help. Here's the combofix log:
ComboFix 09-02-12.03 - HP_Administrator 2009-02-13 12:18:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1565 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\IE4 Error Log.txt
c:\windows\system32\nsprs.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\winlogon2.exe
c:\windows\system32\x13
c:\windows\system32\x13\VE2PIX5.exe
c:\windows\system32\Z55
D:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Legacy_TNIDRIVER
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))
.
2009-02-08 20:10 . 2009-02-08 20:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 20:10 . 2009-02-08 20:10 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-02-08 20:10 . 2009-02-08 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-08 20:10 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-08 20:10 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-05 16:53 . 2009-02-08 21:47 2,816 --a------ c:\windows\uwaaunqi
2009-02-02 22:42 . 2009-02-02 22:42 <DIR> d-------- c:\program files\MP3 Converter
2009-02-02 22:42 . 2009-02-02 22:47 <DIR> d-------- c:\program files\Common Files\eSellerate
2009-02-02 22:36 . 2009-02-02 22:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-23 12:38 . 2009-01-23 12:39 <DIR> d-------- c:\program files\iTunes
2009-01-23 12:38 . 2009-01-23 12:38 <DIR> d-------- c:\program files\iPod
2009-01-23 12:38 . 2009-01-23 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-23 12:37 . 2009-01-23 12:37 <DIR> d-------- c:\program files\Bonjour
2009-01-13 18:43 . 2009-01-13 18:43 <DIR> d-------- c:\program files\Sony
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 06:12 --------- d-----w c:\program files\WildTangent
2009-02-09 06:09 --------- d-----w c:\program files\Common Files\muvee Technologies
2009-02-09 06:07 --------- d-----w c:\program files\DivX
2009-02-09 06:03 --------- d-----w c:\program files\Lavasoft
2009-02-09 06:03 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-06 06:36 --------- d-----w c:\program files\Trend Micro
2009-01-24 01:11 --------- d-----w c:\program files\Apple Software Update
2009-01-23 20:38 --------- d-----w c:\program files\Common Files\Apple
2009-01-23 20:37 --------- d-----w c:\program files\QuickTime
2009-01-14 02:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 05:00 --------- d--h--w c:\documents and settings\HP_Administrator\Application Data\Move Networks
2008-12-22 01:30 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\U3
2008-12-22 01:29 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\W Photo Studio Viewer
2008-12-16 19:16 --------- d-----w c:\program files\Alwil Software
2008-12-16 06:16 --------- d-----w c:\program files\GemMaster
2008-12-16 06:16 --------- d-----w c:\program files\BitTorrent
2008-03-30 03:31 61,480 ----a-w c:\documents and settings\HP_Administrator\GoToAssistDownloadHelper.exe
2007-05-29 22:16 3,944,124 ----a-w c:\program files\ofotonow_setup.exe
2007-05-22 21:10 732,421 ----a-w c:\program files\uploadr_v2.5.0.14_2.exe
2007-05-15 14:44 23,768,104 ----a-w c:\program files\SkypeSetup.exe
2007-05-06 22:11 4,850,920 ----a-w c:\program files\aawsepersonal.exe
2007-04-16 22:05 6,006,832 ----a-w c:\program files\Firefox Setup 2.0.0.3.exe
2007-03-26 20:10 7,718,504 ----a-w c:\program files\winzip110.exe
2006-11-02 16:29 156 -c--a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2006-04-23 02:15 22 -csha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-01 7933952]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-11 49152]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-28 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-14 675840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-06 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-01 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"nwiz"="nwiz.exe" [2007-02-01 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.EXE]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-02-13 27136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
S0 lpxeo;lpxeo;c:\windows\system32\drivers\pcmpis.sys --> c:\windows\system32\drivers\pcmpis.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_U...mp;c=Q1
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\wyfdtdnd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/mail
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\wyfdtdnd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 12:22:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2009-02-13 12:24:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-13 20:24:41
Pre-Run: 127,592,833,024 bytes free
Post-Run: 127,691,591,680 bytes free
197 --- E O F --- 2009-02-12 10:51:00 |
|
| Back to top |
|
|
greyknight17
Joined: Feb 03, 2003
Posts: 5924
Location: Brooklyn, NY
|
| Posted: Fri Feb 13, 2009 11:10 pm Post subject: |
|
|
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
| Quote: |
Driver::
lpxeo
File::
c:\windows\uwaaunqi
c:\windows\system32\drivers\pcmpis.sys
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00 |
Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.
Note: Do not click on combofix's window while it's running. That may cause it to stall. |
|
| Back to top |
|
|
johnnyshipwreck
Joined: Feb 06, 2009
Posts: 5
|
| Posted: Sat Feb 14, 2009 12:51 pm Post subject: Update on Combofix |
|
|
Please advise on next step. Thanks. Combofix log:
ComboFix 09-02-12.03 - HP_Administrator 2009-02-14 9:44:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1543 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\system32\drivers\pcmpis.sys
c:\windows\uwaaunqi
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\uwaaunqi
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_lpxeo
((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.
2009-02-08 20:10 . 2009-02-08 20:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 20:10 . 2009-02-08 20:10 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-02-08 20:10 . 2009-02-08 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-08 20:10 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-08 20:10 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 22:42 . 2009-02-02 22:42 <DIR> d-------- c:\program files\MP3 Converter
2009-02-02 22:42 . 2009-02-02 22:47 <DIR> d-------- c:\program files\Common Files\eSellerate
2009-02-02 22:36 . 2009-02-02 22:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-23 12:38 . 2009-01-23 12:39 <DIR> d-------- c:\program files\iTunes
2009-01-23 12:38 . 2009-01-23 12:38 <DIR> d-------- c:\program files\iPod
2009-01-23 12:38 . 2009-01-23 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-23 12:37 . 2009-01-23 12:37 <DIR> d-------- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 06:12 --------- d-----w c:\program files\WildTangent
2009-02-09 06:09 --------- d-----w c:\program files\Common Files\muvee Technologies
2009-02-09 06:07 --------- d-----w c:\program files\DivX
2009-02-09 06:03 --------- d-----w c:\program files\Lavasoft
2009-02-09 06:03 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-06 06:36 --------- d-----w c:\program files\Trend Micro
2009-01-24 01:11 --------- d-----w c:\program files\Apple Software Update
2009-01-23 20:38 --------- d-----w c:\program files\Common Files\Apple
2009-01-23 20:37 --------- d-----w c:\program files\QuickTime
2009-01-14 02:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-14 02:43 --------- d-----w c:\program files\Sony
2009-01-08 05:00 --------- d--h--w c:\documents and settings\HP_Administrator\Application Data\Move Networks
2008-12-22 01:30 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\U3
2008-12-22 01:29 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\W Photo Studio Viewer
2008-12-16 19:16 --------- d-----w c:\program files\Alwil Software
2008-12-16 06:16 --------- d-----w c:\program files\GemMaster
2008-12-16 06:16 --------- d-----w c:\program files\BitTorrent
2008-03-30 03:31 61,480 ----a-w c:\documents and settings\HP_Administrator\GoToAssistDownloadHelper.exe
2007-05-29 22:16 3,944,124 ----a-w c:\program files\ofotonow_setup.exe
2007-05-22 21:10 732,421 ----a-w c:\program files\uploadr_v2.5.0.14_2.exe
2007-05-15 14:44 23,768,104 ----a-w c:\program files\SkypeSetup.exe
2007-05-06 22:11 4,850,920 ----a-w c:\program files\aawsepersonal.exe
2007-04-16 22:05 6,006,832 ----a-w c:\program files\Firefox Setup 2.0.0.3.exe
2007-03-26 20:10 7,718,504 ----a-w c:\program files\winzip110.exe
2006-11-02 16:29 156 -c--a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2006-04-23 02:15 22 -csha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( SnapShot RemoveThis @2009-02-13_12.23.57.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-14 17:46:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_574.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-01 7933952]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-11 49152]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-28 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-14 675840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-06 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-01 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"nwiz"="nwiz.exe" [2007-02-01 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.EXE]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-02-13 27136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
Contents of the 'Scheduled Tasks' folder
2009-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_U...mp;c=Q1
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\wyfdtdnd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/mail
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\wyfdtdnd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 09:46:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2009-02-14 9:49:10 - machine was rebooted [HP_Administrator]
ComboFix-quarantined-files.txt 2009-02-14 17:49:07
ComboFix2.txt 2009-02-14 17:36:44
ComboFix3.txt 2009-02-13 20:24:45
Pre-Run: 127,669,940,224 bytes free
Post-Run: 127,652,646,912 bytes free
189 --- E O F --- 2009-02-12 10:51:00 |
|
| Back to top |
|
|
greyknight17
Joined: Feb 03, 2003
Posts: 5924
Location: Brooklyn, NY
|
| Posted: Sat Feb 14, 2009 8:44 pm Post subject: |
|
|
Good job. Your log is clean.
To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.
Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go. |
|
| Back to top |
|
|
johnnyshipwreck
Joined: Feb 06, 2009
Posts: 5
|
| Posted: Sun Feb 15, 2009 2:06 pm Post subject: Thank you |
|
|
Thank you very much for your help. It is extremely nice of you to take time to help strangers. I really appreciate it.
John |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
| |
|
|
General