BleepingComputer.com: Trojan rootkitAgent DI

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Note:

Please do not post problems that you may be having in this forum. This forum is to be used solely for introducing yourself to our community. If you have a problem and would like help with that, please post it in the appropriate category.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Trojan rootkitAgent DI

#1 User is offline   SamoSK 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 07-November 09

Posted 07 November 2009 - 04:00 PM

Dear friends,

I have problem with some virus in ndis.sys, I dont know how to copy good ndis.sys to windows\system32\drivers\
I ran combofix and there is combofix.log.

Please help me.

Thanks.

ComboFix 09-11-01.04 - Samo 07.11.2009 12:53.2.2 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1535.1229 [GMT 1:00]
Running from: c:\documents and settings\Samo\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 11:54 . 2009-11-07 11:54 53248 ----a-w- c:\temp\catchme.dll
2009-11-07 11:42 . 2009-11-07 11:42 -------- d-----w- c:\temp\log
2009-11-07 11:38 . 2009-11-07 11:38 -------- d-----w- c:\temp\WPDNSE
2009-11-07 11:32 . 2009-11-07 11:32 -------- d-----w- c:\temp\hsperfdata_Samo
2009-11-07 10:10 . 2009-11-07 10:14 -------- d-----w- c:\temp\Acrobat Distiller 7
2009-11-07 09:45 . 2009-11-07 11:04 -------- d-----w- c:\temp\hsperfdata_SYSTEM
2009-11-07 07:22 . 2009-11-07 07:22 160272 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-07 07:04 . 2009-11-07 07:04 -------- d-----w- c:\program files\Enigma Software Group
2009-11-07 06:43 . 2009-11-07 09:11 -------- d-----w- c:\documents and settings\Samo\Application Data\Malwarebytes
2009-11-07 06:43 . 2009-11-07 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-03 06:50 . 2009-11-03 06:50 -------- d-----w- c:\documents and settings\Samo\DoctorWeb
2009-11-02 07:36 . 2009-11-07 09:10 -------- d-----w- c:\program files\Loaris Trojan Remover
2009-11-01 07:38 . 2009-11-07 11:45 -------- d-----w- c:\program files\TrojanHunter 5.0
2009-11-01 07:38 . 2009-11-01 07:38 -------- d-----w- c:\documents and settings\Samo\Application Data\TrojanHunter
2009-11-01 07:37 . 2008-03-17 16:28 576592 ----a-w- c:\documents and settings\Samo\Application Data\Simply Super Software\Trojan Remover\trupd.exe
2009-10-31 11:03 . 2009-10-31 11:09 -------- d-----w- C:\$AVG
2009-10-31 11:03 . 2009-11-07 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-31 10:59 . 2009-10-31 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-31 10:53 . 2009-10-31 10:53 -------- d-----w- c:\documents and settings\Samo\Local Settings\Application Data\Threat Expert
2009-10-25 12:53 . 2007-07-09 13:09 584192 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-10-25 12:02 . 2009-10-25 12:02 -------- d-----w- c:\documents and settings\Samo\Local Settings\Application Data\Thinstall
2009-10-25 12:00 . 2009-10-25 12:00 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-10-25 12:00 . 2009-10-31 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-10-25 11:49 . 2009-10-25 11:49 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-25 11:31 . 2009-10-31 11:03 -------- d-----w- c:\program files\AVG
2009-10-25 11:31 . 2009-10-25 11:34 -------- d-----w- c:\program files\Anti Trojan Elite
2009-10-25 11:31 . 2009-10-25 11:31 -------- d-----w- c:\program files\Norton AntiVirus
2009-10-25 11:31 . 2009-10-25 11:31 -------- d-----w- c:\program files\Eset
2009-10-25 11:31 . 2009-10-25 11:31 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-25 11:16 . 2009-10-31 11:16 -------- d-----w- c:\program files\Spyware Doctor
2009-10-25 10:56 . 2009-10-25 10:56 -------- d-----w- c:\program files\Trojan Remover(2)
2009-10-25 10:25 . 2009-10-31 16:28 -------- d-----w- c:\documents and settings\Samo\Application Data\Spyware Terminator
2009-10-25 10:22 . 2009-10-25 10:22 -------- d-----w- c:\documents and settings\Samo\Application Data\Thinstall
2009-10-23 12:08 . 2009-10-23 12:08 212480 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2009-10-23 12:08 . 2009-10-23 12:08 19366 ----a-w- c:\windows\yjidyqe.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 11:41 . 2008-04-28 14:14 -------- d-----w- c:\documents and settings\Samo\Application Data\HPAppData
2009-11-02 07:34 . 2008-01-25 14:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-31 08:55 . 2006-11-16 13:47 -------- d-----w- c:\program files\Google
2009-10-23 12:08 . 2003-03-31 12:00 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-10-23 12:08 . 2009-10-23 12:08 17921 ----a-w- c:\program files\Common Files\qataduj._dl
2009-10-23 12:08 . 2009-10-23 12:08 16643 ----a-w- c:\program files\Common Files\vosywi.ban
2009-10-23 12:08 . 2009-10-23 12:08 10517 ----a-w- c:\documents and settings\All Users\Application Data\wytegug.bin
2009-09-10 12:54 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-10-18 16:25 . 2008-10-18 10:59 476 --sha-w- c:\windows\system32\nprCbccf.ini2
.

------- Sigcheck -------

[-] 2009-10-23 12:08 . B4B6054F06AB28020F8CF9992CE0A9A5 . 212480 . . [------] . . c:\windows\system32\drivers\ndis.sys
[-] 2009-10-23 12:08 . B4B6054F06AB28020F8CF9992CE0A9A5 . 212480 . . [------] . . c:\windows\system32\dllcache\ndis.sys
[7] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2003-03-31 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-06-16 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AtiPTA"=atiptaxx.exe
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe"
"Ptipbmf"=rundll32.exe ptipbmf.dll,SetWriteCacheMode
"Malwarebytes Anti-Malware (reboot)"="c:\store\MalwarebytesPortable\App\Malwarebytes\mbam.exe" /runcleanupscript
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"SpyHunter Security Suite"=c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Store\\MalwarebytesPortable\\App\\Malwarebytes\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AACMgt;AACMgt;c:\windows\system32\drivers\aacmgt.sys [16.1.2004 23:30 92411]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 AAC_AGENT;Adaptec RAID Remote Services Agent;c:\program files\Adaptec\SMBE\afaagent.exe [16.1.2004 23:30 421041]
S2 ARCPD;Adaptec Web Server;c:\program files\Adaptec\SMBE\arcpd.exe [20.1.2004 9:50 430143]
S2 ASMBENotify;Adaptec Storage Manager Notifier;c:\program files\Adaptec\SMBE\notify.exe [20.1.2004 9:50 503879]
S2 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [12.10.2003 17:20 143360]
S2 HexHelper;HexHelper;c:\windows\system32\drivers\hexHelper.sys [26.9.2005 10:47 4160]
S2 HexSAA7146;HexSAA7146;c:\windows\system32\drivers\hex7146.sys [26.9.2005 10:47 34784]
S2 IOManager;Adaptec I/O Manager Server;c:\program files\Adaptec\SMBE\iomgr.exe [20.1.2004 9:50 368724]
S2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [20.9.2002 14:29 53248]
S2 OracleOra92Gastro01Agent;OracleOra92Gastro01Agent;c:\datalockhotel\OraHomes\Ora92Gastro01\bin\agntsrvc.exe [22.7.2003 11:08 81692]
S2 OracleOra92Gastro01TNSListener;OracleOra92Gastro01TNSListener;c:\datalockhotel\OraHomes\Ora92Gastro01\BIN\TNSLSNR --> c:\datalockhotel\OraHomes\Ora92Gastro01\BIN\TNSLSNR [?]
S2 OracleServiceGASTRO01;OracleServiceGASTRO01;c:\datalockhotel\orahomes\ora92gastro01\bin\ORACLE.EXE GASTRO01 --> c:\datalockhotel\orahomes\ora92gastro01\bin\ORACLE.EXE GASTRO01 [?]
S2 Server BlueGastro01;Server BlueGastro01;c:\datalockhotel\SystemBlueGastro01\DlAppServer\wrapper.exe -s wrapper.conf "wrapper.ntservice.name=Server BlueGastro01" "wrapper.ntservice.displayname=Server BlueGastro01" "wrapper.ntservice.description=Datalock BlueGastro server" wrapper.ntservice.dependency.1=OracleServiceGASTRO01 --> c:\datalockhotel\SystemBlueGastro01\DlAppServer\wrapper.exe -s wrapper.conf wrapper.ntservice.name=Server BlueGastro01 [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 ati2mpad;ati2mpad;c:\windows\system32\drivers\ati2mpad.sys [8.2.2001 11:40 292224]
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [7.4.2003 13:45 151552]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10.9.2009 13:54 38224]
S3 OracleOra92Gastro01ClientCache;OracleOra92Gastro01ClientCache;c:\datalockhotel\OraHomes\Ora92Gastro01\bin\ONRSD.EXE [7.8.2003 11:19 242960]
S3 OracleOra92Gastro01SNMPPeerEncapsulator;OracleOra92Gastro01SNMPPeerEncapsulator;c:\datalockhotel\OraHomes\Ora92Gastro01\bin\encsvc.exe [22.7.2003 11:09 165307]
S3 OracleOra92Gastro01SNMPPeerMasterAgent;OracleOra92Gastro01SNMPPeerMasterAgent;c:\datalockhotel\OraHomes\Ora92Gastro01\bin\agntsvc.exe [22.7.2003 11:09 216185]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d2b3e50-c597-11dc-b1fc-000ea132f8be}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - f:\recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b5894a-14b7-11de-b269-00113b04975c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - f:\recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ede0ab4-eded-11dd-b265-00113b04975c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - f:\recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61676f74-a4fb-11dc-b1f1-00113b04975c}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{626a319d-46a6-11dd-b223-000ea132f8be}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{866f70cf-3cc0-11de-b26d-00113b04975c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - f:\recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a65ea667-75ba-11de-b274-00113b04975c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - f:\recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afb478de-e15d-11dd-b261-00113b04975c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - f:\recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f42e7d34-1822-11dd-b212-00113b04975c}]
\Shell\AutoRun\command - F:\wdsync.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: szm.sk\www
TCP: {11C25362-F008-439B-A6D5-9104FBFE575F} = 195.146.157.103
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 12:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOra92Gastro01TNSListener]
"ImagePath"="c:\datalockhotel\OraHomes\Ora92Gastro01\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3CCC72B1-A31C-7F8E-E867-026976CF2155}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaafdlllgfecanpmkf"=hex:6a,61,65,61,6c,69,70,63,6f,6e,62,70,65,6a,67,61,69,61,
6e,68,00,00
"haggnicpnpbnjpkm"=hex:6a,61,65,61,6c,69,70,63,6f,6e,62,70,65,6a,67,61,69,61,
6e,68,00,00
.
Completion time: 2009-11-07 12:56
ComboFix-quarantined-files.txt 2009-11-07 11:56
ComboFix2.txt 2009-11-07 11:24

Pre-Run: 10 333 122 560 bytes free
Post-Run: 18 adresárov, 10 300 678 144 voľných bajtov

- - End Of File - - F9A6293E9FCAD84106BF1DCF2385DAA8

#2 User is offline   garmanma 

  • Computer Masochist
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Staff Emeritus
  • Posts: 27,809
  • Joined: 27-January 07
  • Location:Cleveland, Ohio

Posted 07 November 2009 - 04:11 PM

Hello SamoSK

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users