Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Acting Incredibly Slow


  • This topic is locked This topic is locked
25 replies to this topic

#1 hgreenbl

hgreenbl

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 09 December 2007 - 02:07 AM

The computer has been acting very slow and some times it freezes up. Not sure what the actual problem is but I could really use some help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:54 AM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\bak\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL Companion\companion.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\SL61WPK3\stinger[1].exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: support - {991EF04C-93CF-469b-A2BE-CC1B3347566F} - C:\Program Files\BHO\plugin1.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [stratas]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\bak\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105037958829
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...093/mcfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8755 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 AM

Posted 10 December 2007 - 12:50 AM

Hello hgreenbl,

O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com



Any idea where you go whataboutadog from?

Whether or not it's helpful, we're interested in knowing where it came from so that we can get it ourselves. We need to further analyze this infection. We've had reports of users becoming infected while looking for Vanessa Anne Hudgens pics.


Download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe
Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced that we need to look at.
Please post it in your reply.

Edited by SifuMike, 10 December 2007 - 12:51 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 hgreenbl

hgreenbl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 10 December 2007 - 02:26 PM

I'm not sure where those 2 files came from. Should I get rid of them now, or wait til after you see this AWF report?

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Mon 12/10/2007
The current time is: 13:21:58.58


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

10/25/2005 06:56 AM 61,440 VM303_STI.EXE
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\DIGSTR~1\BAK

09/07/2007 09:06 AM 278,528 digstream.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

04/27/2007 10:25 AM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/27/2007 08:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\WINDOW~4\BAK

11/03/2006 06:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 01:56 AM 15,360 ctfmon.exe
10/03/2007 07:31 PM 192,586 qwinsldt.exe
2 File(s) 207,946 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\CA\ETRUST~1\BAK

02/13/2003 10:25 AM 493,024 realmon.exe
1 File(s) 493,024 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

09/13/2004 02:49 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\INTEL\NCS\PROSET\BAK

05/28/2003 05:32 PM 86,016 PRONoMgr.exe
1 File(s) 86,016 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

12/08/2007 02:00 PM 36,864 jusched.exe
1 File(s) 36,864 bytes

Directory of C:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\BAK

01/21/2005 06:04 PM 163,840 mssysmgr.exe
1 File(s) 163,840 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

61440 Oct 25 2005 "C:\WINDOWS\bak\VM303_STI.EXE"
61440 Oct 25 2005 "C:\Program Files\Vimicro\VM303B\Driver AutoInstall\Driver Files\VM303_STI.exe"
278528 Sep 7 2007 "C:\Program Files\DIGStream\bak\digstream.exe"
267048 Nov 15 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
257088 Apr 27 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Dec 9 2007 "C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe"
54330664 Dec 9 2007 "C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\KHQ70X2F\iTunes75Setup[1].exe"
116008 Nov 15 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
286720 Nov 14 2007 "C:\Program Files\QuickTime\QTTask.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
27660 Oct 3 2007 "C:\WINDOWS\system32\qwinsldt.exe"
192586 Oct 3 2007 "C:\WINDOWS\system32\bak\qwinsldt.exe"
27660 Dec 8 2007 "C:\Program Files\CA\eTrust Antivirus\realmon.exe"
493024 Feb 13 2003 "C:\Program Files\CA\eTrust Antivirus\bak\realmon.exe"
49152 Sep 13 2004 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
27660 Dec 8 2007 "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
86016 May 28 2003 "C:\Program Files\Intel\NCS\PROSet\bak\PRONoMgr.exe"
32881 Jan 15 2005 "C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe"
27660 Dec 8 2007 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
36972 Oct 11 2006 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
36864 Dec 8 2007 "C:\Program Files\Java\jre1.5.0_02\bin\bak\jusched.exe"
27660 Oct 3 2007 "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe"
163840 Jan 21 2005 "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak\mssysmgr.exe"


end of report

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 AM

Posted 10 December 2007 - 03:33 PM

Hi hgreenbl,


Should I get rid of them now, or wait til after you see this AWF report?


You will not be able to get rid of them youself, as the AWF infection will reload them.


Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\WINDOWS\bak\VM303_STI.EXE"
"C:\Program Files\DIGStream\bak\digstream.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\qwinsldt.exe"
"C:\Program Files\CA\eTrust Antivirus\bak\realmon.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Intel\NCS\PROSet\bak\PRONoMgr.exe"
"C:\Program Files\Java\jre1.5.0_02\bin\bak\jusched.exe"
"C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak\mssysmgr.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply
.

Edited by SifuMike, 10 December 2007 - 03:44 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 hgreenbl

hgreenbl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 10 December 2007 - 04:28 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Mon 12/10/2007
The current time is: 15:25:07.82


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

10/25/2005 06:56 AM 61,440 VM303_STI.EXE
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\DIGSTR~1\BAK

09/07/2007 09:06 AM 278,528 digstream.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

04/27/2007 10:25 AM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/27/2007 08:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\WINDOW~4\BAK

11/03/2006 06:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 01:56 AM 15,360 ctfmon.exe
10/03/2007 07:31 PM 192,586 qwinsldt.exe
2 File(s) 207,946 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\CA\ETRUST~1\BAK

02/13/2003 10:25 AM 493,024 realmon.exe
1 File(s) 493,024 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

09/13/2004 02:49 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\INTEL\NCS\PROSET\BAK

05/28/2003 05:32 PM 86,016 PRONoMgr.exe
1 File(s) 86,016 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

12/08/2007 02:00 PM 36,864 jusched.exe
1 File(s) 36,864 bytes

Directory of C:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\BAK

01/21/2005 06:04 PM 163,840 mssysmgr.exe
1 File(s) 163,840 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

61440 Oct 25 2005 "C:\WINDOWS\VM303_STI.EXE"
61440 Oct 25 2005 "C:\WINDOWS\bak\VM303_STI.EXE"
61440 Oct 25 2005 "C:\Program Files\Vimicro\VM303B\Driver AutoInstall\Driver Files\VM303_STI.exe"
278528 Sep 7 2007 "C:\Program Files\DIGStream\digstream.exe"
278528 Sep 7 2007 "C:\Program Files\DIGStream\bak\digstream.exe"
257088 Apr 27 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
257088 Apr 27 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Dec 9 2007 "C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe"
54330664 Dec 9 2007 "C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\KHQ70X2F\iTunes75Setup[1].exe"
116008 Nov 15 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
192586 Oct 3 2007 "C:\WINDOWS\system32\qwinsldt.exe"
192586 Oct 3 2007 "C:\WINDOWS\system32\bak\qwinsldt.exe"
493024 Feb 13 2003 "C:\Program Files\CA\eTrust Antivirus\realmon.exe"
493024 Feb 13 2003 "C:\Program Files\CA\eTrust Antivirus\bak\realmon.exe"
49152 Sep 13 2004 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Sep 13 2004 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
86016 May 28 2003 "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
86016 May 28 2003 "C:\Program Files\Intel\NCS\PROSet\bak\PRONoMgr.exe"
32881 Jan 15 2005 "C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe"
36864 Dec 8 2007 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
36972 Oct 11 2006 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
36864 Dec 8 2007 "C:\Program Files\Java\jre1.5.0_02\bin\bak\jusched.exe"
163840 Jan 21 2005 "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe"
163840 Jan 21 2005 "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak\mssysmgr.exe"


end of report

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 AM

Posted 10 December 2007 - 06:17 PM

Hi hgreenbl,

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reboot your computer <==== Important

************************

Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\WINDOWS\bak
C:\Program Files\DIGStream\bak
C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\system32\bak
C:\Program Files\CA\eTrust Antivirus\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Intel\NCS\PROSet\bak
C:\Program Files\Java\jre1.5.0_02\bin\bak
C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply

Edited by SifuMike, 10 December 2007 - 06:18 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 hgreenbl

hgreenbl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 10 December 2007 - 06:37 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Mon 12/10/2007
The current time is: 17:32:54.02


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\BAK

01/21/2005 06:04 PM 163,840 mssysmgr.exe
1 File(s) 163,840 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

163840 Jan 21 2005 "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe"
163840 Jan 21 2005 "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak\mssysmgr.exe"


end of report

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 AM

Posted 10 December 2007 - 07:00 PM

Hi hgreenbl,

Looks like the AWF tools did not delete one of the bak folders, so we shall do it manually.

Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'



Find and delete the bak folder:
C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak <== folder



Then run FindAWF with option 1, and post the FindAWF log. Hopefully, it will be clean. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 hgreenbl

hgreenbl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 10 December 2007 - 08:12 PM

I think that should do it. I had to uninstall the program because it wouldn't just let me delete that file, but I never use the program anyways so it doesn't matter. Thanks for the help.


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Mon 12/10/2007
The current time is: 19:04:53.43


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 AM

Posted 11 December 2007 - 12:51 AM

Hi hgreenbl,


Double-click the FindAWF icon once again.
Use the following option: Press 4 then Enter to reset domain zones
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

We killed the AWF infection (the whataboutadog), but you still have other malware on your computer.



Let's run ComboFix.

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.


I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer during HijackThis Cleanup
When everything is done and your log is clean again, you can enable it again.

Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.


Disable your eTrust Antivirus while we use ComboFix.


You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


If you have used Combofix before, please delete the version you have and redownload it again, because Combofix is being updated everyday.

Disconnect from the Internet while running ComboFix.

Temporarily disable any anti-virus and anti-malware real-time protection before performing a scan.
They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.



1. Download this file - combofix.exe to your Desktop.
Note:
It is important that it is saved directly to your desktop

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
Do NOT run ComboFix more than once.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".

Edited by SifuMike, 11 December 2007 - 12:59 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 hgreenbl

hgreenbl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 11 December 2007 - 02:36 PM

The combofix program changed my clock to military time, and it still hasn't changed back, though I have waited for a while. Should I change it back myself now? It restarted my computer and I waited to make sure it was finished.

ComboFix 07-12-09.1 - admin 2007-12-11 13:03:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.239 [GMT -6:00]
Running from: C:\Documents and Settings\admin\Desktop\ComboFix.exe
* Created a new restore point

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27, on 2007-12-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: support - {991EF04C-93CF-469b-A2BE-CC1B3347566F} - C:\Program Files\BHO\plugin1.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
O4 - HKCU\..\Run: [stratas]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\bak\mssysmgr.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105037958829
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...093/mcfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8107 bytes

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 AM

Posted 11 December 2007 - 02:50 PM

The combofix program changed my clock to military time, and it still hasn't changed back, though I have waited for a while. Should I change it back myself now?


No, leave it alone. When we uninstall it then it resets the time.

Where is the ComboFix log?? :thumbsup: There is a lot more to it than the few lines you posted. I need to see the entire log. When finished, it shall produce a log for you, C:\ComboFix.txt.

ComboFix 07-12-09.1 - admin 2007-12-11 13:03:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.239 [GMT -6:00]
Running from: C:\Documents and Settings\admin\Desktop\ComboFix.exe
* Created a new restore point


Edited by SifuMike, 11 December 2007 - 03:00 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 hgreenbl

hgreenbl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 11 December 2007 - 03:01 PM

That was all it gave me.

ComboFix 07-12-09.1 - admin 2007-12-11 13:03:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.239 [GMT -6:00]
Running from: C:\Documents and Settings\admin\Desktop\ComboFix.exe
* Created a new restore point

What should I do now? Do I need to run it again?

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 AM

Posted 11 December 2007 - 03:03 PM

No do not run it again. Look in C:\ComboFix.txt for the log. It should be quite big. Post what is there.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 hgreenbl

hgreenbl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 11 December 2007 - 03:10 PM

sorry thats all that is in C:/combofix.txt. I have searched for the file, as well as looked it up in the c drive.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users