Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Threat Detected - Tcpsr.sys


  • This topic is locked This topic is locked
2 replies to this topic

#1 Mr NoD

Mr NoD

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 03 July 2008 - 05:50 PM

On startup, I get a popup from AVG saying "Threat detected!" and that the film name is C:\WINDOWS\System32\drivers\tcpsr.sys

Using AVG to 'Heal' or 'Move to Vault' doesn't do anything, as the threat returns when the PC is restarted.

I ran Spybot and SDFix to try and get rid of it, but it keeps returning.

Spybot log:

"Win32.Winlagons.co: [SBI $C599E67C] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpsr

Win32.Winlagons.co: [SBI $6A30ABB6] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tcpsr"


SDFix log:
"Trojan Files Found:

C:\WINDOWS\system32\drivers\tcpsr.sys - Deleted"


I ran DSS.exe but it only produced a main.txt report - there was no extra.txt
The main.txt:

Deckard's System Scanner v20071014.68
Run by Stuart on 2008-07-03 23:52:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.7 GiB (less than 15%) free.


-- HijackThis (run as Stuart.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:29, on 03/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Stuart\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Stuart.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\ C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2E0099} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [logon.exe] c:\windows\system32\logon.exe
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Sgf] C:\WINDOWS\Eos.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKCU\..\Run: [logon.exe] c:\windows\system32\logon.exe
O4 - HKCU\..\Run: [Sgf] C:\WINDOWS\Eos.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.msn.com
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0974970245917e...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1117881439718
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - http://register.btinternet.com/templates/b...lcontrol013.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - http://register.btinternet.com/templates/btwebcontrol023.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C75766CA-E2FC-44A1-A21D-7462A5F80D5B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {D59C73EA-B84D-4DE9-9EE8-4300655F74FB} - C:\Documents and Settings\Stuart\Local Settings\Application Data\microsoft\internet explorer\V0.15.dat
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 9574 bytes

-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-03 23:50:30 6784 --a------ C:\WINDOWS\system32\drivers\tcpsr.sys
2008-07-03 21:55:37 0 d-------- C:\Documents and Settings\Stuart\Application Data\Uniblue
2008-07-03 21:48:00 0 d-------- C:\Program Files\Trend Micro
2008-07-03 01:35:10 0 d--h----- C:\$AVG8.VAULT$
2008-07-03 01:24:03 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-03 01:23:58 0 d-------- C:\Documents and Settings\Stuart\Application Data\AVGTOOLBAR
2008-07-03 01:23:48 0 d-------- C:\Program Files\AVG
2008-07-03 01:23:48 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-02 00:07:58 0 d-------- C:\WINDOWS\ERUNT
2008-07-01 23:51:33 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-06-29 15:47:36 0 d---s---- C:\Documents and Settings\Stuart\Cookies
2008-06-29 15:47:35 0 dr------- C:\Documents and Settings\Stuart\Favorites
2008-06-29 10:29:40 0 dr-h----- C:\Documents and Settings\Stuart\Recent
2008-06-28 02:45:50 30208 --a------ C:\WINDOWS\system32\drivers\Agl40.sys
2008-06-17 14:36:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-14 17:07:21 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-14 17:05:23 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-14 17:05:23 0 d-------- C:\WINDOWS\system32\drivers\UMDF


-- Find3M Report ---------------------------------------------------------------

2008-06-28 14:40:04 10022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-26 01:22:52 0 d-------- C:\Program Files\PhoneTools
2008-06-26 01:22:25 0 --a------ C:\WINDOWS\Capture
2008-06-08 12:54:09 0 d-------- C:\Program Files\World of Warcraft
2008-05-31 18:35:36 0 d-------- C:\Program Files\Real
2008-05-31 18:35:36 0 d-------- C:\Program Files\Common Files\Real
2008-05-31 18:35:36 0 d-------- C:\Documents and Settings\Stuart\Application Data\Real
2008-05-31 18:35:35 0 d-a------ C:\Program Files\Common Files
2008-05-27 23:42:30 0 d-------- C:\Documents and Settings\Stuart\Application Data\Roxio
2008-05-25 03:36:41 0 d-------- C:\Program Files\UniUploader
2008-05-10 19:44:19 2542 --a------ C:\WINDOWS\unins000.dat
2008-05-10 19:41:50 691545 --a------ C:\WINDOWS\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
03/07/2008 01:23 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellTouch"="C:\WINDOWS\MMKeybd.exe" [05/09/2001 14:28]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [17/02/2007 20:18]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [13/07/2000 21:00]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [13/07/2000 21:00]
"BCWipeTM Startup"="C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" [04/10/2004 05:38]
"POINTER"="point32.exe" []
"SideWinderTrayV4"="C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe" [02/06/2000 19:07]
"logon.exe"="c:\windows\system32\logon.exe" []
"winmain"="winmain.exe" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [10/09/2002 22:26]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [22/03/2004 21:10]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"Sgf"="C:\WINDOWS\Eos.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [12/10/2006 04:10]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [30/12/2003 10:40]
"LWBMOUSE"="C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE" [24/05/2002 13:54]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [03/07/2008 01:23]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [27/03/2002 16:33]
"logon.exe"="c:\windows\system32\logon.exe" []
"Sgf"="C:\WINDOWS\Eos.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\Stuart\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [30/12/2006 16:57:08]
DESKTOP.INI [31/08/2001 11:50:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [25/10/2002 20:06:34]
broadband medic.lnk - C:\Program Files\ntl\broadband medic\bin\matcli.exe [08/09/2006 19:34:51]
DESKTOP.INI [31/08/2001 11:50:56]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [09/01/2002 21:53:14]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 07:01:04]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [13/07/2000 21:00:00]
ZoneAlarm.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe [22/02/2003 01:54:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=0 (0x0)
"Btn_Search"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Agl40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-07-03 23:54:55 ------------


Any advice on how to deal with this tcpsr.sys would be gratefully received.

Thanks.

BC AdBot (Login to Remove)

 


m

#2 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 23 July 2008 - 01:22 PM

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am sorry that we were unable to reply to your post sooner. The forums have been very busy.

If you are still in need of assistance, please scan again with HijackThis and post a fresh log.

Also, please make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

Post the fresh HijackThis log and the uninstall list in the body of your next reply.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#3 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 31 July 2008 - 06:31 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users