Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antispycheck + Possibly Others


  • Please log in to reply
2 replies to this topic

#1 takk

takk

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Olympia, WA
  • Local time:07:57 PM

Posted 21 July 2008 - 06:21 PM

Apparently, my roommate has been looking at a lot of porn. This caused my computer to have a fit. I have run Spybot, Adaware, and AVG Anti-Spyware, and hopefully got the bulk of it eliminated, but there still seems to be a pesky little bugger masquerading as a Windows Security Alert icon in my taskbar notification area. I have attached a picture of what pops up every 4 seconds.

Posted Image

When clicked on, it directs you to a site advertising "AntiSpyCheck".

There might be other infections, this one is just glaringly obvious. Thank you.

Deckard's System Scanner v20071014.68
Run by Morgan on 2008-07-21 16:20:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Morgan.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:20:35 PM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Web Technologies\iebtm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Web Technologies\iebtmm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Morgan\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Morgan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ASCWarningBHO Class - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - C:\Program Files\ASC 2.1\ASCWarning32.dll (file missing)
O2 - BHO: 219725 helper - {6EA1DB25-2524-4DD6-B997-42E8F38C6E46} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Program Files\Web Technologies\iebt.dll
O3 - Toolbar: Internet Service - {65742936-8079-408B-9F3C-874B78030A72} - C:\Program Files\Web Technologies\iebr.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [vptray analyzing] C:\WINDOWS\System32\Com\vptray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [asc32] "C:\Program Files\ASC 2.1\asc 2.1.exe"
O4 - HKLM\..\RunServices: [vptray analyzing] C:\WINDOWS\System32\Com\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe
O4 - HKCU\..\Run: [vptray analyzing] C:\WINDOWS\System32\Com\vptray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AUTORUN_VAL] C:\Program Files\ASC 2.1\asc 2.1.exe
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\system32\wbem\scricon.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browseroption.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browseroption.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162423240545
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169292566811
O22 - SharedTaskScheduler: incorrectnesses - {201a14d7-b5b4-422c-816f-5f2a1e92e0e7} - C:\WINDOWS\system32\xevhbpw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 9339 bytes

-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-21 15:35:27 0 dr-h----- C:\Documents and Settings\Morgan\Recent
2008-07-21 05:19:25 0 d-------- C:\WINDOWS\system32\219725
2008-07-21 05:13:28 0 d-------- C:\Program Files\Web Technologies
2008-07-16 14:49:19 0 d-------- C:\Program Files\Common Files\SunnComm Shared


-- Find3M Report ---------------------------------------------------------------

2008-07-21 15:47:55 0 d-------- C:\Documents and Settings\Morgan\Application Data\Mozilla
2008-07-21 15:35:28 0 d-------- C:\Program Files\Steam
2008-07-21 14:46:21 1416798 --a------ C:\Documents and Settings\Morgan\Application Data\CleanUp!.log
2008-07-21 13:26:09 0 d-------- C:\Program Files\Driver Sweeper
2008-07-21 13:21:23 0 d-------- C:\Program Files\Common Files\Real
2008-07-21 13:21:22 0 d-------- C:\Documents and Settings\Morgan\Application Data\Real
2008-07-21 13:21:15 0 d-------- C:\Program Files\Common Files
2008-07-18 13:53:15 0 d-------- C:\Program Files\Soulseek
2008-07-16 14:56:23 0 d-------- C:\Program Files\foobar2000
2008-07-16 14:55:47 13312 --a-s---- C:\WINDOWS\system32\xevhbpw.dll
2008-06-19 16:19:03 0 d-------- C:\Documents and Settings\Morgan\Application Data\U3
2008-06-15 21:51:40 0 d-------- C:\Program Files\Real
2008-06-15 21:48:35 114688 --a------ C:\WINDOWS\system32\wmatimer.dll
2008-06-15 00:12:13 0 d-------- C:\Program Files\Acoustica MP3 To Wave Converter PLUS
2008-06-10 19:21:04 0 d-------- C:\Program Files\Last.fm
2008-06-09 18:47:53 0 d-------- C:\Program Files\PowerStrip
2008-06-07 15:22:11 0 d-------- C:\Program Files\Picture Merge Genius
2008-06-07 15:21:47 0 d-------- C:\Program Files\Workspace Macro 4.6
2008-06-07 15:09:47 0 d-------- C:\Program Files\Nvidia Omega Drivers
2008-05-09 13:37:42 256 --a------ C:\WINDOWS\system32\pool.bin
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58472BC6-BEA3-42d4-8917-7A8BCB0711B5}]
C:\Program Files\ASC 2.1\ASCWarning32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EA1DB25-2524-4DD6-B997-42E8F38C6E46}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}]
07/21/2008 03:35 PM 7680 --a------ C:\Program Files\Web Technologies\iebt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{65742936-8079-408B-9F3C-874B78030A72}"= C:\Program Files\Web Technologies\iebr.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{65742936-8079-408B-9F3C-874B78030A72}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [03/02/2006 04:22 AM C:\WINDOWS\SOUNDMAN.EXE]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [02/28/2004 09:12 AM]
"Tweak UI"="TWEAKUI.CPL" [06/18/2000 11:03 AM C:\WINDOWS\system32\TWEAKUI.CPL]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [05/01/2007 05:19 PM]
"vptray analyzing"="C:\WINDOWS\System32\Com\vptray.exe" []
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [03/18/2005 04:34 AM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [12/16/2004 05:49 PM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [08/16/2007 08:56 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"asc32"="C:\Program Files\ASC 2.1\asc 2.1.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Auto File System Conversion Utility"="C:\WINDOWS\system32\wbem\scricon.exe" []
"vptray analyzing"="C:\WINDOWS\System32\Com\vptray.exe" []
"Steam"="c:\program files\steam\steam.exe" [04/07/2008 02:38 AM]
"AUTORUN_VAL"="C:\Program Files\ASC 2.1\asc 2.1.exe" []
"wblogon"="C:\WINDOWS\system32\ubpr01.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Auto File System Conversion Utility"=C:\WINDOWS\system32\wbem\scricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"vptray analyzing"=C:\WINDOWS\System32\Com\vptray.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"vptray analyzing"=C:\WINDOWS\System32\Com\vptray.exe

C:\Documents and Settings\Morgan\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/25/2006 07:19:46 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"start"=C:\Program Files\Web Technologies\iebtm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]
"Protected system files1"=avgupsvc.exe
"Protected system files2"=avgamsvr.exe
"Protected system files3"=avgcc.exe
"Protected system files4"=nod32kui.exe
"Protected system files5"=nod32krn.exe
"Protected system files6"=ccSetMgr.exe
"Protected system files7"=ccEvtMgr.exe
"Protected system files8"=DefWatch.exe
"Protected system files9"=SavRoam.exe
"Protected system files10"=Rtvscan.exe
"Protected system files11"=VPTray.exe
"Protected system files12"=ccApp.exe
"Protected system files13"=AluSchedulerSvc.exe
"Protected system files14"=nod32.exe
"Protected system files15"=nod32ra.exe
"Protected system files16"=UpdaterUI.exe
"Protected system files17"=tbmon.exe
"Protected system files18"=Mcshield.exe
"Protected system files19"=SHSTAT.exe
"Protected system files20"=ashMaiSv.exe
"Protected system files21"=ashServ.exe
"Protected system files22"=ashWebSv.exe
"Protected system files23"=aswUpdSv.exe
"Protected system files24"=AVGUARD.exe
"Protected system files25"=AVWUPSRV.exe
"Protected system files26"=avscan.exe
"Protected system files27"=guardgui.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]
"Protected system files1"=avgupsvc.exe
"Protected system files2"=avgamsvr.exe
"Protected system files3"=avgcc.exe
"Protected system files4"=nod32kui.exe
"Protected system files5"=nod32krn.exe
"Protected system files6"=ccSetMgr.exe
"Protected system files7"=ccEvtMgr.exe
"Protected system files8"=DefWatch.exe
"Protected system files9"=SavRoam.exe
"Protected system files10"=Rtvscan.exe
"Protected system files11"=VPTray.exe
"Protected system files12"=ccApp.exe
"Protected system files13"=AluSchedulerSvc.exe
"Protected system files14"=nod32.exe
"Protected system files15"=nod32ra.exe
"Protected system files16"=UpdaterUI.exe
"Protected system files17"=tbmon.exe
"Protected system files18"=Mcshield.exe
"Protected system files19"=SHSTAT.exe
"Protected system files20"=ashMaiSv.exe
"Protected system files21"=ashServ.exe
"Protected system files22"=ashWebSv.exe
"Protected system files23"=aswUpdSv.exe
"Protected system files24"=AVGUARD.exe
"Protected system files25"=AVWUPSRV.exe
"Protected system files26"=avscan.exe
"Protected system files27"=guardgui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{201a14d7-b5b4-422c-816f-5f2a1e92e0e7}"= C:\WINDOWS\system32\xevhbpw.dll [07/16/2008 02:55 PM 13312]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Auto File System Conversion Utility"= C:\WINDOWS\system32\wbem\scricon.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"WZCSVC"=2 (0x2)
"uploadmgr"=2 (0x2)
"Themes"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11c68f1c-1e07-11dd-8b9e-000ea69e40b3}]
AutoRun\command- J:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-07-21 16:20:57 ------------

BC AdBot (Login to Remove)

 


#2 takk

takk
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Olympia, WA
  • Local time:07:57 PM

Posted 21 July 2008 - 06:31 PM

Oh, I guess I forgot my extra DSS log.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2800+
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 1023.48 MiB / 710.58 MiB
Pagefile Memory (total/avail): 2464.8 MiB / 2236.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.09 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 64.78 GiB total, 14.91 GiB free.
D: is Fixed (NTFS) - 9.77 GiB total, 0.76 GiB free.
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is CDROM (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP0802N - 74.56 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 64.78 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 9.77 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"="C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\xchat\\xchat.exe"="C:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\WINDOWS\\System32\\wbem\\scricon.exe"="C:\\WINDOWS\\system32\\wbem\\scricon.exe:*:Enabled:Auto File System Conversion Utility"
"C:\\WINDOWS\\System32\\Com\\vptray.exe"="C:\\WINDOWS\\System32\\Com\\vptray.exe:*:Enabled:vptray analyzing"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Steam\\steamapps\\youreuglydamn\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\youreuglydamn\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"="C:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe:*:Enabled:MediaManager9 Module"
"C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"="C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Steam\\steamapps\\youreuglydamn\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\youreuglydamn\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Morgan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TRIAL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Morgan
LOGONSERVER=\\TRIAL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Morgan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Morgan\LOCALS~1\Temp
USERDOMAIN=TRIAL
USERNAME=Morgan
USERPROFILE=C:\Documents and Settings\Morgan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Morgan (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\FriendBot\FriendBot Friend Accepter\uninstall.exe
--> MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
--> MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
--> MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
--> MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
--> MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
--> MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator 9.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Illustrator 9.0\Uninst.isu" -c"C:\Program Files\Adobe\Illustrator 9.0\Uninst.dll"
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033
Alcohol 120% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{C178B38F-613A-4EFE-B718-A675BD27A1E1}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{C178B38F-613A-4EFE-B718-A675BD27A1E1}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Condition Zero --> "C:\Program Files\Steam\steam.exe" steam://uninstall/80
Continuum 0.40 --> "C:\Program Files\Continuum\unins000.exe"
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
DC++ 0.695 --> "C:\Program Files\DC++\uninstall.exe"
DeadAIM --> MsiExec.exe /I{0F8F3415-CB0A-49A6-A23A-D8390444B127}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Eyeball Chat 2.2 --> C:\PROGRA~1\Eyeball\EYEBAL~1\UNWISE.EXE C:\PROGRA~1\Eyeball\EYEBAL~1\INSTALL.LOG
File Writer output plugin for WinAMP 2 v1.17© (remove only) --> "C:\Program Files\Winamp\Plugins\uninstfilewrite.exe"
foobar2000 v0.9.4.4 --> "C:\Program Files\foobar2000\uninstall.exe"
HijackThis 1.99.1 --> C:\Hijackthis\HijackThis.exe /uninstall
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Last.fm 1.5.1.29527 --> "C:\Program Files\Last.fm\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MusicBrainz Tagger 0.10.5 --> C:\PROGRA~1\MUSICB~1\UNWISE.EXE C:\PROGRA~1\MUSICB~1\INSTALL.LOG
NVDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}\Setup.exe" -uninstall
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PowerStrip 3 (remove only) --> C:\Program Files\PowerStrip\uninstal.exe
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> Alcrmv.exe -r -m
Roxio Media Manager --> MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StuffIt Standard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}
Tweak UI --> C:\WINDOWS\rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 4 C:\WINDOWS\Inf\Tweakui.Inf
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XiRCON 1.0B4 --> C:\PROGRA~1\XiRCON\UNWISE.EXE C:\PROGRA~1\XiRCON\INSTALL.LOG
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type1365 / Success
Event Submitted/Written: 07/08/2008 07:29:34 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11097 / Error
Event Submitted/Written: 07/21/2008 03:35:16 PM / 07/21/2008 03:35:46 PM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.

Event Record #/Type11096 / Error
Event Submitted/Written: 07/21/2008 03:35:16 PM / 07/21/2008 03:35:46 PM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.

Event Record #/Type11095 / Error
Event Submitted/Written: 07/21/2008 03:35:16 PM / 07/21/2008 03:35:46 PM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.

Event Record #/Type11094 / Error
Event Submitted/Written: 07/21/2008 03:35:16 PM / 07/21/2008 03:35:46 PM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.

Event Record #/Type11093 / Error
Event Submitted/Written: 07/21/2008 03:35:16 PM / 07/21/2008 03:35:46 PM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.



-- End of Deckard's System Scanner: finished at 2008-07-21 15:59:29 ------------

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:57 AM

Posted 23 July 2008 - 04:38 AM

Hello Takk and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Restart your computer.

4. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users