Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By Malware (vapsup? Smitfraud-c.gp?)


  • This topic is locked This topic is locked
6 replies to this topic

#1 aghnar

aghnar

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 01 September 2008 - 04:10 PM

Hello!

As the object of the email will have already made you guess it, I have been infected by particularly aggressive malwares (at first I had thought that it was a Trojan called “Trojan.win32.vapsup.eie” but now that I have run all the free anti-malware you proposed, I realized it is probably more tha that...). My antivirus Avast was literally swept by the malware which seriously took control of the PC. With the help of the other programs, I managed to recover most of it but there are still some problems:

-the first one is that I cannot access partition C:\ and D:\ of one of my hard disks from the windows explorator (as usual C:\ is for XP and the programs and I suppose the reason why D:\ was touched is that the initial program that triggered every thig was first download into that partition..).
-also I have lost the "run" command and the configuration panel inside the "start" menu.
-my desktop also is alterated (it appears as some kind of blank html page called C_WINDOWS_privacy_dangerindex[1]. the malware that was working before seems to have been partially removed by Spybot)
-I have a "VIRUS ALERT!" written in my clock in the toolbar.
- and finally it seems that I have some serious trouble when my computer wants to re-boot. I need to stop it completelly before booting or it get stucked oat the "welcome" screen at the starting of widows.

As requested here is the log file of HiJackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05: VIRUS ALERT!, on 02/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sygate.com/swat/support/spf50_reg.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: qalkfxor - {5371FF76-9602-4029-9626-BE8CD757EB36} - C:\WINDOWS\qalkfxor.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: rqbmvpso - {A8829688-27F9-4018-B8B7-37C436B2C75A} - C:\WINDOWS\rqbmvpso.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7388 bytes

Thank you for your time!

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:41 PM

Posted 18 September 2008 - 09:24 PM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When following the instructions please install the Windows XP Recovery Console if you are using XP.

After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.

#3 aghnar

aghnar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 19 September 2008 - 05:40 AM

Thank you for your answer. Some part of the problem is still there (like the disparition of the access icons of C:\ and D:\ and the warning of the presence of SmitFraud and the clock name) but the re-booting problem and the "desktop beeing replaced by a blank html window" seemed to be solved by the different antivirus you recommended.
For the time beeing (and until the 1st October), I'm in vacation and I cannot perform the operation you asked since I'm not on my infected computer...
Please do not close the topic, I'll update it as soon as I come back...

Thank you again!

Alexandre

#4 aghnar

aghnar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 01 October 2008 - 01:24 PM

I ran ComboFix and HijackThis and here are the log files :

For ComboFix :

ComboFix 08-09-30.03 - Alexandre 2008-10-02 20:10:00.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1610 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Alexandre\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Alexandre\Bureau\Privacy Protector.url
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\tmp52.tmp

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
.

2008-09-16 21:25 . 2008-09-16 21:38 <REP> d-------- C:\Program Files\BSPlayer
2008-09-09 19:23 . 2008-09-09 19:23 2,616 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-09 19:22 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-09 19:22 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-09 19:22 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-09 19:22 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-09 19:22 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-09 19:22 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-09 19:22 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-09 19:22 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-09 19:22 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-09 19:22 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-08 15:51 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-09-08 15:50 . 2008-09-08 15:50 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-08 15:50 . 2008-09-08 15:50 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-08 15:50 . 2008-09-08 15:50 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-08 15:50 . 2008-09-08 15:50 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-09-08 15:50 . 2008-09-08 15:50 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-08 15:50 . 2008-09-08 15:50 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-08 15:45 . 2006-11-27 20:14 782,336 -ra------ C:\WINDOWS\system32\tmpBA.tmp
2008-09-07 18:13 . 2008-09-07 18:13 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-09-07 15:17 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-07 14:14 . 2008-09-07 14:14 0 --a------ C:\WINDOWS\ViewNX.INI
2008-09-07 14:06 . 2008-09-07 14:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Organic
2008-09-07 14:06 . 2008-09-13 21:20 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
2008-09-07 12:16 . 2008-09-07 12:16 <REP> d-------- C:\Program Files\Fichiers communs\muvee Technologies
2008-09-07 12:16 . 2008-09-07 14:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-09-07 12:16 . 2008-09-07 12:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nikon
2008-09-07 12:16 . 2008-09-07 12:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MIDI Drivers
2008-09-07 12:16 . 2008-09-07 14:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
2008-09-07 12:16 . 2008-09-07 12:17 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-09-07 11:49 . 2008-09-07 14:07 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Nikon
2008-09-07 11:47 . 2008-09-07 14:07 <REP> d-------- C:\Program Files\Nikon
2008-09-07 11:46 . 2008-09-08 15:22 <REP> d-------- C:\Program Files\Fichiers communs\Nikon
2008-09-07 11:46 . 2008-09-07 11:46 <REP> d-------- C:\Program Files\ArcSoft
2008-09-07 11:46 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-09-07 11:46 . 2001-12-05 18:59 21 --a------ C:\WINDOWS\PMK_setup.ini
2008-09-07 11:44 . 2008-09-07 11:44 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-09-07 11:44 . 2008-09-07 11:44 <REP> d-------- C:\WINDOWS\Profiles
2008-09-07 11:44 . 2008-09-07 11:44 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\InterTrust
2008-09-07 11:43 . 1998-11-13 11:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-09-06 18:43 . 2008-09-06 18:43 <REP> d-------- C:\temp
2008-09-06 18:36 . 2008-09-06 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Media Center Programs
2008-09-06 18:20 . 2008-09-06 18:20 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\InstallShield
2008-09-02 22:38 . 2008-09-02 22:38 <REP> d-------- C:\Program Files\Trend Micro
2008-09-02 22:36 . 2008-09-02 22:37 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-09-02 22:34 . 2008-09-02 22:34 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-09-02 22:28 . 2008-09-02 22:28 <REP> d-------- C:\Program Files\Sygate
2008-09-02 22:28 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-09-02 22:28 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-09-02 22:28 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-09-02 22:28 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-09-02 22:28 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-09-02 22:28 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-09-02 22:28 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-09-02 20:40 . 2008-09-02 20:40 <REP> d-------- C:\WINDOWS\Sun
2008-09-02 20:40 . 2008-09-02 22:45 <REP> d-------- C:\Documents and Settings\Alexandre\.housecall6.6
2008-09-02 20:39 . 2008-09-02 20:39 <REP> d-------- C:\Program Files\Sun
2008-09-02 20:39 . 2008-09-02 20:39 <REP> d-------- C:\Program Files\Java
2008-09-02 20:39 . 2008-09-02 20:39 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-09-02 20:39 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-02 19:20 . 2008-09-02 20:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-02 18:28 . 2008-09-02 18:28 <REP> d-------- C:\Program Files\Lavasoft
2008-09-02 18:27 . 2008-09-02 18:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-02 18:24 . 2008-09-02 18:24 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-02 18:19 . 2008-08-10 03:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-02 18:19 . 2008-08-10 03:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-02 18:19 . 2008-08-10 19:25 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-02 18:19 . 2008-08-10 03:30 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-02 18:19 . 2008-08-10 03:30 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-02 18:19 . 2008-09-02 18:22 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-02 18:19 . 2008-09-09 19:22 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-02 18:19 . 2008-09-02 18:19 <REP> d-------- C:\Documents and Settings\Administrateur

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 19:48 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Winamp
2008-09-08 13:45 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-09-08 13:45 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-09-07 10:16 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL
2008-09-07 09:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 09:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-01 10:42 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-08-30 21:20 --------- d-----w C:\Program Files\Stardock
2008-08-30 21:20 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2008-08-30 18:17 53,248 ----a-w C:\WINDOWS\ipuninst.exe
2008-08-29 20:52 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Command & Conquer 3 Les guerres du Tiberium
2008-08-22 17:15 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Creative
2008-08-22 17:12 --------- d-----w C:\Program Files\Audible
2008-08-22 17:11 --------- d-----w C:\Program Files\Creative
2008-08-20 23:15 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-19 20:34 --------- d-----w C:\Program Files\Free Easy Burner
2008-08-19 20:29 --------- d-----w C:\Program Files\UxTheme Multipatcher Fr
2008-08-19 20:19 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-19 20:16 --------- d--h--r C:\Documents and Settings\Alexandre\Application Data\SecuROM
2008-08-19 20:01 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\My Games
2008-08-19 19:31 --------- d-----w C:\Program Files\Shareaza
2008-08-19 19:31 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Shareaza
2008-08-18 20:21 --------- d-----w C:\Program Files\7-Zip
2008-08-18 20:17 --------- d-----w C:\Program Files\D-Tools
2008-08-17 17:17 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Media Player Classic
2008-08-16 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-08-16 19:50 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\ATI
2008-08-16 19:48 --------- d-----w C:\Program Files\ASUS
2008-08-16 19:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-08-16 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
2008-08-16 18:46 --------- d-----w C:\Program Files\Simpli Software
2008-08-10 18:38 --------- d-----w C:\Program Files\Monkey's Audio
2008-08-10 18:36 --------- d-----w C:\Program Files\Winamp
2008-08-10 18:36 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-10 18:35 --------- d-----w C:\Program Files\Alwil Software
2008-08-10 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-08-10 17:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-10 17:55 --------- d-----w C:\Program Files\ATI Technologies
2008-08-10 17:53 --------- d-----w C:\Program Files\Marvell
2008-08-10 17:51 --------- d-----w C:\Program Files\Intel
2008-08-10 17:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-10 17:27 --------- d-----w C:\Program Files\Services en ligne
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-07-03 19:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"CTAPR2"="C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-02-15 57344]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-09 3165696]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2002-12-28 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SPIRun"="SPIRun.dll" [2006-11-29 C:\WINDOWS\system32\SPIRun.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

C:\Documents and Settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-08-30 1976056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Jeux\\Civilization 4\\Civilization4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Jeux\\Supcom\\Supreme Commander\\bin\\SupremeCommander.exe"=
"C:\\Jeux\\Supcom\\GPGNet\\GPG.Multiplayer.Client.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 st3bus28;st3bus28;C:\WINDOWS\system32\DRIVERS\st3bus28.sys [2002-12-28 8416]
R3 st3mp28;st3mp28;C:\WINDOWS\system32\DRIVERS\st3mp28.sys [2002-12-28 95328]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\WINDOWS\system32\drivers\t3.sys [2007-03-29 733184]
R3 t3filt;t3filt;C:\WINDOWS\system32\drivers\t3filt.sys [2007-02-20 1656576]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
.
- - - - ORPHELINS SUPPRIMES - - - -

SSODL-rqbmvpso-{A8829688-27F9-4018-B8B7-37C436B2C75A} - C:\WINDOWS\rqbmvpso.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\civmbchr.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 20:12:20
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-10-02 20:13:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-02 18:13:27

Avant-CF: 105ÿ573ÿ609ÿ472 octets libres
Après-CF: 105,602,068,480 octets libres

248 --- E O F --- 2008-09-03 21:36:38


And the HijackThis log :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19, on 02/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sygate.com/swat/support/spf50_reg.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6578 bytes


The comboFix seems to have managed to remove the infections I was seeing on the clock or on the windows explorer.

Again, thank you!

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:41 PM

Posted 02 October 2008 - 08:21 PM

Yup, looks good. If your computer is back to normal, let me know and I will provide the all clean speech :thumbsup:

#6 aghnar

aghnar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 03 October 2008 - 09:11 AM

I haven't seen any trouble since I ran ComboFix and the computer seems to be running faster than just a week before (I don't really remember how fast it was before I got infected...).
Thank you for all your help and your time!

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:41 PM

Posted 03 October 2008 - 09:33 AM

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here for your particular Windows Version:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

or

Windows Vista System Restore Guide


Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


I am closing this topic. Please message a moderator if you need it reopened.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users