Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Log Plz. Check


  • This topic is locked This topic is locked
3 replies to this topic

#1 SWStrangla

SWStrangla

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 20 September 2008 - 07:04 AM

I ended up contracting a Trojan last night. It took over my admin and changed the clock to say VIRUS ALERT! after the clock time. I could also not access any files in the start menu. I found this site by googleing. Found a topic with a simular problem and so they were instructed to DL Combofix. So I did and now have a log that I need looked at plz. TY. Also after this is completed do I need to reformat the drive? TY for your help

SWStrangla

Woops forgot to post log LMAO

ComboFix 08-09-19.09 - Administrator 2008-09-20 6:38:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1453 [GMT -5:00]
Running from: C:Documents and SettingsAdministratorDesktopComboFix.exe
Command switches used :: C:Documents and SettingsAdministratorDesktopWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:Documents and SettingsAdministratorCookiesadministrator@ehg-dig.hitbox[2].txt
C:Documents and SettingsAdministratorDesktopError Cleaner.url
C:Documents and SettingsAdministratorDesktopPrivacy Protector.url
C:Documents and SettingsAdministratorDesktopSpyware&Malware Protection.url
C:Documents and SettingsAdministratorFavoritesError Cleaner.url
C:Documents and SettingsAdministratorFavoritesPrivacy Protector.url
C:Documents and SettingsAdministratorFavoritesSpyware&Malware Protection.url
C:WINDOWSeflx.exe
C:WINDOWSfqbewlna.dll
C:WINDOWSmqgldfvo.exe
C:WINDOWSprivacy_danger
C:WINDOWSprivacy_dangerimagescapt.gif
C:WINDOWSprivacy_dangerimagesdanger.jpg
C:WINDOWSprivacy_dangerimagesdown.gif
C:WINDOWSprivacy_dangerimagesspacer.gif
C:WINDOWSprivacy_dangerindex.htm

.
((((((((((((((((((((((((( Files Created from 2008-08-20 to 2008-09-20 )))))))))))))))))))))))))))))))
.

2008-09-20 06:21 . 2008-09-20 06:21 0 --a------ C:WINDOWSLCDMedia.INI
2008-09-20 03:11 . 2008-09-20 03:11 <DIR> d-------- C:WINDOWSLastGood
2008-09-20 01:58 . 2008-09-20 04:11 2,840 --a------ C:rollback.ini
2008-09-20 01:16 . 2008-09-20 01:17 <DIR> d-------- C:Documents and SettingsAdministratorApplication DataMailFrontier
2008-09-20 01:08 . 2008-09-20 06:39 6,496,032 --ahs---- C:WINDOWSsystem32driversfidbox.dat
2008-09-20 01:08 . 2008-09-20 02:46 37,256 --ahs---- C:WINDOWSsystem32driversfidbox.idx
2008-09-20 01:00 . 2008-09-20 02:25 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataMailFrontier
2008-09-20 00:58 . 2008-09-20 06:36 <DIR> d-------- C:WINDOWSInternet Logs
2008-09-20 00:36 . 2008-09-20 00:36 74 --a------ C:WINDOWSst_affiliate.ini
2008-09-20 00:15 . 2008-09-20 00:25 <DIR> d-------- C:Program FilesNortonInstaller
2008-09-20 00:15 . 2008-09-20 00:15 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataNortonInstaller
2008-09-19 21:18 . 2008-09-19 21:18 32 --a------ C:WINDOWSsystem32q5dlbGk.rma
2008-08-27 16:03 . 2008-08-27 16:03 42,320 --a------ C:WINDOWSsystem32xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 11:37 --------- d-----w C:Documents and SettingsAdministratorApplication DataXfire
2008-09-20 07:43 --------- d-----w C:Documents and SettingsAll UsersApplication DataTrend Micro
2008-09-20 07:36 --------- d-----w C:Program FilesCommon FilesWise Installation Wizard
2008-09-20 07:36 --------- d-----w C:Documents and SettingsAll UsersApplication DataLavasoft
2008-09-20 05:19 --------- d--h--w C:Program FilesInstallShield Installation Information
2008-09-20 04:52 --------- d-----w C:Documents and SettingsAdministratorApplication DatauTorrent
2008-09-06 00:54 --------- d-----w C:Program FilesMicrosoft Silverlight
2008-09-01 03:08 22,328 ----a-w C:WINDOWSsystem32driversPnkBstrK.sys
2008-09-01 03:08 107,832 ----a-w C:WINDOWSsystem32PnkBstrB.exe
2008-08-22 01:41 72,592 ----a-w C:WINDOWSzllsputility.exe
2008-08-22 01:41 1,221,008 ----a-w C:WINDOWSsystem32zpeng25.dll
2008-07-27 02:54 2,829 ----a-w C:WINDOWSWar3Unin.pif
2008-07-27 02:54 139,264 ----a-w C:WINDOWSWar3Unin.exe
2008-07-19 03:10 94,920 ----a-w C:WINDOWSsystem32cdm.dll
2008-07-19 03:10 53,448 ----a-w C:WINDOWSsystem32wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:WINDOWSsystem32wups2.dll
2008-07-19 03:10 36,552 ----a-w C:WINDOWSsystem32wups.dll
2008-07-19 03:09 563,912 ----a-w C:WINDOWSsystem32wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:WINDOWSsystem32wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:WINDOWSsystem32wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:WINDOWSsystem32wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:WINDOWSsystem32es.dll
2008-06-24 23:12 295,936 ------w C:WINDOWSsystem32wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w C:WINDOWSsystem32mscms.dll
2008-06-23 15:09 666,112 ----a-w C:WINDOWSsystem32wininet.dll
2008-06-20 17:46 245,248 ----a-w C:WINDOWSsystem32mswsock.dll
2008-02-18 22:26 22,328 ----a-w C:Documents and SettingsAdministratorApplication DataPnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ASUS SmartDoctor"="C:Program FilesASUSSmartDoctorSmartDoctor.exe" [2006-10-20 1093632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Logitech Hardware Abstraction Layer"="C:Program FilesCommon FilesLogitechkhalsharedKHALMNPR.EXE" [2006-07-19 94208]
"Launch LGDCore"="D:Program FilesLogitechG-series SoftwareLGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="D:Program FilesLogitechG-series SoftwareLCDMon.exe" [2006-03-06 497152]
"ehTray"="C:WINDOWSehomeehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:WINDOWSsystem32NvMcTray.dll" [2008-05-16 86016]
"ZoneAlarm Client"="D:Program FilesZone LabsZoneAlarmzlclient.exe" [2008-08-21 981904]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 C:WINDOWSKHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:WINDOWSsoundman.exe]
"nwiz"="nwiz.exe" [2008-05-16 C:WINDOWSsystem32nwiz.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"MySpaceIM"="C:Program FilesMySpaceIMMySpaceIM.exe" [2007-08-13 5562368]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 C:WINDOWSsystem32narrator.exe]

C:Documents and SettingsAdministratorStart MenuProgramsStartup
Xfire.lnk - E:Xfirexfire.exe [2008-08-27 3068752]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Logitech SetPoint.lnk - D:Program FilesLogitechSetPointSetPoint.exe [2006-12-01 671744]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"InstallVisualStyle"= C:WINDOWSResourcesThemesRoyaleRoyale.msstyles
"InstallTheme"= C:WINDOWSResourcesThemesRoyale.theme

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.asv2"= asusasv2.dll

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"
"Steam"="E:SteamSteam.exe" -silent
"Yahoo! Pager"="D:PROGRA~1Yahoo!MESSEN~1YAHOOM~1.EXE" -quiet
"EA Core"="C:Program FilesElectronic ArtsEA LinkCore.exe" -silent
"Skype"="C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
"OE"="D:Program FilesTrend MicroInternet Security 2007TMAS_OETMAS_OEMon.exe"
"MySpaceIM"=C:Program FilesMySpaceIMMySpaceIM.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"NeroFilterCheck"=C:WINDOWSsystem32NeroCheck.exe
"QuickTime Task"="D:Program FilesQuickTimeqttask.exe" -atboottime
"DAEMON Tools"="D:Program FilesDAEMON Toolsdaemon.exe" -lang 1033 -noicon
"SunJavaUpdateSched"="D:Program FilesJavajre1.5.0_09binjusched.exe"
"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"KernelFaultCheck"=%systemroot%system32dumprep 0 -k
"pccguide.exe"="D:Program FilesTrend MicroInternet Security 2007pccguide.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"E:World of WarcraftWoW-1.12.0-enUS-downloader.exe"=
"E:World of WarcraftWoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"E:World of WarcraftBackgroundDownloader.exe"=
"E:Xfirexfire.exe"=
"E:Electronic ArtsBattlefield 2142BF2142.exe"=
"E:EA GAMESBattlefield 2BF2.exe"=
"E:SteamSteamAppssouthweststrangulacounter-strike sourcehl2.exe"=
"E:World of WarcraftWoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"E:Program FilesUbisoftGhost Recon Advanced WarfighterGRAW.exe"=
"D:Program FilesYahoo!Yahoo! Music JukeboxYahooMusicEngine.exe"=
"D:Program FilesYahoo!MessengerYahooMessenger.exe"=
"D:Program FilesYahoo!MessengerYServer.exe"=
"E:SteamSteamAppssouthweststrangulasource sdk basehl2.exe"=
"E:World of WarcraftWoW-2.0.3-enUS-downloader.exe"=
"E:World of WarcraftWoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"E:SteamSteamAppssouthweststrangularaceRace_Steam.exe"=
"E:Call of DutyCoDUOMP.exe"=
"E:World of WarcraftWoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"E:Call of DutyCoDMP.exe"=
"E:World of WarcraftWoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"C:WINDOWSsystem32dpvsetup.exe"=
"E:EA GAMESNeed for Speed Most Wantedspeed.exe"=
"E:World of WarcraftWoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"E:Teamspeak2_RC2TeamSpeak.exe"=
"E:Teamspeak2_RC22server_windows.exe"=
"E:SteamSteamAppssouthweststranguladay of defeat sourcehl2.exe"=
"E:UbisoftTom Clancy's Rainbow Six VegasBinariesR6Vegas_Game.exe"=
"E:UbisoftTom Clancy's Rainbow Six VegasBinariesR6Vegas_Launcher.exe"=
"C:WINDOWSsystem32PnkBstrA.exe"=
"C:WINDOWSsystem32PnkBstrB.exe"=
"E:SteamSteamAppscommonenemy territory quake wars demoetqw.exe"=
"E:World of WarcraftWoW-2.2.2.7318-to-2.2.3.7359-enUS-downloader.exe"=
"C:Program FilesSkypePhoneSkype.exe"=
"C:Program FilesSonyStationLaunchPadLaunchPad.exe"=
"E:World of WarcraftRepair.exe"=
"C:WINDOWSsystem32dplaysvr.exe"=
"D:Warcraft IIIWarcraft III.exe"=
"%windir%Network Diagnosticxpnetdiag.exe"=
"D:DownloadsWotLK_Intro_EN.avi-downloader.exe"=
"E:SteamSteamAppssouthweststrangulateam fortress 2hl2.exe"=
"D:Program FilesTeamspeak2_RC2server_windows.exe"=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
"56573:TCP"= 56573:TCP:utorrent
"56573:UDP"= 56573:UDP:utorrent
"6112:TCP"= 6112:TCP:Warcraft III
"6113:TCP"= 6113:TCP:Warcraft III
"6114:TCP"= 6114:TCP:Warcraft III
"6115:TCP"= 6115:TCP:Warcraft III
"6116:TCP"= 6116:TCP:Warcraft III
"6117:TCP"= 6117:TCP:Warcraft III
"6118:TCP"= 6118:TCP:Warcraft III
"6119:TCP"= 6119:TCP:Warcraft III
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:WINDOWSsystem32DRIVERSSi3132r5.sys [2005-05-26 181760]
R2 LBeepKE;LBeepKE;C:WINDOWSsystem32DriversLBeepKE.sys [2006-09-01 3712]
R2 UxTuneUp;TuneUp Design Expansion;C:WINDOWSSystem32svchost.exe [2008-04-13 14336]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:WINDOWSsystem32driversasusgsb32.sys [2005-10-20 12416]
S2 TeamSpeak;FireDaemon Service: TeamSpeak;E:FireDaemonFireDaemon.exe [ ]
S3 atidgllk;atidgllk;C:Program FilesASUSSmartDoctoratidgllk.sys [2005-10-20 5376]
S3 Video3D;ASUS Video3D Service;C:WINDOWSsystem32DriversVideo3D32.sys [ ]

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{df6bd074-cf4f-11db-8bcf-0017312ee93e}]
ShellAutoRuncommand - J:PortableAppsPortableAppsMenuPortableAppsMenu.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{32678B97-2C98-4D22-A8F6-55C35572E946} - C:WINDOWSfqbewlna.dll
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
HKLM-Run-Sccs - C:Documents and SettingsAdministratorsccs.exe
HKLM-Run-Css - C:Documents and SettingsAdministratorcss.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfiles94n273yx.default
FF -: plugin - C:Program FilesDivXDivX Content UploadernpUpload.dll
FF -: plugin - C:Program FilesRealRhapsodyPlayerEnginenprhapengine.dll
FF -: plugin - C:Program FilesYahoo!SharednpYState.dll
FF -: plugin - D:Program FilesJavajre1.5.0_09binNPJava11.dll
FF -: plugin - D:Program FilesJavajre1.5.0_09binNPJava12.dll
FF -: plugin - D:Program FilesJavajre1.5.0_09binNPJava13.dll
FF -: plugin - D:Program FilesJavajre1.5.0_09binNPJava14.dll
FF -: plugin - D:Program FilesJavajre1.5.0_09binNPJava32.dll
FF -: plugin - D:Program FilesJavajre1.5.0_09binNPJPI150_09.dll
FF -: plugin - D:Program FilesJavajre1.5.0_09binNPOJI610.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnp32dsw.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpagent.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpdivx32.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpdrmv2.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpdsplay.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpmozax.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpnul32.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnppdf32.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnppl3260.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpqtplugin.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpqtplugin2.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpqtplugin3.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpqtplugin4.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpqtplugin5.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpqtplugin6.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpqtplugin7.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnprjplug.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnprpjplug.dll
FF -: plugin - D:Program FilesMozilla Firefoxpluginsnpwmsdrm.dll
FF -: plugin - D:Program FilesQuickTimePluginsnpqtplugin.dll
FF -: plugin - D:Program FilesQuickTimePluginsnpqtplugin2.dll
FF -: plugin - D:Program FilesQuickTimePluginsnpqtplugin3.dll
FF -: plugin - D:Program FilesQuickTimePluginsnpqtplugin4.dll
FF -: plugin - D:Program FilesQuickTimePluginsnpqtplugin5.dll
FF -: plugin - D:Program FilesQuickTimePluginsnpqtplugin6.dll
FF -: plugin - D:Program FilesQuickTimePluginsnpqtplugin7.dll
FF -: plugin - D:Program FilesRealRealPlayerNetscape6nppl3260.dll
FF -: plugin - D:Program FilesRealRealPlayerNetscape6nprjplug.dll
FF -: plugin - D:Program FilesRealRealPlayerNetscape6nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 06:39:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-20 6:41:35
ComboFix-quarantined-files.txt 2008-09-20 11:40:46

Pre-Run: 7,058,423,808 bytes free
Post-Run: 8,095,752,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
C:CMDCONSBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

263 --- E O F --- 2008-09-20 09:16:11

Merged posts. ~ OB

Edited by Orange Blossom, 20 September 2008 - 12:56 PM.


BC AdBot (Login to Remove)

 


m

#2 SWStrangla

SWStrangla
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 25 September 2008 - 08:29 AM

Ok, I did read the rules about no bumps. But, I posted this almost a week ago and got no reply at all. Don't know if I slipped through the cracks or everything looks good or whatever. Just like a thought whether or not I fixed it? Should I reformat the drive after the infection. etc.

Thank you

SWStrangla

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:31 AM

Posted 02 October 2008 - 07:41 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:31 AM

Posted 04 October 2008 - 08:20 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users