Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mom's Computer infected


  • This topic is locked This topic is locked
11 replies to this topic

#1 tink2725

tink2725

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:26 AM

Posted 03 February 2009 - 01:38 AM

I'm trying to help my mom with her computer. It's having issues and I was hoping someone here could help me look over hijack this log and any other logs to make sure it's clean.
Hi Jack this, DDS and mbam log are attached.
Thanks so much!


Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.126.12 [GMT -5:00]
Dell Dimension 2350

Attached Files



BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 09 February 2009 - 05:05 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Download and Run DDS
If you already have a copy of DDS, there is no need to download a new one.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please tell me what changes have been made to the computer since your topic was started. Also give me an update on any symptoms.

With Regards,
The Panda

#3 tink2725

tink2725
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:26 AM

Posted 09 February 2009 - 09:38 PM

Here is the F secure scan..
Scanning Report
Monday, February 09, 2009 20:23:39 - 21:36:17
Computer name: D9BWC821
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 20 malware found
AdWare.Win32.BetterInternet (spyware)
System
P2P-Worm.Win32.Bacteraloh.bb (virus)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE (Renamed & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\SETUP.EXE (Renamed & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE (Renamed & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{7F142D56-3326-11D5-B229-002078017FBF}\SETUP.EXE (Renamed & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{471B83B9-29D8-41EC-9974-56BB8A457A8B}\SETUP.EXE (Renamed & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE (Renamed & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE (Renamed & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\SETUP.EXE (Renamed & Submitted)
C:\PROGRAM FILES\CLASSIC PHONETOOLS\INSTALL\SETUP.EXE (Renamed & Submitted)
C:\DRIVERS\MODEM\SETUP.EXE (Renamed & Submitted)
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Adbrite (spyware)
System
TrackingCookie.Adrevolver (spyware)
System
TrackingCookie.Advertising (spyware)
System
TrackingCookie.Atwola (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
TrackingCookie.Revsci (spyware)
System
TrackingCookie.Webtrends (spyware)
System
TrackingCookie.Yieldmanager (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 28581
System: 3043
Not scanned: 6
Actions:
Disinfected: 0
Renamed: 10
Deleted: 0
None: 10
Submitted: 10
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 3.0.0
F-Secure Hydra: 3.6.8511, 2009-02-09
F-Secure AVP: 7.0.171, 2009-02-09
F-Secure Pegasus: 1.20.0, 1969-11-31
F-Secure Blacklight: 0.0.0
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

#4 tink2725

tink2725
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:26 AM

Posted 09 February 2009 - 09:40 PM

DDS report, Thanks for helping me.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Thelma at 21:38:30.50 on Mon 02/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.502 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Thelma\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm869OUUS&fl=0&ptb=G83dY8hAD6aQ9oCjywzP8Q&ind=2008062711&url=http://www.ask.com/web&q={searchTerms}&l=zc&o=sb
uStart Page = hxxp://www.pogo.com/home/home.do
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = ;127.0.0.1;www.lvarmls.com;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: EWPP - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol91t~1.lnk - c:\program files\america online 7.0\aoltray.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Blackjack Carnival by pogo - hxxp://game1.pogo.com/applet-6.7.3.30/vbjack2/vbjack2-en_US.cab
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Stellar Sweeper by pogo - hxxp://game1.pogo.com/applet-6.7.2.33/sweeper/sweeper-en_US.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216132565109
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thelma\applic~1\mozilla\firefox\profiles\oudmmvh7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pogo.com/home/home.do?pageSection=cp_header_home

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-5 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-15 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-15 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-15 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-15 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-15 298264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-7-15 26488]

=============== Created Last 30 ================

2009-02-09 20:21 <DIR> --d----- C:\fsaua.data
2009-02-07 15:51 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-07 15:50 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-07 15:50 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-07 15:50 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-07 15:50 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-07 15:50 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-07 15:50 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-07 15:50 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-07 15:50 <DIR> --d----- C:\3f055dd15a7122226a82b9da15f2c2e2
2009-02-06 13:27 <DIR> --d----- c:\documents and settings\thelma\.housecall6.6
2009-02-05 19:37 <DIR> --d----- c:\program files\CCleaner
2009-02-05 18:02 120 a------- c:\windows\wininit.ini
2009-02-05 16:38 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-05 16:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-05 15:26 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-05 14:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-05 14:29 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-04 20:42 389,120 a------- c:\windows\system32\cmd.execf
2009-02-02 23:42 <DIR> --d----- c:\docume~1\thelma\applic~1\Malwarebytes
2009-02-02 23:42 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-02 23:42 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 23:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-02 23:42 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 23:39 <DIR> --d----- c:\program files\Trend Micro
2009-01-15 17:08 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-15 16:52 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-15 16:52 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-15 16:52 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-15 16:52 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-15 16:52 <DIR> --d----- c:\docume~1\thelma\applic~1\AVGTOOLBAR
2009-01-15 16:51 <DIR> --d----- c:\program files\AVG
2009-01-15 16:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-12 17:29 2 a------- c:\windows\msoffice.ini
2009-01-12 11:33 <DIR> --d----- c:\program files\common files\Viewpoint
2009-01-12 10:41 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-02-02 18:46 45,056 a------- c:\windows\NCUNINST.EXE
2008-12-13 01:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-21 11:13 10,920 a------- C:\aolconnfix.exe
2006-08-10 13:25 3,845,912 a------- c:\documents and settings\thelma\slingo-setup.exe
2003-09-15 09:43 1,694,551 -------- c:\program files\aaw6181.exe
2003-05-11 13:26 512 a------- c:\program files\Shortcut to Yahoo.lnk
2003-05-11 13:09 2,780,336 a------- c:\program files\Yahoo.exe
2003-03-01 15:04 8,839,120 a------- c:\program files\AcroReader51_ENU.exe
2003-01-03 23:16 207,759 a------- c:\program files\INSTALL.LOG

============= FINISH: 21:39:06.09 ===============

#5 tink2725

tink2725
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:26 AM

Posted 09 February 2009 - 09:42 PM

Thanks Panda here is the last file Attach.

Since my last post I ran online scans from Trend micro, Ad-Aware, Spybot, and Malwarebytes. Not sure if anything else is there. AVG free addition is on my moms computer.

Attached Files


Edited by tink2725, 09 February 2009 - 09:44 PM.


#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 10 February 2009 - 08:29 AM

Hello.

Looks clean. However, there is a minor MyWebSearch hijack that we should take care of.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "SearchMigratedDefaultURL"=-
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\NoExplorer]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\EWPP]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{BA52B914-B692-46c4-B683-905236F6F655}"=-
    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"=-
    "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
    
    :commands
    [emptytemp]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Follow up with a new DDS.txt log.

Any symptoms of infection at the moment?

With Regards,
The Panda

#7 tink2725

tink2725
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:26 AM

Posted 10 February 2009 - 10:49 AM

Here is the log you requested. I didn't mention one of the scans removed something called P2P worm.win32.bacteraloh.bb I did rerun scans and nothing found. I was only on pogo a bit with the computer to try it, my mom was having trouble with games. I will search around today with it and get updates if its clean. Thanks Panda!



========= REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\NoExplorer\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\EWPP\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02102009_104045

Files moved on Reboot...
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT not found!

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 10 February 2009 - 11:55 AM

Hello.

I was only on pogo a bit with the computer to try it, my mom was having trouble with games.

That doesn't sound malware related.

You look clean.

Please take a new DDS log. Just DDS.txt is fine.

With Regards,
The Panda

#9 tink2725

tink2725
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:26 AM

Posted 10 February 2009 - 01:00 PM

The games on pogo were becuase my sister changed the way I had it set up for her. However there were many other issues that caused her computer to slow down a great deal. Thanks for helping me get everything cleaned up. :thumbup2: Here is the log..

DDS (Ver_09-02-01.01) - NTFSx86
Run by Thelma at 12:56:53.89 on Tue 02/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.677 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Thelma\My Documents\tamsitems\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uStart Page = hxxp://www.pogo.com/home/home.do
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = ;127.0.0.1;www.lvarmls.com;<local>
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: EWPP - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol91t~1.lnk - c:\program files\america online 7.0\aoltray.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Blackjack Carnival by pogo - hxxp://game1.pogo.com/applet-6.7.3.30/vbjack2/vbjack2-en_US.cab
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: First Class Solitaire by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/firstclass2/firstclass2-en_US.cab
DPF: Hog Heaven Slots by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/fancy/fancy-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/gin2/gin2-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Showbiz Slots by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/slots/showbiz-en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game1.pogo.com/applet-6.7.2.33/sweeper/sweeper-en_US.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216132565109
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thelma\applic~1\mozilla\firefox\profiles\oudmmvh7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pogo.com/home/home.do?pageSection=cp_header_home

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-5 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-15 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-15 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-15 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-15 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-15 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-7-15 26488]

=============== Created Last 30 ================

2009-02-10 11:34 <DIR> --d----- c:\docume~1\thelma\applic~1\Windows Search
2009-02-10 11:33 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-02-10 11:33 <DIR> --d----- c:\program files\Windows Desktop Search
2009-02-10 11:32 192,000 -------- c:\windows\system32\dllcache\offfilt.dll
2009-02-10 11:32 98,304 -------- c:\windows\system32\dllcache\nlhtml.dll
2009-02-10 11:32 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll
2009-02-10 11:28 163,840 a------- c:\windows\system32\igfxres.dll
2009-02-10 11:25 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-02-10 11:23 <DIR> --d----- c:\windows\system32\LogFiles
2009-02-10 10:40 <DIR> --d----- C:\_OTMoveIt
2009-02-09 20:21 <DIR> --d----- C:\fsaua.data
2009-02-07 15:51 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-07 15:50 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-07 15:50 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-07 15:50 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-07 15:50 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-07 15:50 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-07 15:50 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-07 15:50 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-07 15:50 <DIR> --d----- C:\3f055dd15a7122226a82b9da15f2c2e2
2009-02-06 13:27 <DIR> --d----- c:\documents and settings\thelma\.housecall6.6
2009-02-05 19:37 <DIR> --d----- c:\program files\CCleaner
2009-02-05 18:02 120 a------- c:\windows\wininit.ini
2009-02-05 16:38 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-05 16:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-05 15:26 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-05 14:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-05 14:29 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-04 20:42 389,120 a------- c:\windows\system32\cmd.execf
2009-02-02 23:42 <DIR> --d----- c:\docume~1\thelma\applic~1\Malwarebytes
2009-02-02 23:42 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-02 23:42 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 23:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-02 23:42 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 23:39 <DIR> --d----- c:\program files\Trend Micro
2009-01-15 17:08 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-15 16:52 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-15 16:52 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-15 16:52 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-15 16:52 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-15 16:52 <DIR> --d----- c:\docume~1\thelma\applic~1\AVGTOOLBAR
2009-01-15 16:51 <DIR> --d----- c:\program files\AVG
2009-01-15 16:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-12 17:29 2 a------- c:\windows\msoffice.ini
2009-01-12 11:33 <DIR> --d----- c:\program files\common files\Viewpoint
2009-01-12 10:41 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-02-10 11:01 1,743,333 a------- c:\windows\java\packages\1ZFNLJFT.ZIP
2009-02-10 11:00 1,072,512 a------- c:\windows\java\packages\SXFL77R5.ZIP
2009-02-10 10:59 3,152,590 a------- c:\windows\java\packages\6TFBXVTR.ZIP
2009-02-10 10:55 2,978,745 a------- c:\windows\java\packages\SOUL7LRZ.ZIP
2009-02-02 18:46 45,056 a------- c:\windows\NCUNINST.EXE
2008-12-13 01:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-21 11:13 10,920 a------- C:\aolconnfix.exe
2006-08-10 13:25 3,845,912 a------- c:\documents and settings\thelma\slingo-setup.exe
2003-09-15 09:43 1,694,551 -------- c:\program files\aaw6181.exe
2003-05-11 13:26 512 a------- c:\program files\Shortcut to Yahoo.lnk
2003-05-11 13:09 2,780,336 a------- c:\program files\Yahoo.exe
2003-03-01 15:04 8,839,120 a------- c:\program files\AcroReader51_ENU.exe
2003-01-03 23:16 207,759 a------- c:\program files\INSTALL.LOG

============= FINISH: 12:57:32.09 ===============

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 10 February 2009 - 03:25 PM

Hello.

Looks good. Unless there are any issues at the moment, we can wrap up.

Run Cleanup! with OTMoveIt
Let's clear out the tools we've used.
  • Double click the OTMoveIt2.exe icon on your desktop to start the program.
  • Click Posted Image.
  • A pop-up box will appear asking "Begin Removal Process?". Click Yes.
  • Click Yes when asked to reboot.
Set New System Restore Point
Now you should set a Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, tools cannot access it to delete these bad files, which sometimes can reinfect your system. Setting a new restore point after cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restore.
  • Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name then click Create.
  • Then, click on Start > Run and type:
    cleanmgr
  • Click OK > More Options tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.
Preventing Malware Infection in the Future
Please take some time to look at the following links, giving some advice and suggestions for preventing future infections: For general slowness problems that you may have, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#11 tink2725

tink2725
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:26 AM

Posted 10 February 2009 - 04:40 PM

Thanks so much Panda, we can wrap this up. I have updated her computer and will do as you suggest. Thanks again for responding and looking things over. I feel better giving it back to her having someone here look things over. Thanks :thumbup2:

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 10 February 2009 - 05:07 PM

Glad I could help.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users