Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran ComboFix and got this log... Help?


  • This topic is locked This topic is locked
1 reply to this topic

#1 DavidJMatthews

DavidJMatthews

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 12 May 2009 - 10:27 PM

This obviously gave me access to the internet but I still can't control my background so I believe it's partially still being hijacked. Help!

ComboFix 09-05-12.04 - Administrator 05/12/2009 22:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.656 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\ADMINI~1\LOCALS~1\Temp\ntdll64.dll
c:\documents and settings\user\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\ahtn.htm
c:\windows\system32\anujuhof.ini
c:\windows\system32\drivers\gxvxcwodxcnoejypafdnvnhtirxoyoyxjbjqw.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fohujuna.dll
c:\windows\system32\gxvxccecxlvbrdlxpecdrqpatdutjuvdorjbf.dll
c:\windows\system32\gxvxccounter
c:\windows\system32\horijavu.dll
c:\windows\system32\jigujiyo.dll
c:\windows\system32\jolemanu.dll
c:\windows\system32\kadoruze.dll.tmp
c:\windows\system32\ntdll64.exe
c:\windows\system32\nurofoyi.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\ukorogem.ini
c:\windows\system32\uniq.tll
c:\windows\system32\WanPacket.dll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\wpcap.dll
c:\windows\system32\yakesehi.dll.tmp
c:\windows\system32\yolefode.dll
c:\windows\TEMP\ntdll64.dll
D:\Autorun.inf

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-13 00:18 . 2009-05-13 00:18 -------- d-----w c:\documents and settings\Administrator\Application Data\IObit
2009-05-12 23:54 . 2009-05-12 23:54 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-12 23:52 . 2009-05-12 23:52 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2009-05-12 04:27 . 2009-03-24 20:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-12 04:27 . 2009-05-12 10:58 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-12 04:09 . 2009-05-12 05:14 -------- d-----w c:\documents and settings\user\Application Data\ptidle
2009-05-10 15:18 . 2009-05-10 15:18 -------- d-----w c:\program files\NCH Swift Sound
2009-05-10 15:14 . 2009-05-10 15:14 -------- d-----w c:\documents and settings\All Users\Application Data\Torrent2Exe
2009-05-10 14:57 . 2009-05-10 14:57 -------- d-----w c:\documents and settings\user\Application Data\IObit
2009-05-10 14:57 . 2009-05-10 14:57 -------- d-----w c:\program files\IObit
2009-05-10 01:59 . 2009-05-10 01:59 -------- d-----w c:\program files\Torrent2Exe
2009-05-10 01:57 . 2009-05-10 01:57 -------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-05-10 01:44 . 2009-05-10 01:45 -------- d-----w c:\program files\NCH Software
2009-05-10 01:44 . 2009-05-10 01:45 -------- d-----w c:\documents and settings\user\Application Data\NCH Swift Sound
2009-05-09 20:33 . 2009-05-09 20:33 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Easy CD-DA Extractor
2009-05-09 20:33 . 2009-05-10 00:15 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-09 20:32 . 2009-05-09 20:32 -------- d-----w c:\windows\Easy CD-DA Extractor 12.0
2009-05-09 20:11 . 2009-05-09 20:11 -------- d-----w C:\My Music
2009-05-03 18:14 . 2009-05-03 18:14 -------- d-----w c:\documents and settings\user\Application Data\Leadertech
2009-05-03 18:14 . 2009-05-03 18:14 -------- d-----w C:\EPSONREG
2009-05-03 18:01 . 2009-05-05 00:17 -------- d-----w c:\documents and settings\user\Application Data\ArcSoft
2009-05-03 18:01 . 2005-02-23 18:58 11776 ----a-w c:\windows\system32\drivers\afc.sys
2009-05-03 18:01 . 2009-05-03 18:01 -------- d-----w c:\program files\Common Files\ArcSoft
2009-05-03 18:01 . 1995-08-01 08:44 212480 ----a-w c:\windows\PCDLIB32.DLL
2009-05-03 18:01 . 2006-10-20 20:11 126976 ----a-w c:\windows\system32\PhotoImpression Slideshow.scr
2009-05-03 18:01 . 2009-05-03 18:01 -------- d-----w c:\windows\system32\PhotoImpression Slideshow
2009-05-03 18:01 . 2009-05-03 18:02 -------- d-----w c:\program files\ArcSoft
2009-05-03 17:39 . 2009-05-03 17:39 -------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2009-05-02 19:10 . 2009-05-10 15:16 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-01 00:30 . 2009-05-01 00:30 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Help
2009-04-30 01:53 . 2009-04-30 01:53 -------- d-----w c:\program files\iPod
2009-04-30 01:53 . 2009-04-30 01:53 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-30 01:53 . 2009-04-30 01:53 -------- d-----w c:\program files\iTunes
2009-04-30 01:38 . 2009-04-30 01:38 -------- d-----w c:\program files\Bonjour
2009-04-28 00:56 . 2009-04-28 00:56 -------- d-----w c:\windows\Sun
2009-04-28 00:47 . 2001-08-18 02:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-04-28 00:47 . 2008-04-13 23:12 159232 ----a-w c:\windows\system32\ptpusd.dll
2009-04-26 07:02 . 2009-04-26 07:01 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-26 07:01 . 2009-04-26 07:01 -------- d-----w c:\program files\Java
2009-04-20 18:13 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-20 18:13 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-20 18:13 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-20 18:13 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-20 18:13 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-20 18:13 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-20 18:13 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-20 18:13 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-20 18:13 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-20 18:09 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-20 18:09 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 01:51 . 2009-02-22 19:59 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-12 23:51 . 2007-02-20 20:18 64456 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 18:02 . 2009-04-01 00:25 -------- d-----w c:\program files\epson
2009-05-03 18:02 . 2006-08-22 10:06 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-30 01:53 . 2009-02-22 20:40 -------- d-----w c:\program files\Common Files\Apple
2009-04-22 01:29 . 2009-04-22 01:29 0 ----a-w c:\documents and settings\All Users\Application Data\ISx82.tmp
2009-04-22 01:20 . 2009-04-22 01:20 0 ----a-w c:\documents and settings\All Users\Application Data\ISx81.tmp
2009-04-22 01:15 . 2009-04-22 01:15 0 ----a-w c:\documents and settings\All Users\Application Data\ISx80.tmp
2009-03-23 22:48 . 2007-01-16 14:31 64456 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-21 15:07 . 2009-03-21 15:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-20 00:18 . 2009-03-20 00:18 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-19 20:32 . 2009-02-22 20:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 16:27 . 2009-03-18 16:27 0 ----a-w c:\documents and settings\All Users\Application Data\ISx4A.tmp
2009-03-06 14:22 . 2004-08-04 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-05 05:41 . 2006-08-22 09:53 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-03 00:18 . 2006-01-09 16:08 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-22 19:56 . 2009-02-22 19:56 0 ----a-w c:\windows\nsreg.dat
2009-02-20 18:09 . 2004-08-04 10:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-11 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-21 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]
"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]
"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 20:55 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-04-26 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-26 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2376259476-3903980144-86246066-1256\Scripts\Logon\0\0]
"Script"=\\wag.local\SysVol\wag.local\scripts\kwprinters.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2376259476-3903980144-86246066-1369\Scripts\Logon\0\0]
"Script"=\\wag.local\SysVol\wag.local\scripts\kwprinters.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"=
"c:\\ComboFix\\NirCmd.cfexe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [6/19/2006 1:20 PM 1097728]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - INT15.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-05-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{a531b50a-c6cd-49fb-818b-69d9c53ec19c} - c:\windows\system32\yolefode.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\horijavu.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} - hxxp://w3.gliconline.com/Common/Scripts/GuardianDownload.CAB
DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} - hxxp://w3.gliconline.com/GuardianHelp/Scripts/ctlDownloadHelp_2.CAB
DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} - hxxp://w3.gliconline.com/GuardianHelp/scripts/ctlshowHelp_3.CAB
DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} - hxxp://w3.gliconline.com/Common/Cabs/ctlCommonControls.CAB
DPF: {465FAD36-B01B-40B7-836C-FA4B5AC6684E} - file:///E:/DL_Installer.cab
DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} - hxxp://w3.gliconline.com/Common/Cabs/GDL_VbRuntime.CAB
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h23xbwux.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 22:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\ovfsthkxopadrvnddtkquttlxcrvqtraorjaaq.sys 83968 bytes executable
c:\docume~1\ADMINI~1\LOCALS~1\Temp\ovfsth000 0 bytes
c:\docume~1\ADMINI~1\LOCALS~1\Temp\ovfsthx000 0 bytes
c:\windows\system32\ovfsthansdoaltorwbbfnbovsotvovjvnvqlik.dat 43 bytes
c:\windows\system32\ovfsthfvpdrqdelnbvrfvqiecthdwnvlhnvhfc.dll 18432 bytes executable
c:\windows\system32\ovfsthtsapjgcmudnrebuaupyjiiybirvbmrgr.dll 18944 bytes executable
c:\windows\system32\ovfsthwivynfanyjmyruclxiltnwxxtcyrugro.dll 60928 bytes executable
c:\windows\system32\ovfsthyarhqqeuhvonejtwvervbamhvsvqonal.dat 23351 bytes

scan completed successfully
hidden files: 8

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthvawfmndwmkfnpvbhetjmdnhmobwsqhkq]
"imagepath"="\systemroot\system32\drivers\ovfsthkxopadrvnddtkquttlxcrvqtraorjaaq.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7552)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2009-05-13 22:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-13 02:55

Pre-Run: 20,408,090,624 bytes free
Post-Run: 20,339,092,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

267 --- E O F --- 2009-04-21 04:26

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:07 PM

Posted 12 May 2009 - 10:51 PM

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I Infected forum.
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users