Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • This topic is locked This topic is locked
3 replies to this topic

#1 parmarorama


  • Members
  • 2 posts
  • Local time:12:48 PM

Posted 30 June 2009 - 02:49 AM

hi, i m using windows vista os.until very recently i was using norton internet security 2009 trial version. last night i was surfing, and woof!!all of a sudden my explorer started crashing repeatedly. now that tends to happen at times with my comp when i try saving a damaged avi file.so i didnt do anything for a while but it just went from bad to worse.after a while the rest of my programs started crashing.firefox stopped responding completely, and for a while i couldnt even start i.e. .finally i force shut the computer down by holding the power button down.restarting it, i waited a bit before connecting it to the internet.untill then all was well.but soon as the connection was established it started all over again.i started taskmanager and found that a there was a file running by the name 833.exe which i had no idea about.i tried searching the net(this time ff n ie were working fine, though the explorer kept crashing), and some sites told me it was wh.exe which was giving me all the trouble. thereafter i downloaded zonealarm, and avast antivirus.uninstalled norton and fired up ZA.stopped 833.exe from accessing the internet and for the time being everythings ok. i am running avast but it says there are no infections. 833.exe is still running on my comp. is it a backdoor?how to remove it?pls help...

the contents of the dds.txt are as under...

DDS (Ver_09-06-26.01) - NTFSx86
Run by Joy at 12:54:52.79 on 30-06-2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.91.1033.18.3035.1290 [GMT 5.5:30]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
SP: ZoneAlarm Security Suite Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ZTE EV-DO\bin\EV-DO.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Joy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Windows Media Player\wmplayer.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Taskman=c:\recycler\s-1-5-21-6364595083-1422389017-036309860-0288\rundll32.exe
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-6364595083-1422389017-036309860-0288\rundll32.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: IeCatch2 Class: {a5366673-e8ca-11d3-9cd9-0090271d075b} - c:\progra~1\flashget\jccatch.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: iMesh MediaBar: {b7d3e479-cc68-42b5-a338-938ece35f419} - c:\program files\imesh applications\imesh mediabar\iMeshMediaBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\joy\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Win32 Firewall] c:\users\joy\appdata\local\temp\517.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update

mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce

mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Win32 Firewall] c:\users\joy\appdata\local\temp\833.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRunOnce: [<NO NAME>]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-in\local\search.html
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {1EA5B0FE-2866-4EF7-A30B-ED02643EC28D} =
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\users\joy\appdata\roaming\mozilla\firefox\profiles\yip0yg0x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\joy\appdata\local\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\users\joy\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-30 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-30 51792]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-4-29 54784]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-15 112128]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 100184]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2009-4-18 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2009-4-18 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2009-4-18 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2009-4-18 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2009-4-18 98696]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"

=============== Created Last 30 ================

2009-06-30 00:55 15,744,544 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-30 00:55 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-30 00:48 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-30 00:31 72,592 a------- c:\windows\zllsputility.exe
2009-06-30 00:31 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-06-30 00:31 <DIR> --d----- c:\program files\Zone Labs
2009-06-30 00:29 349,222 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-06-30 00:29 294,288 a------- c:\windows\system32\drivers\vsdatant.sys
2009-06-29 12:01 8,599 a------- C:\grab00000.jpg
2009-06-29 10:50 <DIR> --d----- c:\program files\Yahoo!
2009-06-29 07:19 <DIR> --d----- c:\program files\BlueRaTech
2009-06-25 18:53 <DIR> --d----- c:\users\joy\appdata\roaming\WildTangent
2009-06-20 19:59 <DIR> --d----- c:\programdata\47D
2009-06-20 19:59 <DIR> --d----- c:\progra~2\47D
2009-06-20 19:57 483,328 a------- c:\windows\system32\actskn45.ocx
2009-06-20 19:57 <DIR> --d----- c:\program files\iMesh Applications
2009-06-19 15:03 376,832 a------- c:\windows\system32\aestecap.dll
2009-06-19 15:03 133,632 a------- c:\windows\system32\aestacap.dll
2009-06-19 15:03 53,248 a------- c:\windows\system32\aestaren.dll
2009-06-19 15:03 10,641,500 a------- c:\windows\system32\idtcpl.cpl
2009-06-19 15:03 532,480 a------- c:\windows\system32\idtmini1.exe
2009-06-19 15:03 73,728 a------- c:\windows\system32\AESTCom.dll
2009-06-19 15:03 15,222 a------- c:\windows\system32\nbspkrs.ico
2009-06-19 15:03 3,774 a------- c:\windows\system32\bltinmic.ico
2009-06-19 15:03 3,774 a------- c:\windows\system32\2hps.ico
2009-06-19 15:03 2,875,392 a------- c:\windows\system32\stlang.dll
2009-06-19 15:03 446,556 a------- c:\windows\sttray.exe
2009-06-19 15:01 671,744 a------- c:\windows\system32\stapo.dll
2009-06-19 15:01 404,480 a------- c:\windows\system32\stcplx.dll
2009-06-19 15:01 427,008 a------- c:\windows\system32\stapi32.dll
2009-06-19 15:01 <DIR> --d----- c:\program files\IDT
2009-06-15 23:40 <DIR> --d----- c:\windows\system32\lib
2009-06-15 23:40 <DIR> --d----- c:\windows\system32\fonts
2009-06-15 23:40 <DIR> --d----- c:\program files\PDF-Convert
2009-06-15 19:22 <DIR> --d----- c:\programdata\TestFunda
2009-06-15 19:22 <DIR> --d----- c:\progra~2\TestFunda
2009-06-15 19:18 <DIR> --d----- c:\program files\Microsoft ASP.NET
2009-06-13 10:03 53 ---sh--- C:\desktop.ini
2009-06-10 22:59 636,928 a------- c:\windows\system32\localspl.dll
2009-06-10 07:57 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-10 07:56 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-01 17:58 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-01 17:58 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-06-30 00:30 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-30 00:30 51,200 a------- c:\windows\inf\infpub.dat
2009-06-30 00:30 86,016 a------- c:\windows\inf\infstor.dat
2009-05-09 11:20 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 11:04 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-22 12:56 2,914 a------- c:\windows\mozver.dat
2008-10-27 16:11 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 08:27 174 a--sh--- c:\program files\desktop.ini
2006-11-02 18:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 18:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 18:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 18:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:56:22.08 ===============

Attached Files

BC AdBot (Login to Remove)



#2 SifuMike


    malware expert

  • Staff Emeritus
  • 15,385 posts
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:18 AM

Posted 03 July 2009 - 09:20 PM

Hello parmarorama,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java™ 6 Update 7
    Java 2 Runtime Environment, SE v1.4.2
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586.exe to install the newest version.

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.


Please download Malwarebytes' Anti-Malware from one of these places:

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Note: if you dont have Hijackthis on your computer, then please download and install the new version by following the instructions here: http://www.download.com/Trend-Micro-Hijack....html?tag=mncol

Note that it is unnecessary to uninstall the old version because the new one will be copied to a different folder.

Let it install in the default folder C:\Program Files\Trend Micro\HijackThis
Please post it.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 parmarorama

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:48 PM

Posted 08 July 2009 - 07:27 AM

thanks a ton..although i formatted my hard drive and reinstalled my os before you could answer but still the fact that you took interest is very pleasing to know.would love to make a contribution too, but unfortunately cant do that right now.thanks again...

#4 SifuMike


    malware expert

  • Staff Emeritus
  • 15,385 posts
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:18 AM

Posted 08 July 2009 - 11:33 AM

Your very welcome. Glad to hear you got it sorted out. :thumbup2:

Since this problem is resolved, I will be closing this thread.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users