Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still infected?


  • Please log in to reply
17 replies to this topic

#1 mro

mro

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 15 October 2009 - 11:03 AM

Hi,

My computer got infected, but I don't know when (I just was scanning my computer because another computer in my home-netork was infected with usbassist.exe).
Malwarebytes Anti-malware said it took care of what it found, however.
In the log was:
C:\System Volume Information\_restore{4DA77F6B-B2ED-4F95-B5EC-373934F1C3D7}\RP31\A0006601.sys (Worm.Agent) -> Quarantined and deleted successfully.

It was the only infection it could find in a full scan in safe mode.
After that nothing was found anymore.
I don't get any strange messages or whatever, everything seems to be working OK apart from Active-Sync trying to install when logging in on the pr-account.

Yet, I am wondering: did the computer become infected by other malware, without Symantec and MAM being able to find it?
I use Symantec as a virusscanner and Comodo firewall (without the anti-virus).
By the way: the efreesoft bosskey I installed myself.

So: can anyone tell me if there is still some hidden stuff that I should get rid of?

Thanks in advance.

Edited by quietman7, 15 October 2009 - 11:45 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:11 PM

Posted 15 October 2009 - 11:46 AM

I edited your topic to remove your HijackThis log as they are not permitted in topics outside the HJT forum. Referrals are made to the HJT forum if we cannot resolve the issue here or the infection keeps returning and we need to use more powerful tools.

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails or you cannot boot up normally. If that is the case, after completing a safe mode scan, reboot normally and try rescanning again.

The detected _restore{GUID}\RP***\A00*****.xxx file(s) identified by your scan was in the System Volume Information Folder (SVI) which is a part of System Restore. The *** after RP represents a sequential number automatically assigned by the operating system. The ***** after A00 represents a sequential number where the original file was backed up and renamed except for its extension. To learn more about this, refer to:System Restore is the feature that protects your computer by creating backups (snapshots saved as restore points) of vital system configurations and files. These restore points can be used to "roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. The SVI folder is protected by permissions that only allow the system to have access and is hidden by default on the root of every drive, partition or volume including most external drives, and some USB flash drives. For more detailed information, read System Restore Overview and How it works and How antivirus software and System Restore work together.

System Restore is enabled by default and will back up the good as well as malicious files, so when malware is present on the system it gets included in restore points as an A00***** file. When you scan your system with anti-virus or anti-malware tools, you may receive an alert that a malicious file was detected in the SVI folder (System Restore points) and moved into quarantine. When a security program quarantines a file, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat. Thereafter, you can delete it at any time.

If your anti-virus or anti-malware tool cannot move the files to quarantine, they sometimes can reinfect your system if you accidentally use an old restore point. In order to avoid reinfection and remove these file(s) if your security tools cannot remove them, the easiest thing to do after disinfection is Create a New Restore Point to enable your computer to "roll-back" to a clean working state and use Disk Cleanup to remove all but the most recent restore point.
Vista users can refer to these links: Create a New Restore Point in Vista and Disk Cleanup in Vista.

If your anti-virus or anti-malware tool was able to move the file(s), I still recommend creating a new restore point and using disk cleanup as the last step after removing malware from an infected computer.

However, before doing that, run a MBAM scan in normal mode, post the log.

Also let me know how your computer is running and if there are any more reports/signs of infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mro

mro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 17 October 2009 - 07:21 AM

Thanks for the explanation.
MBAM found nothing in normal mode.
Symantec: the same thing.
It looks like the computer is running OK, but I am not quite convinced that that means that all really is OK too.
Did you see any suspicious things left in de files I posted originally?
Or would they have to be posted elsewhere for some further review?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:11 PM

Posted 17 October 2009 - 08:21 AM

Get a second opinion by performing an Online Virus Scan like BitDefender or Kaspersky.

Please perform an online scan with Kaspersky Online Virus Scanner.
(Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the Posted Image ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the Posted Image ...button.
  • The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 mro

mro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 17 October 2009 - 08:27 AM

Kaspersky has disabled the online scan?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:11 PM

Posted 17 October 2009 - 08:37 AM

Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 mro

mro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 17 October 2009 - 10:13 AM

Well, that was OK.
The Eset online scan with the recommended settings found nothing at all.
What's your advice, could I leave it at that?

Edited by mro, 17 October 2009 - 10:45 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:11 PM

Posted 17 October 2009 - 12:27 PM

How is your computer running now? Are there any more reports/alerts, signs of infection or issues with your browser?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 mro

mro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 17 October 2009 - 01:46 PM

There are/were two strange things happening.
First: that Clippy of Microsoft Office had appeared again. However, I could disable that one easily.
Furthermore, after I have logged in on the computer, I see a small icon right below, showing the computer is trying to get contact.
The icon looks like two computerscreens and a little dot going from one screen to the other and back.
Like the computer is acquiring an IP address from the router?
It disappears after a few seconds.
Looks ordinary, but a couple of weeks ago I had never seen it before.

But for the rest, as far as I can see everything seems to be running OK...

I'll do another online scan with Panda Activescan and will get back to you with the results.

Here they are, strange is the remark on vpshell2.dll; to me it looks just like a Symantec file?
So I scanned that specific file with virustotal.com. It got only one remark form Rising (never heard of it?) that said: AdWare.Win32.FakeMS.o
None of the other virusscan prorams had any problems with it...


;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-10-17 23:19:26
PROTECTIONS: 1
MALWARE: 10
SUSPECTS: 8
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec AntiVirus Corporate Edition 9.0.0.1400 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00049146 Joke/Bean Jokes No 0 Yes No D:\Recovered_CC1_D\Documents and Settings\Backup C (Old) en D huiskamer\C prgs + docs\MYDOCU~1\WWW\FILMPJ~1.D\BEAN.EXE
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\mdr\Cookies\mdr@com[4].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\mdr\Cookies\mdr@com[3].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\mdr\Cookies\mdr@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\mdr\Cookies\mdr@com[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\mdr\Cookies\mdr@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\mdr\Cookies\mdr@xiti[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\mdr\Cookies\mdr@xiti[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\mdr\Cookies\mdr@toplist[1].txt
00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\mdr\Cookies\mdr@club.cdfreaks[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No D:\Recovered_CC1_D\Documents and Settings\mdr.CC1\Cookies\mdr@ad.yieldmanager[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No D:\Recovered_CC1_D\Documents and Settings\mdr.CC1\Cookies\mdr@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No D:\Recovered_CC1_D\Documents and Settings\mdr.CC1\Cookies\mdr@burstnet[3].txt
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\mdr\Cookies\mdr@cdfreaks[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\mdr\Cookies\mdr@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\mdr\Cookies\mdr@weborama[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
No C:\System Volume Information\_restore{4DA77F6B-B2ED-4F95-B5EC-373934F1C3D7}\RP31\A0006329.rbf
No C:\System Volume Information\_restore{4DA77F6B-B2ED-4F95-B5EC-373934F1C3D7}\RP48\A0008490.rbf
No C:\WINDOWS\Installer\29f85.msi[unk_0043]
No C:\WINDOWS\Installer\29f85.msi[unk_0045]
No C:\WINDOWS\Installer\29f85.msi[unk_0047]
No C:\WINDOWS\Installer\29f85.msi[unk_0049]
No D:\Recovered_CC1_D\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Edited by mro, 17 October 2009 - 04:34 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:11 PM

Posted 17 October 2009 - 11:26 PM

The icon looks like two computerscreens and a little dot going from one screen to the other and back

Does it say anything when you hover your mouse over it? Are you finding any suspicious processes in Task Manager?

vpshell2.dll is related to Symantec. See here:
http://processlist.com/info/vpshell2.html

Rising's detection was probably a false positive.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 mro

mro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 18 October 2009 - 04:19 AM

When I hover over it; it says that the computer is acquiring a network address.
In the taskmanager I don't see strange things...

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:11 PM

Posted 18 October 2009 - 07:41 AM

Can you create a screenshot, upload it to an image site such as Photobucket, Media Fire, TinyPic or ImageShack and provide a link to the url address back here?

To capture a screenshot, refer to:Please download Rooter and save to your desktop.
alternate download link
  • Double-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...
  • Click the Scan button to begin.
  • Once the scan is complete, Notepad will open with a report named Rooter_#.txt (where # is the number assigned to the report).
  • A folder will be created at the %systemdrive% (usually, C:\Rooter$) where the log will be saved.
  • Rooter will automatically close. If it doesn't, just press the Close button.
  • Copy and paste the contents of Rooter_#.txt in your next reply.
Important: Before performing a scan with Rooter, it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 mro

mro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 18 October 2009 - 11:13 AM

The link to the screen capture:
http://www.mediafire.com/?sharekey=dd7eb5d...2e3a934329c7a5e

The output of Rooter:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 35 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
.
C:\ [Fixed-NTFS] .. ( Total:279 Go - Free:245 Go )
D:\ [Fixed-NTFS] .. ( Total:186 Go - Free:74 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
K:\ [Removable]
.
Scan : 18:19.06
Path : C:\Documents and Settings\mdr\Desktop\Rooter.exe
User : mdr ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (732)
______ \??\C:\WINDOWS\system32\csrss.exe (860)
______ \??\C:\WINDOWS\system32\winlogon.exe (884)
______ C:\WINDOWS\system32\services.exe (928)
______ C:\WINDOWS\system32\lsass.exe (940)
______ C:\WINDOWS\system32\svchost.exe (1100)
______ C:\WINDOWS\system32\svchost.exe (1156)
Locked cmdagent.exe (1268)
______ C:\WINDOWS\system32\svchost.exe (1324)
______ C:\WINDOWS\system32\svchost.exe (1428)
______ C:\WINDOWS\system32\svchost.exe (1612)
______ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (1636)
______ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (1660)
______ C:\WINDOWS\system32\spoolsv.exe (1816)
______ C:\WINDOWS\System32\SCardSvr.exe (1856)
______ C:\WINDOWS\system32\svchost.exe (1900)
______ C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (1940)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1960)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1980)
______ C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (2044)
______ C:\Program Files\Symantec AntiVirus\DefWatch.exe (288)
______ C:\Program Files\Java\jre6\bin\jqs.exe (540)
______ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (588)
______ C:\WINDOWS\system32\nvsvc32.exe (652)
______ C:\WINDOWS\system32\svchost.exe (680)
______ C:\Program Files\Symantec AntiVirus\Rtvscan.exe (216)
______ C:\WINDOWS\Explorer.EXE (2680)
______ C:\WINDOWS\System32\alg.exe (3424)
______ C:\Program Files\Logitech\iTouch\iTouch.exe (3904)
______ C:\Program Files\Microsoft IntelliPoint\point32.exe (2896)
______ C:\Program Files\Mgboss\mgboss.exe (2184)
______ C:\WINDOWS\system32\CTHELPER.EXE (3332)
______ C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (3628)
______ C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (3676)
______ C:\Program Files\iTunes\iTunesHelper.exe (3764)
______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (3776)
______ C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (3920)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2764)
______ C:\Program Files\Common Files\Symantec Shared\ccApp.exe (3968)
______ C:\PROGRA~1\SYMANT~1\VPTray.exe (3984)
Locked cfp.exe (460)
______ C:\WINDOWS\system32\RUNDLL32.EXE (1288)
______ C:\Program Files\Microsoft ActiveSync\wcescomm.exe (1448)
______ C:\PROGRA~1\MICROS~3\rapimgr.exe (2248)
______ C:\Program Files\iPod\bin\iPodService.exe (2816)
______ C:\Documents and Settings\mdr\Desktop\Rooter.exe (3044)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:300066407424)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\SyncBackSE Backup Data bestanden van C.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 18:19.09
.
C:\Rooter$\Rooter_2.txt - (18/10/2009 | 18:19.09)

Edited by mro, 18 October 2009 - 11:23 AM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:11 PM

Posted 18 October 2009 - 03:23 PM

I meant a screenshot of just the affect area (systray). Capturing your entire Desktop makes that area to small to view with any detail.

Also, if you right-click on that icon, is there a context menu with any options?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 mro

mro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 18 October 2009 - 04:59 PM

OK, here's a smaller one of the affected area and another one with the result of the right-click..
http://www.mediafire.com/?sharekey=cd87773...15d15c8b368bfbe

Edited by mro, 18 October 2009 - 05:04 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users