Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log Review


  • Please log in to reply
10 replies to this topic

#1 pennstate42

pennstate42

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 05 January 2011 - 01:07 AM

I've recently started getting pop up messages on my desktop with messages such as "a hard drive error occurred while starting the application" and "RAM memory usage is critically high, RAM Memory failure" etc... I downloaded Hijack this and performed a scan and would like some help reviewing the scan log for items that may be potential issues.

Edited by Budapest, 05 January 2011 - 04:20 AM.
Moved from XP ~BP


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:54 PM

Posted 05 January 2011 - 01:25 AM

Hi pennstate42, and welcome to BleepingComputer.

I don't see any HJT log, so let's try another approach.

Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 pennstate42

pennstate42
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 05 January 2011 - 02:05 AM

Thank you for responding so quickly. I've pasted the BlueScreenView scan results below. Also, below that I will paste the Hijack This log. Thank You

==================================================
Dump File : Mini082609-01.dmp
Crash Time : 8/26/2009 11:47:15 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xe5cc483d
Parameter 2 : 0x00000001
Parameter 3 : 0xbf80239e
Parameter 4 : 0x00000002
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+239e
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6046 (xpsp_sp3_gdr.101026-1628)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082609-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini082408-01.dmp
Crash Time : 8/24/2008 8:18:32 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x84a872c8
Parameter 3 : 0x84a8743c
Parameter 4 : 0x805d13b6
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082408-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

Edited by Budapest, 05 January 2011 - 02:51 AM.
HJT Log removed ~BP


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:54 PM

Posted 05 January 2011 - 02:22 AM

From your minidump it looks like you may have a problem with your RAM. Please download and run Memtest86.


***** A. If you have more than one RAM module installed, try starting computer with one RAM stick at a time.

NOTE Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option A

B. If you have only one RAM stick installed...
...run memtest...

1. Download - Pre-Compiled Bootable ISO (.zip)
2. Unzip downloaded memtest86+-....iso.zip file.
3. Inside, you'll find memtest86+-....iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:

Posted Image

8. Locate memtest86+-....iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:

Posted Image

10. Once the CD is created, boot from it, and memtest will automatically start to run.

The running program will look something like this depending on the size and number of ram modules installed:


Posted Image

It's recommended to run 5-6 passes. Each pass contains very same 8 tests.

This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.

Posted Image

The following image is the test results area:

Posted Image

The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:54 AM

Posted 05 January 2011 - 03:57 AM

@ dc3
The bsod events were from 2008 and 2009 ....

The popup error messages are the result of malware ... one of the fake system optimisers/defragmenters.

@ pennstate42

Have a look at the Virus, Spyware, & Malware Removal Guides to find the particular removal guide for your infection, and follow the instructions in the guide.

The MBAM log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Please post the log and let us know how the system is running now.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#6 pennstate42

pennstate42
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 06 January 2011 - 02:13 AM

Thank you both for you assistance in helping fix this issue. I initially scanned my system using SUPERAntiSpyware and found several trojans and adware. I cleaned these off my system and rebooted but this did not resolve the issue. I then scanned my system using Malwarebytes and if found several trojans (including the ones found by SUPERAntiSpyware) I removed the trojans and adware and rebooted and it appears the issue has been resolved. Thank you again for your assistance and advice. Below is the log file from the MalwareBytes scan.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5468

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/5/2011 10:55:08 PM
mbam-log-2011-01-05 (22-55-08).txt

Scan type: Full scan (C:\|)
Objects scanned: 225078
Time elapsed: 1 hour(s), 9 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 31

Memory Processes Infected:
c:\documents and settings\all users\application data\lbsydyrdlalnvk.exe (Trojan.FakeAlert) -> 3060 -> Unloaded process successfully.

Memory Modules Infected:
c:\documents and settings\all users\application data\qunmkniyhjtwbe.dll (Rogue.FakeHDD) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LBSYdYrDlalNvk.exe (Trojan.FakeAlert) -> Value: LBSYdYrDlalNvk.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\qunmkniyhjtwbe.dll (Rogue.FakeHDD) -> Delete on reboot.
c:\documents and settings\all users\application data\lbsydyrdlalnvk.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0158474.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0159469.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0160477.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0161469.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0161470.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0162477.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0159479.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0163469.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0164511.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0163470.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0163479.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0164469.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0164478.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0164491.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0164496.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0164505.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0164520.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0164526.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0164536.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0164550.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0164564.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0164578.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0165578.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0165592.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP329\A0165608.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP330\A0165626.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP330\A0165642.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\prtprocs\w32x86\10070.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\prtprocs\w32x86\10273.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

#7 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:54 AM

Posted 06 January 2011 - 03:42 AM

Please do the following to ensure that your system is clean:

:step1: Empty your temp folders using TFC (Temporary File Cleaner) in Safe Mode
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Re-start your computer and load Windows in Safe Mode:
    • Start tapping the F8 key as the system starts to boot again, and continue tapping until you are presented with the "Windows Advanced Options Menu" screen.
    • Use the UP/DOWN arrow keys to select "Safe Mode", and press the <ENTER> key.
    • Log into your own account.

      Getting into Windows Safe Mode
      http://www.computerhope.com/issues/chsafe.htm
  • Run TFC:
    • Save any unsaved work. (TFC will close ALL open programs including your browser!)
    • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
    • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

:step2: Scan with SUPERAntiSpyware
  • Open SAS and update the definitions before scanning by selecting "Check for Updates".
    (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


:step3: Scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Note 1: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.

NOTE 2: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE 3: In some instances if no malware is found, there will be no log produced.



:step4: Now you should Create a New Restore Point and remove all the old restore points to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.


Please post the logs and let us know how your system is running.

Edited by AustrAlien, 06 January 2011 - 03:49 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#8 pennstate42

pennstate42
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 07 January 2011 - 11:14 PM

I've completed the steps as outlined above. The only log I have as a result is from the ESET Online scan. Please see log below.

C:\Documents and Settings\All Users\Application Data\095fc40\743.mof Win32/RogueAV.A trojan cleaned by deleting - quarantined
C:\Documents and Settings\Heather\My Documents\Downloads\[[ microsoft office xp ]].zip a variant of Win32/TrojanDownloader.IstBar trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\sst74.sys a variant of Win32/Rootkit.Kryptik.CB trojan cleaned by deleting - quarantined


Do you believe that my systems is clean now? Thank you again!!!

#9 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:54 AM

Posted 08 January 2011 - 04:11 AM

Please post the log from SUPERAntiSpyware

To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.

Click Close to exit the program.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#10 pennstate42

pennstate42
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 19 January 2011 - 05:24 PM

Here is the scan log from the SUPERAntiSpyware scan.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/06/2011 at 09:44 PM

Application Version : 4.34.1000

Core Rules Database Version : 6153
Trace Rules Database Version: 3965

Scan type : Complete Scan
Total Scan Time : 00:56:19

Memory items scanned : 661
Memory threats detected : 0
Registry items scanned : 6158
Registry threats detected : 0
File items scanned : 28291
File threats detected : 21

Adware.Tracking Cookie
C:\Documents and Settings\Heather\Cookies\heather@specificclick[1].txt
C:\Documents and Settings\Heather\Cookies\heather@doubleclick[1].txt
C:\Documents and Settings\Heather\Cookies\heather@atdmt[1].txt
C:\Documents and Settings\Heather\Cookies\heather@serving-sys[1].txt
C:\Documents and Settings\Heather\Cookies\heather@specificclick[2].txt
C:\Documents and Settings\Heather\Cookies\heather@burstnet[1].txt
C:\Documents and Settings\Heather\Cookies\heather@statse.webtrendslive[2].txt
C:\Documents and Settings\Heather\Cookies\heather@ad.wsod[2].txt
C:\Documents and Settings\Heather\Cookies\heather@content.yieldmanager[5].txt
C:\Documents and Settings\Heather\Cookies\heather@bs.serving-sys[2].txt
C:\Documents and Settings\Heather\Cookies\heather@at.atwola[1].txt
C:\Documents and Settings\Heather\Cookies\heather@invitemedia[1].txt
C:\Documents and Settings\Heather\Cookies\heather@serving-sys[2].txt
C:\Documents and Settings\Heather\Cookies\heather@specificmedia[1].txt
C:\Documents and Settings\Heather\Cookies\heather@interclick[2].txt
C:\Documents and Settings\Heather\Cookies\heather@casalemedia[3].txt
C:\Documents and Settings\Heather\Cookies\heather@ad.yieldmanager[2].txt
C:\Documents and Settings\Heather\Cookies\heather@advertising[1].txt
C:\Documents and Settings\Heather\Cookies\heather@statcounter[1].txt

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP330\A0165668.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP330\A0165669.DLL

#11 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:54 AM

Posted 19 January 2011 - 05:44 PM

You said that you had completed all the steps, and I take it that includes having done step #4 above and removed all the old restore points.

In that case, the logs look fine, and I think you are right to go.

Take care and good luck.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users