Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista freezing after removing trojan.ZbotR


  • This topic is locked This topic is locked
13 replies to this topic

#1 oldlozzer

oldlozzer

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 16 August 2012 - 08:30 AM

Hope I'm not being trivial as a newbie.
I came home from holiday with a problem. My laptop appeared to have picked up a virus that was hacking my online banking page to request additional (and dangerous for me) information. McAfee had not detected anything, but after installing and running Malwarebytes Anti Malware, it reported trojan.ZbotR.Gen. I deleted that as per MBAM, but on restart, the screen is freezing once everything is loaded. I can load in safemode and have rerun MBAM that way to recheck, with nil result. I have tried to restore to a previous point, but after a 2 hour process got the message 'restore failed'.Have also tried Windows repair, but no damage found.
I have saved documents and transferred email data to another machine, ready to do a clean windows install, but I'd rather not!
Using Vista Home Premium with SP2

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 21 August 2012 - 08:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465431 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 oldlozzer

oldlozzer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 21 August 2012 - 09:45 AM

Hope I'm not being trivial as a newbie.
I came home from holiday with a problem. My laptop appeared to have picked up a virus that was hacking my online banking page to request additional (and dangerous for me) information. McAfee had not detected anything, but after installing and running Malwarebytes Anti Malware, it reported trojan.ZbotR.Gen. I deleted that as per MBAM, but on restart, the screen is freezing once everything is loaded. I can load in safemode and have rerun MBAM that way to recheck, with nil result. I have tried to restore to a previous point, but after a 2 hour process got the message 'restore failed'.Have also tried Windows repair, but no damage found.
I have saved documents and transferred email data to another machine, ready to do a clean windows install, but I'd rather not!
Using Vista Home Premium with SP2


And apologies, it is Vista 32 bit.

Away from home for the next two days, so will run the scans and post as soon as I get home.

Edited by oldlozzer, 21 August 2012 - 11:24 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:40 PM

Posted 22 August 2012 - 07:46 PM

Greetings oldlozzer and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. :thumbup2:

If you are unable to run the requested programs in Normal Mode, please run them in Safe Mode.


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================


Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.


===================================================


Additional Information

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
    • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt
  • GMER log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 oldlozzer

oldlozzer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 23 August 2012 - 04:27 AM

Home in about 6 hours time. I'll run the scans this evening and post the logs.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:40 PM

Posted 23 August 2012 - 09:30 AM

Greetings oldlozzer,

No problem. Thank you for the update.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 oldlozzer

oldlozzer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 24 August 2012 - 05:57 AM

Hi Gary,
Reports copied as requested.
The laptop is still responding oddly, although when I returned from the 4 days away, it at first appeared to load correctly. However after about an hour it crashed (screen dump) and now I've had to restart and run in safe mode as I was doing earlier.
I appreciate the help!
Laurie



DDS report:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19272 BrowserJavaVersion: 1.6.0_33
Run by Laurie at 17:24:51 on 2012-08-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.518 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Lingoes\Translator2\Lingoes.exe
C:\Program Files\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\McAfee Online Backup\MOBKstat.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Laptop Assistant\LaptopAssistant.exe
C:\Program Files\TouchpadPal\TouchpadPal.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\MsiExec.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Lingoes] c:\program files\lingoes\translator2\Lingoes.exe -minimize
uRun: [Radio365Agent] c:\program files\live365\radio365\Radio365TrayAgent.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_270_Plugin.exe -update plugin
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Desktop SMS] c:\program files\idm\desktop sms\DesktopSMS.exe /auto
mRun: [Skytel] Skytel.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Flashget] "c:\program files\flashget\FlashGet.exe" /min
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\laurie\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\laurie\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\laurie\appdata\roaming\micros~1\windows\startm~1\programs\startup\laptop~1.lnk - c:\program files\laptop assistant\LaptopAssistant.exe
StartupFolder: c:\users\laurie\appdata\roaming\micros~1\windows\startm~1\programs\startup\touchp~1.lnk - c:\program files\touchpadpal\TouchpadPal.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee online backup\MOBKstat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~2.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{70D807BF-6081-4009-AE5F-1FE1AF01F08F} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FE292910-BE4F-4E11-9BFD-DD096D7E62FB} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\laurie\appdata\roaming\mozilla\firefox\profiles\aqsm0wmb.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 CplIR;Embedded IR Driver;c:\windows\system32\drivers\CplIR.sys [2007-3-6 14848]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-8-24 41912]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-8-21 60480]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-8-5 146872]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
.
=============== Created Last 30 ================
.
2012-08-14 11:05:10 -------- d-----w- c:\users\laurie\appdata\roaming\Malwarebytes
2012-08-14 11:04:29 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 11:04:21 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 11:04:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-05 16:31:28 64832 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2012-08-05 16:30:55 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
==================== Find3M ====================
.
2012-08-03 10:45:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 10:45:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 20:44:03 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-12 20:44:03 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-25 15:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-22 06:58:12 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-06-22 06:55:18 206784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-22 06:55:08 166320 ----a-w- c:\windows\system32\mfevtps.exe
2012-06-22 06:53:56 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-06-22 06:53:48 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-06-22 06:52:38 554048 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-22 06:51:46 360792 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-06-22 06:51:16 61912 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-06-22 06:50:56 230224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-06-22 06:50:24 127992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 17:32:08.01 ===============



Attach.txt as requested:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 21/08/2011 15:33:33
System Uptime: 23/08/2012 16:55:57 (1 hours ago)
.
Motherboard: TOSHIBA | | ISRAA
Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 27.525 GiB free.
E: is FIXED (NTFS) - 92 GiB total, 91.98 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Amazon MP3 Downloader 1.0.9
ATI Catalyst Install Manager
Audacity 1.3.14 (Unicode)
Bluetooth Stack for Windows by Toshiba
Byki
Byki Deluxe
Byki Express
Camera Assistant Software for Toshiba
Canon MP210 series
Canon MP210 series User Registration
Canon My Printer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian


GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-24 11:53:59
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DK02
Running: gmer.exe; Driver: C:\Users\Laurie\AppData\Local\Temp\awldipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88B57000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88BA0000, 0x510, 0x40000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1144] ntdll.dll!LdrLoadDll 77099378 5 Bytes JMP 6D16B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1144] kernel32.dll!LockResource + C 77236B0B 7 Bytes JMP 6D41B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1144] kernel32.dll!VirtualAllocEx + 54 7723AF70 7 Bytes JMP 6D41B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1144] USER32.dll!GetWindowInfo 76E1428E 5 Bytes JMP 6D2F2BD4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1144] GDI32.dll!SetStretchBltMode + 256 771A745C 7 Bytes JMP 6D41B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Files - GMER 1.0.15 ----

File C:\Users\Laurie\Documents\Lockbox 0 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08 0 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\.picasa.ini 280 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\.picasaoriginals 0 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\.picasaoriginals\.picasa.ini 199 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\.picasaoriginals\IMG_1692.JPG 1540449 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1677.JPG 1480042 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1678.JPG 1547566 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1679.JPG 1435364 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1680.JPG 1561324 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1681.JPG 1567781 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1682.JPG 1568151 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1683.JPG 1539487 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1684.JPG 1538512 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1685.JPG 1464145 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1686.JPG 1679923 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1687.JPG 1641720 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1688.JPG 1519946 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1689.JPG 1491825 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1690.JPG 1509271 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1691.JPG 1502103 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1692.JPG 831907 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1693.JPG 1527938 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1694.JPG 1614263 bytes
File C:\Users\Laurie\Documents\Lockbox\2011-10-08\IMG_1695.JPG 1544343 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy 0 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\New - 959_0327.mpg 14956544 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\$$JetTHM$$.cache 53197 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\.picasa.ini 1763 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\14-11-08_1054.jpg 73194 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\958_0326.MOV 32824081 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\959_0327.MOV 49474167 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\DSCF0052.JPG 317643 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\DSCF0053.JPG 324566 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\DSCF0054.JPG 318912 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\DSCF0108.JPG 220756 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\DSCF0190.JPG 292753 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\DSCF0191.JPG 271973 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\DSCF0192.JPG 331454 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\feed.rss 26940 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\New - 958_0326.mpg 6852608 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\View Online.url 82 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\Voice0003.amr 149894 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\Voice0003.aup 1013 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\Voice0003.mp3 402048 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\Voice0003.wav 8865206 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\Voice0003.wma 817841 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\Voice0003_data 0 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\Voice0003_data\e00 0 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\Voice0003_data\e00\d00 0 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy\Voice0003_data\e00\d00\e0000766.au 821632 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy_1 0 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy_1\.picasa.ini 596 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy_1\feed.rss 8007 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy_1\IMAG0026-1.jpg 879736 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy_1\IMAG0026.jpg 1266236 bytes
File C:\Users\Laurie\Documents\Lockbox\saucy_1\View Online.url 72 bytes

---- EOF - GMER 1.0.15 ----

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:40 PM

Posted 25 August 2012 - 08:03 AM

Greetings oldlozzer,

Thank you for the information. A few things we need to do in this first post.

Although I have not verified the presence of trojan.ZbotR.Gen, as reported by Malwarebytes, I need to advise you of the potential ramifications of this type of virus. That warning information is below.

It appears some of the information in Attach.txt did not make it to the post. Could you double check to make sure you copied the entire contents of that document?

As a precautionary measure I want to check the validity of one of the files on your computer. Although typically the file is OK, there have been a couple of occasions when the file was infected.

Finally, I am going to have you run a program to give us information about Blue Screen of Death (BSOD) events. I am wondering if some of your problems are related to McAfee which is known to be the cause of some BSOD events.

OK, here we go, if you don't mind.


===================================================


BACKDOOR WARNING!

--------------------

As reported by Malwarebytes one or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evedences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Virustotal Online Virus Scanner

--------------------

  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file, double click on it so the file name is populated, then click Scan it!

    C:\Program Files\FlashGet\flashget.exe
  • Once completed, highlight the information in the address bar and copy then paste the link in your reply (please do not copy and paste this information)


    Posted Image

===================================================


BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
More information about the program can be found here


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Attach.txt
  • VirusTotal link
  • BSOD.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:40 PM

Posted 28 August 2012 - 09:28 AM

Greetings oldlozzer,


===================================================


3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 oldlozzer

oldlozzer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 28 August 2012 - 09:53 AM

Apologies!
Your last reply must have got lost in my inbox.
I'll take the steps you suggest asap.

Laurie

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:40 PM

Posted 28 August 2012 - 10:26 AM

Greetings oldlozzer,

No problem. I am glad you are still with me.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 oldlozzer

oldlozzer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 01 September 2012 - 09:31 AM

Thanks for all the advice and help.

In view of what you have said, and since I have managed to copy my documents, emails etc, I think its probably best to reformat.

Not a nice thought to conjur with, but I've done it before and survived!

Thanks again

Laurie

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:40 PM

Posted 01 September 2012 - 09:46 AM

Greetings oldlozzer,

The safest bet is to reformat. The short term inconvenience will be worth the long term peace of mind.

Thank you for letting me know. Good luck!
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:40 PM

Posted 01 September 2012 - 01:17 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users