Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop Ups!


  • This topic is locked This topic is locked

#16
silencedmessage

silencedmessage

    Member

  • Member
  • PipPipPip
  • 987 posts
Sorry about that, the servers are having some issues at the moment. Please try this link and follow the instructions as posted before:

MajorGeeks<br><br>:whistling:

-Silenced Message
  • 0

Advertisements


#17
odirish

odirish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-13 16:02:34
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [ 06 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 2F4 80502770 4 Bytes [ AC, 18, B2, FC ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 510 8050298C 4 Bytes [ 12, 18, B2, FC ]
.text ntdll.dll!NtClose 77F758AA 5 Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 77F759F4 5 Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 77F75A21 5 Bytes JMP 72033FC8

---- Files - GMER 1.0.12 ----

ADS C:\System Volume Information\_restore{8C4EC5B1-7C19-4D76-ACE2-07C30EA8A853}\RP170\A0017835.exe:{F63EC417-F0D6-1DA5-0BC6-D7853A176842}

---- EOF - GMER 1.0.12 ----

I wanted to ask you if after we get this all cleaned up, can I remove some of the programs like combofix, etc.. If not, that's fine.

Mary Ann
  • 0

#18
silencedmessage

silencedmessage

    Member

  • Member
  • PipPipPip
  • 987 posts
Hi again Mary Ann :whistling:

I wanted to ask you if after we get this all cleaned up, can I remove some of the programs like combofix, etc.. If not, that's fine.

Absolutely! When we are all done, I will give you a list of the tools we use, and my recommendations for what to do with each one. Ultimately it is your choice if you want to keep them or not though. A few of them will be of no use to you at all, so we will make sure that we get rid of the cluster this has caused. :blink:

Before we may continue, I need to see another HijackThis log for analysis.

Please post a fresh HijackThis log along with a Startup List and I will get back to you A.S.A.P.!

To Get StartupList:
  • Please download StartupList to your desktop.
  • Double click the startuplist.zip to extract the files inside.
  • When the new window opens, please double click on StartupList.exe
  • A window will open that will begin listing all of the startups with icons and text. In the lower left hand corner, it will show the status. When it says "ready" in the bottom left corner, it has finished running.
  • At the top of the window, click File>Save As and save startuplist.txt to your desktop.
  • Close startuplist.exe window
  • Post a copy of startuplist.txt in your next reply
Thanks!

-Silenced Message
  • 0

#19
odirish

odirish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

  • 0

#20
silencedmessage

silencedmessage

    Member

  • Member
  • PipPipPip
  • 987 posts
It appears the Boards are having some trouble (this has been happening recently)

Could you please ask any questions and show the hijackthis log in your post, and then add the startup list as an attachment. That may or may not make it work. :whistling:

Thanks!

-Silenced Message
  • 0

#21
odirish

odirish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
It won't post. I'll keep trying

Mary Ann

Logfile of HijackThis v1.99.1
Scan saved at 3:32:55 PM, on 1/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\hjt.exe\hjt.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\System32\ntos.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


Mary Ann

Edited by odirish, 15 January 2007 - 02:34 PM.

  • 0

#22
odirish

odirish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
My startup list won't post.

Mary Ann

Edited by odirish, 15 January 2007 - 02:36 PM.

  • 0

#23
silencedmessage

silencedmessage

    Member

  • Member
  • PipPipPip
  • 987 posts
Hi Mary Ann,

Try adding it as an attachment:
  • Click Add Reply
  • Scroll down to the File Attachments section
  • Click Browse...
  • Navigate to the attachment and click open
  • Post the reply
For some reason or another, I have found that sometimes when posts are too big they will come up as blank. We are currently looking into this and will hopefully have it fixed soon! :whistling:

-Silenced Message
  • 0

#24
odirish

odirish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Attached File  startuplist.txt   110.2KB   105 downloads
  • 0

#25
silencedmessage

silencedmessage

    Member

  • Member
  • PipPipPip
  • 987 posts
Hi Mary Ann,

Thanks for doing that! I just wanted to let you know that I will not forget about you, but I may not be able to get back to you until tomorrow due to the size of the startup list. Whenever I get through it I will get back to you! :whistling:

Edited by silencedmessage, 15 January 2007 - 07:50 PM.

  • 0

Advertisements


#26
odirish

odirish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
That's fine. Thanks for your help.

Mary Ann
  • 0

#27
silencedmessage

silencedmessage

    Member

  • Member
  • PipPipPip
  • 987 posts
Hi again Mary Ann,

Sorry again for the delay.

We are going to try using killbox to get rid of that line again only in a different way. :whistling:
  • Please double-click Killbox.exe to run it.
  • Select:
    • Replace on Reboot
    • then Click on the All Files button.
    • Put a tick next to the Use Dummy option.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\System32\ntos.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\System32\ntos.exe,

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot.

Please post a new HijackThis log (after rebooting) and let's see if this caught it! If not, there are still plenty more options. :blink:

Hang in there!

-Silenced Message
  • 0

#28
odirish

odirish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:11:20 PM, on 1/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\hjt.exe\hjt.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


I had to do this between running to the orthodontist for my son. I hope I didn't mess anything up.

Mary Ann
  • 0

#29
silencedmessage

silencedmessage

    Member

  • Member
  • PipPipPip
  • 987 posts
Hi again Mary Ann,

You did just fine! The good news is that persistent piece of malware is gone now! We have a few more things to do though, but we are very close! :blink:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405


Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Just to make sure no other nasties are hiding, let's do an online scan. :help:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Let me know how this goes! You have done an amazing job thus far! :whistling:

-Silenced Message
  • 0

#30
odirish

odirish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Incident Status Location

Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\odirish\Local Settings\Temporary Internet Files\Ssk.log
Spyware:spyware/apropos Not disinfected c:\windows\loadnew.exe
Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\documents and settings\all users\application data\WinAntiVirus Pro 2006
Dialer:Dialer.XD Not disinfected C:\777.htm
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\odirish\Cookies\[email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22D.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq234.tmp
Adware:Adware/Sqwire Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F1.tmp
Adware:Adware/Sqwire Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F7.tmp
Adware:Adware/Sqwire Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F8.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq603.tmp
Adware:Adware/PurityScan Not disinfected C:\QooBox\Purity\Documents and Settings\odirish\Application Data\SMANTE~1\?hkdsk.exe
Possible Virus. Not disinfected C:\WINDOWS\xondh5hm.exe

Here ya go!
Mary Ann
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP