Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit.agent [RESOLVED]


  • This topic is locked This topic is locked

#16
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Try it once more, then if no log appears just run ComboFix.exe itself and post that log
  • 0

Advertisements


#17
HarryMears

HarryMears

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I had to run combofix by itself I'm afraid. There is also something trying to change my homepage when I run combofix, its trying to change it to http://.www.microsof...d=iear=iesearch

Heres the combofix log but I have to log off now, I will be back on tomorrow morning, thanks again for all your help.

ComboFix 08-01-28.2 - Harry Mears House 2008-01-28 18:11:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.142 [GMT 0:00]
Running from: D:\Documents and Settings\Harry Mears House\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.

2008-01-28 18:16 . 2008-01-28 18:16 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-28 16:00 . 2008-01-28 16:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 15:29 . 2008-01-20 02:34 656,353 --a------ C:\WINDOWS\system32\drivers\HOSTS
2008-01-28 15:29 . 2007-09-06 00:18 1,424 --a------ C:\WINDOWS\system32\drivers\mvps.bat
2008-01-28 15:23 . 2008-01-20 02:34 656,353 --a------ C:\HOSTS
2008-01-28 15:23 . 2007-09-06 00:18 1,424 --a------ C:\mvps.bat
2008-01-28 15:12 . 2008-01-28 17:36 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-28 15:04 . 2008-01-28 15:04 <DIR> d-------- C:\Program Files\ie-spyad
2008-01-28 14:51 . 2008-01-28 14:53 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-28 14:11 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-28 14:10 . 2008-01-28 14:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-28 11:35 . 2008-01-28 11:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-25 13:15 . 2008-01-25 13:15 100 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-01-23 15:27 . 2008-01-23 15:28 <DIR> d-------- D:\Documents and Settings\Harry Mears House\Application Data\PrevxCSI
2008-01-23 15:27 . 2008-01-23 15:27 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Prevx
2008-01-23 14:55 . 2008-01-28 16:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-23 10:26 . 2008-01-23 10:26 1,751 --a------ D:\Documents and Settings\Harry Mears House\clean.reg
2008-01-23 10:21 . 2008-01-23 10:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-22 13:00 . 2008-01-22 13:00 <DIR> d-------- D:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-22 13:00 . 2008-01-28 08:39 <DIR> d-------- D:\Documents and Settings\Harry Mears House\Application Data\AVG7
2008-01-22 12:59 . 2008-01-22 12:59 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 12:59 . 2008-01-22 15:08 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\avg7
2008-01-22 12:58 . 2008-01-22 12:58 86,144 --a------ C:\WINDOWS\system32\drivers\atmepvcc.sys
2008-01-22 11:51 . 2008-01-28 13:52 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-16 13:10 . 2008-01-16 13:10 <DIR> d-------- D:\Documents and Settings\Harry Mears House\Application Data\Apple Computer
2008-01-16 13:10 . 2008-01-28 17:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 13:10 . 2008-01-16 13:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 13:08 . 2008-01-16 13:08 <DIR> d-------- C:\Program Files\iPod
2008-01-16 13:07 . 2008-01-16 13:08 <DIR> d-------- C:\Program Files\iTunes
2008-01-16 13:07 . 2008-01-23 14:49 <DIR> d-------- C:\Program Files\Bonjour
2008-01-16 13:06 . 2008-01-16 13:07 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-16 13:05 . 2008-01-16 13:05 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-16 13:05 . 2008-01-16 13:05 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-16 13:05 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-16 13:04 . 2008-01-16 13:04 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Apple
2008-01-16 13:04 . 2008-01-16 13:04 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-16 10:57 . 2008-01-28 13:50 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 15:24 . 2008-01-09 15:24 0 --a------ C:\WINDOWS\system32\8104297.jun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 17:51 --------- d-----w D:\Documents and Settings\Harry Mears House\Application Data\Skype
2008-01-28 16:01 --------- d-----w D:\Documents and Settings\Harry Mears House\Application Data\SUPERAntiSpyware.com
2008-01-28 14:11 --------- d-----w C:\Program Files\Java
2008-01-22 15:47 --------- d-----w C:\Program Files\Dan Elwell's Broadband Speed Test
2008-01-22 12:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-22 12:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-01-22 12:50 --------- d-----w C:\Program Files\Symantec
2008-01-22 12:49 --------- d-----w C:\Program Files\Norton 360
2008-01-22 12:34 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 13:06 --------- d-----w C:\Program Files\QuickTime
2008-01-02 14:14 --------- d-----w C:\Program Files\Fire Safety Training
2007-12-31 08:26 25,773 ----a-w C:\WINDOWS\system32\drivers\regguard.sys
2007-12-07 08:40 --------- d-----w C:\Program Files\Greatis
2007-01-16 10:02 540 ----a-w D:\Documents and Settings\Harry Mears House\Application Data\wklnhst.dat
2006-11-22 13:29 510,040 -c--a-w C:\Program Files\Google Installer.exe
2006-08-04 17:27 9,840,640 -c--a-w C:\Program Files\psppxi.msi
2006-08-04 17:27 61,952 -c--a-w C:\Program Files\1031.mst
2006-08-04 17:27 60,416 -c--a-w C:\Program Files\1040.mst
2006-08-04 17:27 60,416 -c--a-w C:\Program Files\1036.mst
2006-08-04 17:27 59,904 -c--a-w C:\Program Files\1034.mst
2006-08-04 17:27 59,392 -c--a-w C:\Program Files\1043.mst
2006-08-04 17:27 12,800 -c--a-w C:\Program Files\1033.mst
2006-08-04 17:22 195,842,492 -c--a-w C:\Program Files\Data1.cab
2005-11-20 17:12 15,935,168 -c--a-w C:\Program Files\English_PSPX_RegXtras.exe
2005-09-07 08:26 7,156 -c--a-w C:\Program Files\corel.txt
2005-06-02 11:12 6,419 -c--a-w C:\Program Files\0x040c.ini
2005-06-02 11:12 6,287 -c--a-w C:\Program Files\0x040a.ini
2005-06-02 11:12 6,285 -c--a-w C:\Program Files\0x0407.ini
2005-06-02 11:12 6,180 -c--a-w C:\Program Files\0x0410.ini
2005-06-02 11:12 6,109 -c--a-w C:\Program Files\0x0413.ini
2005-06-02 11:12 5,515 -c--a-w C:\Program Files\0x0409.ini
2005-06-02 11:12 2,587,408 -c--a-w C:\Program Files\msi31.exe
2002-06-29 01:56 808,959 -c--a-w C:\Program Files\_SETUP.1
2002-06-29 01:56 5 -c--a-w C:\Program Files\DISK2.ID
2002-06-29 01:56 5 -c--a-w C:\Program Files\DISK1.ID
2002-06-29 01:56 34 -c--a-w C:\Program Files\SETUP.INI
2002-06-29 01:56 220,082 -c--a-w C:\Program Files\_SETUP.2
2002-06-29 01:56 205 -c--a-w C:\Program Files\SETUP.PKG
2002-06-29 01:56 191,918 -c--a-w C:\Program Files\_SETUP.LIB
1998-06-19 03:43 70,711 -c--a-w C:\Program Files\SETUP.INS
1997-01-19 03:04 320,411 -c--a-w C:\Program Files\_INST32I.EX_
1996-12-20 07:03 6,128 -c--a-w C:\Program Files\_SETUP.DLL
1995-09-08 11:22 8,192 -c--a-w C:\Program Files\_ISDEL.EXE
2007-01-02 12:34 88 -csha-r C:\WINDOWS\system32\680E8C252B.sys
2007-05-01 15:02 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 08:51 975360]
"WWWBackup"="C:\Program Files\DriveHQ\DriveHQ WWWBackup 3.0\wwwbackup.exe" [2006-09-14 15:29 1506144]
"DriveHQ FileManager"="C:\Program Files\DriveHQ\DriveHQ FileManager\DriveHQClient.exe" [2006-12-08 19:28 2268000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 07:29 68856]
"FolderShare"="C:\Program Files\FolderShare\FolderShare.exe" [2005-10-30 22:12 851968]
"MR Tech Systray"="C:\Program Files\MR Tech Systray\mrsystray.exe" [2006-04-10 06:37 479232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 14:35 7630848]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-22 12:59 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-22 12:59 219136]

D:\Documents and Settings\Harry Mears House\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Linksys Cordless Internet Telephony Kit.lnk - C:\Program Files\Linksys\Cordless Internet Telephony Kit\cit200.exe [2005-07-20 16:37:16 759808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Linksys Cordless Internet Telephony Kit.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Linksys Cordless Internet Telephony Kit.lnk
backup=C:\WINDOWS\pss\Linksys Cordless Internet Telephony Kit.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Harry Mears House^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
c:\program files\mcafee.com\shared\mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-08-16 07:37 208941 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a--c--- 2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R1 atmepvcc;atmepvcc;C:\WINDOWS\system32\drivers\atmepvcc.sys [2008-01-22 12:58]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2007-12-31 08:26]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 17:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-23 13:20:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 18:17:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\DriveHQ\DriveHQ WWWBackup 3.0\wwwbackup.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\DriveHQClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FolderShare\FolderShare.exe
C:\Program Files\MR Tech Systray\mrsystray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\DriveHQRepository2.25.exe
.
**************************************************************************
.
Completion time: 2008-01-28 18:25:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-28 18:25:06
ComboFix2.txt 2008-01-28 17:50:10
.
2008-01-09 09:07:17 --- E O F ---
  • 0

#18
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\atmepvcc.sys

Driver::
atmepvcc


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#19
HarryMears

HarryMears

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Rorschach,

It looks like thats done the job, no more browser 'pop-ups' :)

I've pasted the combofix log below.

Thanks a lot for your kind help, I couldn't of done this with it.

Gary





ComboFix 08-01-29.3 - Harry Mears House 2008-01-29 11:19:50.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.114 [GMT 0:00]
Running from: D:\Documents and Settings\Harry Mears House\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Harry Mears House\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\drivers\atmepvcc.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\atmepvcc.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\atmepvcc.sys
C:\WINDOWS\system32\drivers\core.cache.dsk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ATMEPVCC
-------\atmepvcc


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-28 16:00 . 2008-01-28 16:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 15:29 . 2008-01-20 02:34 656,353 --a------ C:\WINDOWS\system32\drivers\HOSTS
2008-01-28 15:29 . 2007-09-06 00:18 1,424 --a------ C:\WINDOWS\system32\drivers\mvps.bat
2008-01-28 15:23 . 2008-01-20 02:34 656,353 --a------ C:\HOSTS
2008-01-28 15:23 . 2007-09-06 00:18 1,424 --a------ C:\mvps.bat
2008-01-28 15:12 . 2008-01-28 17:36 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-28 15:04 . 2008-01-28 15:04 <DIR> d-------- C:\Program Files\ie-spyad
2008-01-28 14:51 . 2008-01-28 14:53 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-28 14:11 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-28 14:10 . 2008-01-28 14:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-28 11:35 . 2008-01-28 11:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-25 13:15 . 2008-01-25 13:15 100 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-01-23 15:27 . 2008-01-23 15:28 <DIR> d-------- D:\Documents and Settings\Harry Mears House\Application Data\PrevxCSI
2008-01-23 15:27 . 2008-01-23 15:27 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Prevx
2008-01-23 14:55 . 2008-01-28 16:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-23 10:26 . 2008-01-23 10:26 1,751 --a------ D:\Documents and Settings\Harry Mears House\clean.reg
2008-01-23 10:21 . 2008-01-23 10:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-22 13:00 . 2008-01-22 13:00 <DIR> d-------- D:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-22 13:00 . 2008-01-29 08:23 <DIR> d-------- D:\Documents and Settings\Harry Mears House\Application Data\AVG7
2008-01-22 12:59 . 2008-01-22 12:59 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 12:59 . 2008-01-22 15:08 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\avg7
2008-01-22 11:51 . 2008-01-28 13:52 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-16 13:10 . 2008-01-16 13:10 <DIR> d-------- D:\Documents and Settings\Harry Mears House\Application Data\Apple Computer
2008-01-16 13:10 . 2008-01-29 08:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 13:10 . 2008-01-16 13:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 13:08 . 2008-01-16 13:08 <DIR> d-------- C:\Program Files\iPod
2008-01-16 13:07 . 2008-01-16 13:08 <DIR> d-------- C:\Program Files\iTunes
2008-01-16 13:07 . 2008-01-23 14:49 <DIR> d-------- C:\Program Files\Bonjour
2008-01-16 13:06 . 2008-01-16 13:07 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-16 13:05 . 2008-01-16 13:05 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-16 13:05 . 2008-01-16 13:05 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-16 13:05 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-16 13:04 . 2008-01-16 13:04 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Apple
2008-01-16 13:04 . 2008-01-16 13:04 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-16 10:57 . 2008-01-28 13:50 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 15:24 . 2008-01-09 15:24 0 --a------ C:\WINDOWS\system32\8104297.jun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 11:19 --------- d-----w D:\Documents and Settings\Harry Mears House\Application Data\Skype
2008-01-28 16:01 --------- d-----w D:\Documents and Settings\Harry Mears House\Application Data\SUPERAntiSpyware.com
2008-01-28 14:11 --------- d-----w C:\Program Files\Java
2008-01-22 15:47 --------- d-----w C:\Program Files\Dan Elwell's Broadband Speed Test
2008-01-22 12:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-22 12:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-01-22 12:50 --------- d-----w C:\Program Files\Symantec
2008-01-22 12:49 --------- d-----w C:\Program Files\Norton 360
2008-01-22 12:34 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 13:06 --------- d-----w C:\Program Files\QuickTime
2008-01-02 14:14 --------- d-----w C:\Program Files\Fire Safety Training
2007-12-31 08:26 25,773 ----a-w C:\WINDOWS\system32\drivers\regguard.sys
2007-12-07 08:40 --------- d-----w C:\Program Files\Greatis
2007-01-16 10:02 540 ----a-w D:\Documents and Settings\Harry Mears House\Application Data\wklnhst.dat
2006-11-22 13:29 510,040 -c--a-w C:\Program Files\Google Installer.exe
2006-08-04 17:27 9,840,640 -c--a-w C:\Program Files\psppxi.msi
2006-08-04 17:27 61,952 -c--a-w C:\Program Files\1031.mst
2006-08-04 17:27 60,416 -c--a-w C:\Program Files\1040.mst
2006-08-04 17:27 60,416 -c--a-w C:\Program Files\1036.mst
2006-08-04 17:27 59,904 -c--a-w C:\Program Files\1034.mst
2006-08-04 17:27 59,392 -c--a-w C:\Program Files\1043.mst
2006-08-04 17:27 12,800 -c--a-w C:\Program Files\1033.mst
2006-08-04 17:22 195,842,492 -c--a-w C:\Program Files\Data1.cab
2005-11-20 17:12 15,935,168 -c--a-w C:\Program Files\English_PSPX_RegXtras.exe
2005-09-07 08:26 7,156 -c--a-w C:\Program Files\corel.txt
2005-06-02 11:12 6,419 -c--a-w C:\Program Files\0x040c.ini
2005-06-02 11:12 6,287 -c--a-w C:\Program Files\0x040a.ini
2005-06-02 11:12 6,285 -c--a-w C:\Program Files\0x0407.ini
2005-06-02 11:12 6,180 -c--a-w C:\Program Files\0x0410.ini
2005-06-02 11:12 6,109 -c--a-w C:\Program Files\0x0413.ini
2005-06-02 11:12 5,515 -c--a-w C:\Program Files\0x0409.ini
2005-06-02 11:12 2,587,408 -c--a-w C:\Program Files\msi31.exe
2002-06-29 01:56 808,959 -c--a-w C:\Program Files\_SETUP.1
2002-06-29 01:56 5 -c--a-w C:\Program Files\DISK2.ID
2002-06-29 01:56 5 -c--a-w C:\Program Files\DISK1.ID
2002-06-29 01:56 34 -c--a-w C:\Program Files\SETUP.INI
2002-06-29 01:56 220,082 -c--a-w C:\Program Files\_SETUP.2
2002-06-29 01:56 205 -c--a-w C:\Program Files\SETUP.PKG
2002-06-29 01:56 191,918 -c--a-w C:\Program Files\_SETUP.LIB
1998-06-19 03:43 70,711 -c--a-w C:\Program Files\SETUP.INS
1997-01-19 03:04 320,411 -c--a-w C:\Program Files\_INST32I.EX_
1996-12-20 07:03 6,128 -c--a-w C:\Program Files\_SETUP.DLL
1995-09-08 11:22 8,192 -c--a-w C:\Program Files\_ISDEL.EXE
2007-01-02 12:34 88 -csha-r C:\WINDOWS\system32\680E8C252B.sys
2007-05-01 15:02 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 08:51 975360]
"WWWBackup"="C:\Program Files\DriveHQ\DriveHQ WWWBackup 3.0\wwwbackup.exe" [2006-09-14 15:29 1506144]
"DriveHQ FileManager"="C:\Program Files\DriveHQ\DriveHQ FileManager\DriveHQClient.exe" [2006-12-08 19:28 2268000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 07:29 68856]
"FolderShare"="C:\Program Files\FolderShare\FolderShare.exe" [2005-10-30 22:12 851968]
"MR Tech Systray"="C:\Program Files\MR Tech Systray\mrsystray.exe" [2006-04-10 06:37 479232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 14:35 7630848]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-22 12:59 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-22 12:59 219136]

D:\Documents and Settings\Harry Mears House\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Linksys Cordless Internet Telephony Kit.lnk - C:\Program Files\Linksys\Cordless Internet Telephony Kit\cit200.exe [2005-07-20 16:37:16 759808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Linksys Cordless Internet Telephony Kit.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Linksys Cordless Internet Telephony Kit.lnk
backup=C:\WINDOWS\pss\Linksys Cordless Internet Telephony Kit.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Harry Mears House^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
c:\program files\mcafee.com\shared\mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-08-16 07:37 208941 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a--c--- 2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2007-12-31 08:26]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 17:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-23 13:20:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 11:27:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\DriveHQClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FolderShare\FolderShare.exe
C:\Program Files\MR Tech Systray\mrsystray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Linksys\Cordless Internet Telephony Kit\cit200.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DriveHQ\DriveHQ WWWBackup 3.0\DriveHQRepository2.21.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\DriveHQRepository2.25.exe
.
**************************************************************************
.
Completion time: 2008-01-29 11:32:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-29 11:32:24
ComboFix2.txt 2008-01-28 18:25:12
ComboFix3.txt 2008-01-28 17:50:10
.
2008-01-09 09:07:17 --- E O F ---
  • 0

#20
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

You can delete the tools that we used


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#21
HarryMears

HarryMears

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I did all of that yesterday Rorschach112, I have spywareGuard, IEspyad and SpywareBlaster installed.

Thanks,

Gary
  • 0

#22
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP