Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is messed [CLOSED]

Started by safeqaz , Feb 27 2008 07:22 AM

  • This topic is locked This topic is locked

#1
safeqaz
Posted 27 February 2008 - 07:22 AM

safeqaz

    New Member

  • Member
  • Pip
  • 4 posts
My computer has got a load of pos temp files which cannot be deleted. I also get logged out randomly and on top of that my Kaspersky antivirus seems to be playing up. The antiviru proactive defense finds load of processes and i dont know which to deny or accept. I think maybe i accepted a wrong process now my computer takes 4eva to load. I made anotha user account which seemed to be fine until now and am having the same problems. I am frustrated and do not know what to do? Any help will be much appreciated. Thank you

I have been tryin to keep up with HiajcKThis program and i am displayin the log hope this helps. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:35 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Qazaa\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.slizone.com/
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07A42C8B-5949-40ED-9D79-EA3DD04C1D70}: NameServer = 134.219.164.4 134.219.164.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{155AF04A-52BB-47C5-8AF4-6A5080ED820E}: NameServer = 134.219.101.211 134.219.101.212
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 4632 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 27 February 2008 - 07:59 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
safeqaz
Posted 27 February 2008 - 09:28 AM

safeqaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hey i managed to finally successfully run combofix the results were as follows:

ComboFix 08-02-25.3 - Qasif 2008-02-27 14:59:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.664 [GMT 0:00]
Running from: C:\Documents and Settings\Qasif\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Qazaa\My Documents\pos9CD.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9CE.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9CF.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9D0.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9D1.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9D2.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9D3.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9D4.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9D5.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9D6.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9D7.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9D8.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9D9.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9DA.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9DB.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9DC.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9DD.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9DE.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9DF.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9E0.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9E1.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9E2.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9E3.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9E4.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9E5.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9E6.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9E7.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9E8.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9E9.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9EA.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9EB.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9EC.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9ED.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9EE.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9EF.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9F0.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9F1.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9F2.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9F3.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9F4.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9F5.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9F6.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9F7.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9F8.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9F9.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9FA.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9FB.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9FC.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9FD.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9FE.tmp
C:\Documents and Settings\Qazaa\My Documents\pos9FF.tmp
C:\Documents and Settings\Qazaa\My Documents\posA00.tmp
C:\Documents and Settings\Qazaa\My Documents\posA01.tmp
C:\Documents and Settings\Qazaa\My Documents\posA02.tmp
C:\Documents and Settings\Qazaa\My Documents\posA03.tmp
C:\Documents and Settings\Qazaa\My Documents\posA04.tmp
C:\Documents and Settings\Qazaa\My Documents\posA05.tmp
C:\Documents and Settings\Qazaa\My Documents\posA06.tmp
C:\Documents and Settings\Qazaa\My Documents\posA07.tmp
C:\Documents and Settings\Qazaa\My Documents\posA08.tmp
C:\Documents and Settings\Qazaa\My Documents\posA09.tmp
C:\Documents and Settings\Qazaa\My Documents\posA4E.tmp
C:\Documents and Settings\Qazaa\My Documents\posA4F.tmp
C:\Documents and Settings\Qazaa\My Documents\posA50.tmp
C:\Documents and Settings\Qazaa\My Documents\posA51.tmp
C:\Documents and Settings\Qazaa\My Documents\posA52.tmp
C:\Documents and Settings\Qazaa\My Documents\posA53.tmp
C:\Documents and Settings\Qazaa\My Documents\posA54.tmp
C:\Documents and Settings\Qazaa\My Documents\posA55.tmp
C:\Documents and Settings\Qazaa\My Documents\posA56.tmp
C:\Documents and Settings\Qazaa\My Documents\posA57.tmp
C:\Documents and Settings\Qazaa\My Documents\posA58.tmp
C:\Documents and Settings\Qazaa\My Documents\posA59.tmp
C:\Documents and Settings\Qazaa\My Documents\posA5A.tmp
C:\Documents and Settings\Qazaa\My Documents\posA5B.tmp
C:\Documents and Settings\Qazaa\My Documents\posA5C.tmp
C:\Documents and Settings\Qazaa\My Documents\posA5D.tmp
C:\Documents and Settings\Qazaa\My Documents\posA5E.tmp
C:\Documents and Settings\Qazaa\My Documents\posA5F.tmp
C:\Documents and Settings\Qazaa\My Documents\posA60.tmp
C:\Documents and Settings\Qazaa\My Documents\posA61.tmp
C:\Documents and Settings\Qazaa\My Documents\posA62.tmp
C:\Documents and Settings\Qazaa\My Documents\posA63.tmp
C:\Documents and Settings\Qazaa\My Documents\posA64.tmp
C:\Documents and Settings\Qazaa\My Documents\posA65.tmp
C:\Documents and Settings\Qazaa\My Documents\posA66.tmp
C:\Documents and Settings\Qazaa\My Documents\posA67.tmp
C:\Documents and Settings\Qazaa\My Documents\posA68.tmp
C:\Documents and Settings\Qazaa\My Documents\posA69.tmp
C:\Documents and Settings\Qazaa\My Documents\posA6A.tmp
C:\Documents and Settings\Qazaa\My Documents\posA6B.tmp
C:\Documents and Settings\Qazaa\My Documents\posA6C.tmp
C:\Documents and Settings\Qazaa\My Documents\posA6D.tmp
C:\Documents and Settings\Qazaa\My Documents\posA6E.tmp
C:\Documents and Settings\Qazaa\My Documents\posA6F.tmp
C:\Documents and Settings\Qazaa\My Documents\posA70.tmp
C:\Documents and Settings\Qazaa\My Documents\posA71.tmp
C:\Documents and Settings\Qazaa\My Documents\posA72.tmp
C:\Documents and Settings\Qazaa\My Documents\posA73.tmp
C:\Documents and Settings\Qazaa\My Documents\posA74.tmp
C:\Documents and Settings\Qazaa\My Documents\posA75.tmp
C:\Documents and Settings\Qazaa\My Documents\posA76.tmp
C:\Documents and Settings\Qazaa\My Documents\posA77.tmp
C:\Documents and Settings\Qazaa\My Documents\posA78.tmp
C:\Documents and Settings\Qazaa\My Documents\posA79.tmp
C:\Documents and Settings\Qazaa\My Documents\posA7A.tmp
C:\Documents and Settings\Qazaa\My Documents\posA7B.tmp
C:\Documents and Settings\Qazaa\My Documents\posA7C.tmp
C:\Documents and Settings\Qazaa\My Documents\posA7D.tmp
C:\Documents and Settings\Qazaa\My Documents\posA7E.tmp
C:\Documents and Settings\Qazaa\My Documents\posA7F.tmp
C:\Documents and Settings\Qazaa\My Documents\posA80.tmp
C:\Documents and Settings\Qazaa\My Documents\posA81.tmp
C:\Documents and Settings\Qazaa\My Documents\posA82.tmp
C:\Documents and Settings\Qazaa\My Documents\posA83.tmp
C:\Documents and Settings\Qazaa\My Documents\posA84.tmp
C:\Documents and Settings\Qazaa\My Documents\posA85.tmp
C:\Documents and Settings\Qazaa\My Documents\posA86.tmp
C:\Documents and Settings\Qazaa\My Documents\posA87.tmp
C:\Documents and Settings\Qazaa\My Documents\posA88.tmp
C:\Documents and Settings\Qazaa\My Documents\posA89.tmp
C:\Documents and Settings\Qazaa\My Documents\posA8A.tmp
C:\Documents and Settings\Qazaa\My Documents\posA8B.tmp
C:\Documents and Settings\Qazaa\My Documents\posA8C.tmp
C:\Documents and Settings\Qazaa\My Documents\posA8D.tmp
C:\Documents and Settings\Qazaa\My Documents\posA8E.tmp
C:\Documents and Settings\Qazaa\My Documents\posA8F.tmp
C:\Documents and Settings\Qazaa\My Documents\posA90.tmp
C:\Documents and Settings\Qazaa\My Documents\posA91.tmp
C:\Documents and Settings\Qazaa\My Documents\posA92.tmp
C:\Documents and Settings\Qazaa\My Documents\posA93.tmp
C:\Documents and Settings\Qazaa\My Documents\posA94.tmp
C:\Documents and Settings\Qazaa\My Documents\posA95.tmp
C:\Documents and Settings\Qazaa\My Documents\posA96.tmp
C:\Documents and Settings\Qazaa\My Documents\posA97.tmp
C:\Documents and Settings\Qazaa\My Documents\posA98.tmp
C:\Documents and Settings\Qazaa\My Documents\posA99.tmp
C:\Documents and Settings\Qazaa\My Documents\posA9A.tmp
C:\Documents and Settings\Qazaa\My Documents\posA9B.tmp
C:\Documents and Settings\Qazaa\My Documents\posA9C.tmp
C:\Documents and Settings\Qazaa\My Documents\posA9D.tmp
C:\Documents and Settings\Qazaa\My Documents\posA9E.tmp
C:\Documents and Settings\Qazaa\My Documents\posA9F.tmp
C:\Documents and Settings\Qazaa\My Documents\posAA0.tmp
C:\Documents and Settings\Qazaa\My Documents\posAA1.tmp
C:\Documents and Settings\Qazaa\My Documents\posAA2.tmp
C:\Documents and Settings\Qazaa\My Documents\posAA3.tmp
C:\Documents and Settings\Qazaa\My Documents\posAA4.tmp
C:\Documents and Settings\Qazaa\My Documents\posAA5.tmp
C:\Documents and Settings\Qazaa\My Documents\posAA6.tmp
C:\Documents and Settings\Qazaa\My Documents\posAA7.tmp
C:\Documents and Settings\Qazaa\My Documents\posAA8.tmp
C:\Documents and Settings\Qazaa\My Documents\posAA9.tmp
C:\Documents and Settings\Qazaa\My Documents\posAAA.tmp
C:\Documents and Settings\Qazaa\My Documents\posAAB.tmp
C:\Documents and Settings\Qazaa\My Documents\posAAC.tmp
C:\Documents and Settings\Qazaa\My Documents\posAAD.tmp
C:\Documents and Settings\Qazaa\My Documents\posAAE.tmp
C:\Documents and Settings\Qazaa\My Documents\posAAF.tmp
C:\Documents and Settings\Qazaa\My Documents\posAB0.tmp
C:\Documents and Settings\Qazaa\My Documents\posAB1.tmp
C:\Documents and Settings\Qazaa\My Documents\posAB2.tmp
C:\Documents and Settings\Qazaa\My Documents\posAB3.tmp
C:\Documents and Settings\Qazaa\My Documents\posAB4.tmp
C:\Documents and Settings\Qazaa\My Documents\posAB5.tmp
C:\Documents and Settings\Qazaa\My Documents\posAB6.tmp
C:\Documents and Settings\Qazaa\My Documents\posAB7.tmp
C:\Documents and Settings\Qazaa\My Documents\posAB8.tmp
C:\Documents and Settings\Qazaa\My Documents\posAB9.tmp
C:\Documents and Settings\Qazaa\My Documents\posABA.tmp
C:\Documents and Settings\Qazaa\My Documents\posABB.tmp
C:\Documents and Settings\Qazaa\My Documents\posABC.tmp
C:\Documents and Settings\Qazaa\My Documents\posABD.tmp
C:\Documents and Settings\Qazaa\My Documents\posABE.tmp
C:\Documents and Settings\Qazaa\My Documents\posABF.tmp
C:\Documents and Settings\Qazaa\My Documents\posAC0.tmp
C:\Documents and Settings\Qazaa\My Documents\posAC1.tmp
C:\Documents and Settings\Qazaa\My Documents\posAC2.tmp
C:\Documents and Settings\Qazaa\My Documents\posAC3.tmp
C:\Documents and Settings\Qazaa\My Documents\posAC4.tmp
C:\Documents and Settings\Qazaa\My Documents\posAC5.tmp
C:\Documents and Settings\Qazaa\My Documents\posAC6.tmp
C:\Documents and Settings\Qazaa\My Documents\posAC7.tmp
C:\Documents and Settings\Qazaa\My Documents\posAC8.tmp
C:\Documents and Settings\Qazaa\My Documents\posAC9.tmp
C:\Documents and Settings\Qazaa\My Documents\posACA.tmp
C:\Documents and Settings\Qazaa\My Documents\posACB.tmp
C:\Documents and Settings\Qazaa\My Documents\posACC.tmp
C:\Documents and Settings\Qazaa\My Documents\posACD.tmp
C:\Documents and Settings\Qazaa\My Documents\posACE.tmp
C:\Documents and Settings\Qazaa\My Documents\posACF.tmp
C:\Documents and Settings\Qazaa\My Documents\posAD0.tmp
C:\Documents and Settings\Qazaa\My Documents\posAD1.tmp
C:\Documents and Settings\Qazaa\My Documents\posAD2.tmp
C:\Documents and Settings\Qazaa\My Documents\posAD3.tmp
C:\Documents and Settings\Qazaa\My Documents\posAD4.tmp
C:\Documents and Settings\Qazaa\My Documents\posAD5.tmp
C:\Documents and Settings\Qazaa\My Documents\posAD6.tmp
C:\Documents and Settings\Qazaa\My Documents\posAD7.tmp
C:\Documents and Settings\Qazaa\My Documents\posAD8.tmp
C:\Documents and Settings\Qazaa\My Documents\posAD9.tmp
C:\Documents and Settings\Qazaa\My Documents\posADA.tmp
C:\Documents and Settings\Qazaa\My Documents\posADB.tmp
C:\Documents and Settings\Qazaa\My Documents\posADC.tmp
C:\Documents and Settings\Qazaa\My Documents\posADD.tmp
C:\Documents and Settings\Qazaa\My Documents\posADE.tmp
C:\Documents and Settings\Qazaa\My Documents\posADF.tmp
C:\Documents and Settings\Qazaa\My Documents\posAE0.tmp
C:\Documents and Settings\Qazaa\My Documents\posAE1.tmp
C:\Documents and Settings\Qazaa\My Documents\posAE2.tmp
C:\Documents and Settings\Qazaa\My Documents\posAE3.tmp
C:\Documents and Settings\Qazaa\My Documents\posAE4.tmp
C:\Documents and Settings\Qazaa\My Documents\posAE5.tmp
C:\Documents and Settings\Qazaa\My Documents\posAE6.tmp
C:\Documents and Settings\Qazaa\My Documents\posAE7.tmp
C:\Documents and Settings\Qazaa\My Documents\posAE8.tmp
C:\Documents and Settings\Qazaa\My Documents\posAE9.tmp
C:\Documents and Settings\Qazaa\My Documents\posAEA.tmp
C:\Documents and Settings\Qazaa\My Documents\posAEB.tmp
C:\Documents and Settings\Qazaa\My Documents\posAEC.tmp
C:\Documents and Settings\Qazaa\My Documents\posAED.tmp
C:\Documents and Settings\Qazaa\My Documents\posAEE.tmp
C:\Documents and Settings\Qazaa\My Documents\posAEF.tmp
C:\Documents and Settings\Qazaa\My Documents\posAF0.tmp
C:\Documents and Settings\Qazaa\My Documents\posAF1.tmp
C:\Documents and Settings\Qazaa\My Documents\posAF2.tmp
C:\Documents and Settings\Qazaa\My Documents\posAF3.tmp
C:\Documents and Settings\Qazaa\My Documents\posAF4.tmp
C:\Documents and Settings\Qazaa\My Documents\posAF5.tmp
C:\Documents and Settings\Qazaa\My Documents\posAF6.tmp
C:\Documents and Settings\Qazaa\My Documents\posAF7.tmp
C:\Documents and Settings\Qazaa\My Documents\posAF8.tmp
C:\pos860.tmp
C:\pos861.tmp
C:\pos862.tmp
C:\pos863.tmp
C:\pos864.tmp
C:\pos865.tmp
C:\pos866.tmp
C:\pos867.tmp
C:\pos868.tmp
C:\pos869.tmp
C:\pos86A.tmp
C:\pos86B.tmp
C:\pos86C.tmp
C:\pos86D.tmp
C:\pos86E.tmp
C:\pos86F.tmp
C:\pos870.tmp
C:\pos871.tmp
C:\pos872.tmp
C:\pos873.tmp
C:\pos874.tmp
C:\pos875.tmp
C:\pos876.tmp
C:\pos877.tmp
C:\pos878.tmp
C:\pos879.tmp
C:\pos87A.tmp
C:\pos87B.tmp
C:\pos87C.tmp
C:\pos87D.tmp
C:\pos87E.tmp
C:\pos87F.tmp
C:\pos880.tmp
C:\pos881.tmp
C:\pos882.tmp
C:\pos883.tmp
C:\pos884.tmp
C:\pos885.tmp
C:\pos886.tmp
C:\pos887.tmp
C:\pos888.tmp
C:\pos889.tmp
C:\pos88A.tmp
C:\pos88B.tmp
C:\pos88C.tmp
C:\pos88D.tmp
C:\pos88E.tmp
C:\pos88F.tmp
C:\pos890.tmp
C:\pos891.tmp
C:\pos892.tmp
C:\pos893.tmp
C:\pos894.tmp
C:\pos895.tmp
C:\pos896.tmp
C:\pos897.tmp
C:\pos898.tmp
C:\pos899.tmp
C:\pos89A.tmp
C:\pos89B.tmp
C:\pos89C.tmp
C:\pos89D.tmp
C:\pos89E.tmp
C:\pos89F.tmp
C:\pos8A0.tmp
C:\pos8A1.tmp
C:\pos8A2.tmp
C:\pos8A3.tmp
C:\pos8A4.tmp
C:\pos8A5.tmp
C:\pos8A6.tmp
C:\pos8A7.tmp
C:\pos8A8.tmp
C:\pos8A9.tmp
C:\pos8AA.tmp
C:\pos8AB.tmp
C:\pos8AC.tmp
C:\pos8AD.tmp
C:\pos8AE.tmp
C:\pos8AF.tmp
C:\pos8B0.tmp
C:\pos8B1.tmp
C:\pos8B2.tmp
C:\pos8B3.tmp
C:\pos8B4.tmp
C:\pos8B5.tmp
C:\pos8B6.tmp
C:\pos8B7.tmp
C:\pos8B8.tmp
C:\pos8B9.tmp
C:\pos8BA.tmp
C:\pos8BB.tmp
C:\pos8BC.tmp
C:\pos8BD.tmp
C:\pos8BE.tmp
C:\pos8BF.tmp
C:\pos8C0.tmp
C:\pos8C1.tmp
C:\pos8C2.tmp
C:\pos8C3.tmp
C:\pos8C4.tmp
C:\pos8C5.tmp
C:\pos8C6.tmp
C:\pos8C7.tmp
C:\pos8C8.tmp
C:\pos8C9.tmp
C:\pos8CA.tmp
C:\pos8CB.tmp
C:\pos8CC.tmp
C:\pos8CD.tmp
C:\pos8CE.tmp
C:\pos8CF.tmp
C:\pos8D0.tmp
C:\pos8D1.tmp
C:\pos8D2.tmp
C:\pos8D3.tmp
C:\pos8D4.tmp
C:\pos8D5.tmp
C:\pos8D6.tmp
C:\pos8D7.tmp
C:\pos8D8.tmp
C:\pos8D9.tmp
C:\pos8DA.tmp
C:\pos8DB.tmp
C:\pos8DC.tmp
C:\pos8DD.tmp
C:\pos8DE.tmp
C:\pos8DF.tmp
C:\pos8E0.tmp
C:\pos8E1.tmp
C:\pos8E2.tmp
C:\pos8E3.tmp
C:\pos8E4.tmp
C:\pos8E5.tmp
C:\pos8E6.tmp
C:\pos8E7.tmp
C:\pos8E8.tmp
C:\pos8E9.tmp
C:\pos8EA.tmp
C:\pos8EB.tmp
C:\pos8EC.tmp
C:\pos8ED.tmp
C:\pos8EE.tmp
C:\pos8EF.tmp
C:\pos8F0.tmp
C:\pos8F1.tmp
C:\pos8F2.tmp
C:\pos8F3.tmp
C:\pos8F4.tmp
C:\pos8F5.tmp
C:\pos8F6.tmp
C:\pos8F7.tmp
C:\pos8F8.tmp
C:\pos8F9.tmp
C:\pos8FA.tmp
C:\pos8FB.tmp
C:\pos8FC.tmp
C:\pos8FD.tmp
C:\pos8FE.tmp
C:\pos8FF.tmp
C:\pos900.tmp
C:\pos901.tmp
C:\pos902.tmp
C:\pos903.tmp
C:\pos904.tmp
C:\pos905.tmp
C:\pos906.tmp
C:\pos907.tmp
C:\pos908.tmp
C:\pos909.tmp
C:\pos90A.tmp
C:\pos90B.tmp
C:\pos90C.tmp
C:\pos90D.tmp
C:\pos90E.tmp
C:\pos90F.tmp
C:\pos910.tmp
C:\pos911.tmp
C:\pos912.tmp
C:\pos913.tmp
C:\pos914.tmp
C:\pos915.tmp
C:\pos916.tmp
C:\pos917.tmp
C:\pos918.tmp
C:\pos919.tmp
C:\pos91A.tmp
C:\pos91B.tmp
C:\pos91C.tmp
C:\pos91D.tmp
C:\pos91E.tmp
C:\pos91F.tmp
C:\pos920.tmp
C:\pos921.tmp
C:\pos922.tmp
C:\pos923.tmp
C:\pos924.tmp
C:\pos925.tmp
C:\pos926.tmp
C:\pos927.tmp
C:\pos928.tmp
C:\pos929.tmp
C:\pos92A.tmp
C:\pos92B.tmp
C:\pos92C.tmp
C:\pos92D.tmp
C:\pos92E.tmp
C:\pos92F.tmp
C:\pos930.tmp
C:\pos931.tmp
C:\pos932.tmp
C:\pos933.tmp
C:\pos934.tmp
C:\pos935.tmp
C:\pos936.tmp
C:\pos937.tmp
C:\pos938.tmp
C:\pos939.tmp
C:\pos93A.tmp
C:\pos93B.tmp
C:\pos93C.tmp
C:\pos93D.tmp
C:\pos93E.tmp
C:\pos93F.tmp
C:\pos940.tmp
C:\pos941.tmp
C:\pos942.tmp
C:\pos943.tmp
C:\pos944.tmp
C:\pos945.tmp
C:\pos946.tmp
C:\pos947.tmp
C:\pos948.tmp
C:\pos949.tmp
C:\pos94A.tmp
C:\pos94B.tmp
C:\pos94C.tmp
C:\pos94D.tmp
C:\pos94E.tmp
C:\pos94F.tmp
C:\pos950.tmp
C:\pos951.tmp
C:\pos952.tmp
C:\pos953.tmp
C:\pos954.tmp
C:\pos955.tmp
C:\pos956.tmp
C:\pos957.tmp
C:\pos958.tmp
C:\pos959.tmp
C:\pos95A.tmp
C:\pos95B.tmp
C:\pos95C.tmp
C:\pos95D.tmp
C:\pos95E.tmp
C:\pos95F.tmp
C:\pos960.tmp
C:\pos961.tmp
C:\pos962.tmp
C:\pos963.tmp
C:\pos964.tmp
C:\pos965.tmp
C:\pos966.tmp
C:\pos967.tmp
C:\pos968.tmp
C:\pos969.tmp
C:\pos96A.tmp
C:\pos96B.tmp
C:\pos96C.tmp
C:\pos96D.tmp
C:\pos96E.tmp
C:\pos96F.tmp
C:\pos970.tmp
C:\pos971.tmp
C:\pos972.tmp
C:\pos973.tmp
C:\pos974.tmp
C:\pos975.tmp
C:\pos976.tmp
C:\pos977.tmp
C:\pos978.tmp
C:\pos979.tmp
C:\pos97A.tmp
C:\pos97B.tmp
C:\pos97C.tmp
C:\pos97D.tmp
C:\pos97E.tmp
C:\pos97F.tmp
C:\pos980.tmp
C:\pos981.tmp
C:\pos982.tmp
C:\pos983.tmp
C:\pos984.tmp
C:\pos985.tmp
C:\pos986.tmp
C:\pos987.tmp
C:\pos988.tmp
C:\pos989.tmp
C:\pos98A.tmp
C:\pos98B.tmp
C:\pos98C.tmp
C:\pos98D.tmp
C:\pos98E.tmp
C:\pos98F.tmp
C:\pos990.tmp
C:\pos991.tmp
C:\pos992.tmp
C:\pos993.tmp
C:\pos994.tmp
C:\pos995.tmp
C:\pos996.tmp
C:\pos997.tmp
C:\pos998.tmp
C:\pos999.tmp
C:\pos99A.tmp
C:\pos99B.tmp
C:\pos99C.tmp
C:\pos9AC.tmp
C:\pos9AD.tmp
C:\pos9AE.tmp
C:\pos9AF.tmp
C:\pos9B0.tmp
C:\pos9B1.tmp
C:\pos9B2.tmp
C:\pos9B3.tmp
C:\pos9B4.tmp
C:\pos9B5.tmp
C:\pos9B6.tmp
C:\pos9B7.tmp
C:\pos9B8.tmp
C:\pos9B9.tmp
C:\pos9BA.tmp
C:\pos9BB.tmp
C:\pos9BC.tmp
C:\pos9BD.tmp
C:\pos9BE.tmp
C:\pos9BF.tmp
C:\pos9C0.tmp
C:\pos9C1.tmp
C:\pos9C2.tmp
C:\pos9C3.tmp
C:\pos9C4.tmp
C:\pos9C5.tmp
C:\pos9C6.tmp
C:\pos9C7.tmp
C:\pos9C8.tmp
C:\pos9C9.tmp
C:\pos9CA.tmp
C:\pos9CB.tmp
C:\pos9CC.tmp
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini2
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\vstefyqf.dll
.
---- Previous Run -------
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\_000239_.tmp.dll
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\cbxuvww.dll
C:\WINDOWS\system32\karypdom.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qyrlqfmb.dll
C:\WINDOWS\system32\rqcoijyx.dll
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini2
C:\WINDOWS\system32\tnqgsfro.ini
C:\WINDOWS\system32\vstefyqf.dllbox
C:\WINDOWS\system32\windows
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR




((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-15 20:46 . 2008-02-15 20:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 20:18 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-15 20:18 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-15 20:18 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-15 20:18 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-15 20:18 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-15 20:18 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-15 20:18 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-15 20:14 . 2008-02-15 20:19 1,070 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-10 20:47 . 2008-02-10 20:47 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-10 20:25 . 2008-02-10 20:47 <DIR> d-------- C:\VundoFix Backups
2008-02-10 20:06 . 2008-02-10 20:06 <DIR> d-------- C:\Documents and Settings\Qazaa\Application Data\Grisoft
2008-02-08 00:22 . 2008-02-08 00:22 <DIR> d-------- C:\Documents and Settings\Qasif\Application Data\Grisoft
2008-02-08 00:22 . 2008-02-08 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-08 00:22 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-01 19:06 . 2008-02-04 18:23 <DIR> d--hs---- C:\WINDOWS\UWFzaWY
2008-02-01 19:05 . 2008-02-01 19:05 <DIR> d-------- C:\WINDOWS\system32\tec8
2008-02-01 19:05 . 2008-02-01 19:05 <DIR> d-------- C:\WINDOWS\system32\kie2
2008-02-01 19:05 . 2008-02-01 19:05 <DIR> d-------- C:\WINDOWS\system32\cu1
2008-02-01 19:05 . 2008-02-01 19:05 <DIR> d-------- C:\temp\gTiis19
2008-02-01 18:53 . 2008-02-01 18:53 <DIR> d-------- C:\temp\cXzz9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-27 15:17 9,302,304 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-27 15:17 478,240 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-27 15:17 44,180 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-27 15:17 121,748 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-27 13:44 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-23 16:37 --------- d-----w C:\Program Files\Java
2008-01-22 18:00 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-01-13 20:17 --------- d-----w C:\Program Files\GameSpy Arcade
2008-01-12 22:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 21:27 --------- d-----w C:\Documents and Settings\Qasif\Application Data\Codemasters
2008-01-11 21:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-11 21:07 --------- d-----w C:\Program Files\AGEIA Technologies
2008-01-11 21:07 --------- d-----w C:\Documents and Settings\Qasif\Application Data\InstallShield
2008-01-11 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-11 21:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-11 21:02 --------- d-----w C:\Program Files\Codemasters
2008-01-05 17:59 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-05 17:59 253,952 ------w C:\WINDOWS\Setup1.exe
2008-01-05 16:21 --------- d-----w C:\Program Files\MoleculeMakers
2008-01-03 22:03 --------- d-----w C:\Program Files\DivX
2008-01-03 21:59 3,532 ----a-w C:\drmHeader.bin
2007-12-31 18:48 --------- d-----w C:\Program Files\Electronic Arts
2007-12-31 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2005-07-29 16:24 472 --sha-r C:\WINDOWS\UWFzaWY\oqIWuqs.vbs
.

------- Sigcheck -------

a14fafd66adbd55a86f17a37e5ec4263 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
----a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
----a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
----a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2qfe\tcpip.sys
-c--a-w 359,040 2008-01-22 18:00:39 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 359,040 2008-01-22 18:00:39 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D32E34AC-0EDD-47A1-9D7E-C2A4DA07B884}]
C:\WINDOWS\system32\mljjj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"System Mechanic Popup Stopper"="C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe" [2004-09-20 10:12 530944]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 11:06 532480]
"RealTray"="C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe" [2007-04-27 22:48 673792]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 06:45 90112 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 09:22 7618560]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 09:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Qasif^Start Menu^Programs^Startup^Anapod Manager.lnk]
path=C:\Documents and Settings\Qasif\Start Menu\Programs\Startup\Anapod Manager.lnk
backup=C:\WINDOWS\pss\Anapod Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Qasif^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Qasif\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2007-06-28 12:51 218376 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 13:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-01 23:39 1266936 C:\Program Files\Valve\Steam\\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20196:TCP"= 20196:TCP:BitComet 20196 TCP
"20196:UDP"= 20196:UDP:BitComet 20196 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]
"LogSuccessfulConnections"= 0 (0x0)
"LogDroppedPackets"= 0 (0x0)
"LogFileSize"= 0 (0x0)
"LogFilePath"=

R2 WUSB54Gv42SVC;WUSB54Gv42SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe" []
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 18:50]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 15:19:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
.
**************************************************************************
.
Completion time: 2008-02-27 15:22:59 - machine was rebooted [Qasif]
ComboFix-quarantined-files.txt 2008-02-27 15:22:54
.
2008-02-27 12:56:05 --- E O F ---
  • 0

#4
safeqaz
Posted 27 February 2008 - 09:30 AM

safeqaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The next hijack log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:07 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {D32E34AC-0EDD-47A1-9D7E-C2A4DA07B884} - C:\WINDOWS\system32\mljjj.dll (file missing)
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5606 bytes
  • 0

#5
Rorschach112
Posted 27 February 2008 - 04:30 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {D32E34AC-0EDD-47A1-9D7E-C2A4DA07B884} - C:\WINDOWS\system32\mljjj.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\WINDOWS\UWFzaWY
C:\WINDOWS\system32\tec8
C:\WINDOWS\system32\kie2
C:\WINDOWS\system32\cu1
C:\temp\gTiis19
C:\temp\cXzz9


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Reboot and post a new HijackThis log
  • 0

#6
safeqaz
Posted 28 February 2008 - 01:08 PM

safeqaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hey the new hijack log as requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:17 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07A42C8B-5949-40ED-9D79-EA3DD04C1D70}: NameServer = 134.219.164.4 134.219.164.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{155AF04A-52BB-47C5-8AF4-6A5080ED820E}: NameServer = 134.219.101.211 134.219.101.212
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5745 bytes


Many thanks
  • 0

#7
Rorschach112
Posted 28 February 2008 - 01:30 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running
  • 0

#8
Rorschach112
Posted 03 March 2008 - 07:35 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP