Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RootKit?


  • This topic is locked This topic is locked

#1
JayJoss007

JayJoss007

    Member

  • Member
  • PipPip
  • 11 posts
My computer is acting up I think I may have a bad virus or a possible rootkit, when ever I start up I get a message that says that windows has experienced an unexpected shut down. It asks to search online for a solution but I do not believe this to be windows that is asking me to do so. I scanned with hitman pro and removed a bunch of junk and the computer seems to run better. I was having a problem with bit torrent whenever I tried to access it it would just not run I tried to uninstall it but the cpu would not let me do it from the programs menu. So I removed it with C Cleaner and that seems to be working fine now. but my biggest problem is that when I use the internet (i use firefox) sometimes when I click on links especially from google I get redirected to strange poor quality websites that look like they were made by a 2year old. Please help me solve this problem and if possible find the person that made this program so I can remove his fingers and feed them to him thanks.
  • 0

Advertisements


#2
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Posted Image

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users


Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.
Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.


If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.


Please do not delete anything unless instructed to.


I've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache
http://www.java.com/...lugin_cache.xml



Next:
Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
[/list]If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Posted Image
  • Then click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.


Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste". .
  • 0

#3
JayJoss007

JayJoss007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok ran did just what I was asked to do this is the log that I received. also I have a window that says "Microsoft Windows: Windows has recoverd from an unexpected shutdown windows can check online for a solution to the problem." I wont go away and the last time I clicked on it all [bleep] broke lose on my cpu. I also noticed that the virus seems to be infecting firefox sometimes I notice that the fonts and spacing are closer together and it looks strange that is usually when I get redirected. And it seems to have infected Hitman pro and ATF cleaner and Malwerebytes. I'mnot sure if it has or not but there is a small shield next to the icons on my desktop and sometimes when I try to use them its says: Service cannot accept control messages at this time. but when I reboot the CPU they run, other than that it seems to work fine but it still acts like there is something wrong.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6539

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18813

5/9/2011 2:06:51 PM
mbam-log-2011-05-09 (14-06-37).txt

Scan type: Quick scan
Objects scanned: 163786
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jason\AppData\Local\say.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jason\AppData\Local\say.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jason\AppData\Local\say.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#5
JayJoss007

JayJoss007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-09 20:59:05
-----------------------------
20:59:05.774 OS Version: Windows 6.0.6001 Service Pack 1
20:59:05.774 Number of processors: 2 586 0xE0C
20:59:05.776 ComputerName: JAYS-PC UserName: Jason
20:59:08.250 Initialize success
20:59:24.979 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:59:24.982 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC74P Size: 114473MB BusType: 3
20:59:24.987 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000063
20:59:24.991 Disk 1 Vendor: ( Size: 114473MB BusType: 0
20:59:24.994 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000064
20:59:24.998 Disk 2 Vendor: ( Size: 114473MB BusType: 0
20:59:25.002 Disk 0 MBR read error 0
20:59:25.005 Disk 0 MBR scan
20:59:25.009 Disk 0 unknown MBR code
20:59:25.012 MBR BIOS signature not found 0
20:59:25.016 Disk 0 scanning sectors +234439600
20:59:25.021 Disk 0 scanning C:\Windows\system32\drivers
20:59:34.748 Service scanning
20:59:37.345 Disk 0 trace - called modules:
20:59:37.352 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x858be4f0]<<
20:59:37.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85325ac8]
20:59:37.364 3 CLASSPNP.SYS[82ba4745] -> nt!IofCallDriver -> [0x84afeee0]
20:59:37.369 5 acpi.sys[8069b6a0] -> nt!IofCallDriver -> [0x84b03ba0]
20:59:37.375 \Driver\atapi[0x858a3f38] -> IRP_MJ_CREATE -> 0x858be4f0
20:59:37.380 Scan finished successfully
21:01:30.320 Disk 0 MBR has been saved successfully to "C:\Users\Jason\Downloads\MBR.dat"
21:01:30.326 The log file has been saved successfully to "C:\Users\Jason\Downloads\aswMBR.txt"
  • 0

#6
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Not seeing anything bad there.

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt in your next reply

  • 0

#7
JayJoss007

JayJoss007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jason at 18:05:13.39 on Tue 05/10/2011
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.156 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\AOL\1185213839\ee\aolsoftware.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jason\Desktop\Desktop\Desktop\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1
mRun: [QuickBooks Simple Start] c:\program files\intuit\simplestartentice\entice.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire\Corel PhotoDownloader.exe
mRun: [HostManager] c:\program files\common files\aol\1185213839\ee\AOLSoftware.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\jason\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: mass.gov\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jason\appdata\roaming\mozilla\firefox\profiles\8mpj05so.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\jason\appdata\roaming\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\jason\program files\dna\plugins\npbtdna.dll
.
============= SERVICES / DRIVERS ===============
.
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-1-31 28933976]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-2-24 807424]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-5-30 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-5-30 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-5-30 1089536]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-05-09 17:57:44 -------- d-----w- c:\users\jason\appdata\roaming\Malwarebytes
2011-05-09 17:57:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-09 17:57:15 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-09 17:57:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-09 17:57:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-01 16:41:13 -------- d-----w- c:\users\jason\Pavark
2011-05-01 15:52:17 -------- d-----w- c:\program files\uTorrent
2011-05-01 15:50:20 -------- d-----w- c:\users\jason\appdata\roaming\uTorrent
2011-05-01 15:25:40 -------- d-----w- c:\program files\CCleaner
2011-04-26 01:13:04 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-26 01:13:02 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-26 01:12:29 -------- d-----w- c:\progra~2\Hitman Pro
2011-04-14 03:56:23 69632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP9N.DLL
2011-04-14 03:56:23 27136 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD9N.DLL
2011-04-14 03:53:32 236032 ----a-w- c:\windows\system32\CNMLM9N.DLL
2011-04-14 03:48:51 192512 ----a-w- c:\windows\system32\CNC860O.DLL
2011-04-14 03:48:51 15872 ----a-w- c:\windows\system32\CNHMCA.DLL
2011-04-14 03:48:50 98304 ----a-w- c:\windows\system32\CNC860I.DLL
2011-04-14 03:48:50 274432 ----a-w- c:\windows\system32\CNC860L.DLL
2011-04-14 03:48:50 1331200 ----a-w- c:\windows\system32\CNC860C.DLL
.
==================== Find3M ====================
.
.
============= FINISH: 18:08:42.39 ===============

.
==== Installed Programs ======================
.
.
µTorrent
3DSeXVilla Crack 30.001
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Adobe Shockwave Player 11.5
Aleks 3.14
Alps Pointing-device for VAIO
AOL Helper
AOL Toolbar 4.0
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon MX860 series MP Drivers
CCleaner
CDisplay 1.8
Click to DVD 2.0.05 Menu Data
Click to DVD 2.6.00
Corel Snapfire
DNA
Drivers Install For Linksys Easylink Advisor
Freecorder
Google SketchUp 7.1
Google Toolbar for Internet Explorer
Google Update Helper
Grouper Screen Saver 1.0
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 22
Java™ SE Runtime Environment 6
K-Lite Mega Codec Pack 3.3.0
Lexmark 2300 Series
LG USB Modem driver
Linksys EasyLink Advisor 1.6 (0044)
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Move Media Player
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
OpenMG Limited Patch 4.7-07-13-24-01
OpenMG Secure Module 4.7.00
Oxin's Style! 3D Sexvilla 2.058.002
Pixel Land Blast
QuickBooks Product Listing Service
QuickTime
Realtek High Definition Audio Driver
RegCure 1.5.2.7
Roxio Easy Media Creator Home
RTC Client API v1.2
Safari
SecondLife (remove only)
Setting Utility Series
Simple Start Entice
SonicStage 4.3
Sony Utilities DLL
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 8
Stella 2.8.4
SupportSoft Assisted Service
Swiff Player 1.5
The Rosetta Stone
The Rosetta Stone Classic
thriXXX 3DSexVilla-030.001
Uniblue RegistryBooster 2010
Uninstall Yuusha
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Word 2007 (KB974631)
VAIO Azure Float Wallpaper
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Floral Dusk Wallpaper
VAIO Help And Support
VAIO Media
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.0
VAIO Media Redistribution 6.0
VAIO Media Registration Tool
VAIO Media Registration Tool 6.0
VAIO OOBE
VAIO Photo 2007
VAIO Power Management
VAIO Security Center
VAIO Service Utility
VAIO Teal Whisper Wallpaper
VAIO Video & Photo Utilities
Video DVD Maker Free v2.8.0.69
Viewpoint Media Player
WinDVD for VAIO
WinRAR archiver
Wireless Switch Setting Utility
.
==== End Of File ===========================
  • 0

#8
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
3DSeXVilla Crack 30.001
When you installed that crack, is that maybe when you got infected?
  • 0

#9
JayJoss007

JayJoss007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
No that's deff not it I have had that for a long time and have never noticed a problem with that affecting my system.
  • 0

#10
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
We don't support users with stolen software so you need to uninstall that program.

Let me know when you have uninstalled it.
  • 0

Advertisements


#11
JayJoss007

JayJoss007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok the program has been uninstalled.
  • 0

#12
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")



Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

#13
JayJoss007

JayJoss007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok when I first downloaded this and tried to run it the program would not run. I restarted the computer tried again and got a blue screen. when the computer restarted I ran the program again and then it worked, it said that it detected a Root Kit and needed to be restarted I restarted the computer and went away I returned and the program was running against a black screen. 2 windows appeared one said that windows encountered a problem and offered to look online and the other said that the program stopped working wish I wrote that name of the program down but it was not combo fix. at this time combo fix did not seem to be working. I started task manager and closed the 2 windows after that combo fix ran again. This happened a few times during that scan this time I closed the windows without task manager and each time combo fix would start to run again. After a while (about an hour) the scan stopped and produced this log.





ComboFix 11-05-10.02 - Jason 05/11/2011 12:56:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.364 [GMT -4:00]
Running from: c:\users\Jason\Desktop\Desktop\Desktop\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\pswi_preloaded.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-11 17:16 . 2011-05-11 17:17 -------- d-----w- c:\users\Jason\AppData\Local\temp
2011-05-11 17:16 . 2011-05-11 17:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-05-11 17:16 . 2011-05-11 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-09 17:57 . 2011-05-09 17:57 -------- d-----w- c:\users\Jason\AppData\Roaming\Malwarebytes
2011-05-09 17:57 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-09 17:57 . 2011-05-09 17:57 -------- d-----w- c:\programdata\Malwarebytes
2011-05-09 17:57 . 2011-05-09 18:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-09 17:57 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 16:41 . 2011-05-01 16:41 -------- d-----w- c:\users\Jason\Pavark
2011-05-01 15:52 . 2011-05-01 15:52 -------- d-----w- c:\program files\uTorrent
2011-05-01 15:50 . 2011-05-10 04:12 -------- d-----w- c:\users\Jason\AppData\Roaming\uTorrent
2011-05-01 15:25 . 2011-05-01 15:25 -------- d-----w- c:\program files\CCleaner
2011-04-26 01:23 . 2011-04-26 01:23 -------- d-----w- c:\windows\Sun
2011-04-26 01:13 . 2011-05-04 03:14 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-26 01:13 . 2011-04-26 01:13 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-26 01:12 . 2011-04-26 01:33 -------- d-----w- c:\programdata\Hitman Pro
2011-04-14 03:56 . 2011-04-14 03:56 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-04-14 03:56 . 2011-04-14 03:56 -------- d--h--w- c:\programdata\CanonBJ
2011-04-14 03:56 . 2009-04-25 09:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9N.DLL
2011-04-14 03:56 . 2009-04-25 09:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9N.DLL
2011-04-14 03:53 . 2009-04-25 09:00 236032 ----a-w- c:\windows\system32\CNMLM9N.DLL
2011-04-14 03:48 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.DLL
2011-04-14 03:48 . 2008-07-16 13:39 192512 ----a-w- c:\windows\system32\CNC860O.DLL
2011-04-14 03:48 . 2009-06-16 15:36 1331200 ----a-w- c:\windows\system32\CNC860C.DLL
2011-04-14 03:48 . 2009-06-16 15:35 98304 ----a-w- c:\windows\system32\CNC860I.DLL
2011-04-14 03:48 . 2009-02-19 17:19 274432 ----a-w- c:\windows\system32\CNC860L.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 01:24 . 2011-04-09 20:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-28 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-05 4317184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-23 321656]
"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2006-11-28 2150400]
"QuickBooks Simple Start"="c:\program files\Intuit\SimpleStartEntice\entice.exe" [2007-01-31 371712]
"HostManager"="c:\program files\Common Files\AOL\1185213839\ee\AOLSoftware.exe" [2006-09-26 50736]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-23 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-23 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-23 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 23:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3896254352-1492685921-3299027893-1005]
"EnableNotificationsRef"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-01-31 28933976]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:46]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:46]
.
2011-05-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
2011-05-01 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
2008-12-28 c:\windows\Tasks\Vaio Service Utility.job
- c:\program files\Sony\Vaio Service Utility\VAIO-SU.exe [2007-02-16 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: mass.gov\www
FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\8mpj05so.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
AddRemove-SecondLife - c:\program files\SecondLife\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 13:16
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-11 13:24:50
ComboFix-quarantined-files.txt 2011-05-11 17:24
.
Pre-Run: 7,490,048,000 bytes free
Post-Run: 7,443,369,984 bytes free
.
- - End Of File - - D57975B917CD98CEA8ADCDBF6AB216EE
  • 0

#14
JayJoss007

JayJoss007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Almost forgot when the scan stopped the computer seems like its running in safe mode the bottom bar in gray and looks like windows 95 and the desktop is a black blank screen with no icons. but I am able to run firefox and reply. Ok now its getting strange just as I finished writing this I moved the window and my desktop is back to normal but the bar a the bottom still looks like windows 95. Kinda strange but thought it might be important to include.
  • 0

#15
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Reboot again
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP