[fenzodahl512]

1. Please open Notepad

• If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

NetSvc::
geedozb

Driver::
geedozb

Rootkit::
c:\winnt\system32\dwfvqwxb.dll

File::
c:\winnt\system32\dwfvqwxb.dll

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

[Advertisements]

Hello fenzodahl512!



ComboFix 09-02-21.01 - Administrator 23/02/2009 9.31.27.5 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1040.18.511.316 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
c:\winnt\system32\dwfvqwxb.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\dwfvqwxb.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GEEDOZB
-------\Service_geedozb


((((((((((((((((((((((((( Files Creati Da 2009-01-23 al 2009-02-23 )))))))))))))))))))))))))))))))))))
.

2009-02-23 09:37 . 09-02-23 09:37 16,384 --a----t- c:\winnt\system32\Perflib_Perfdata_238.dat
2009-02-20 14:07 . 09-02-20 14:07 <DIR> d-------- c:\programmi\ERUNT
2009-02-20 09:06 . 09-02-20 17:04 1,010,658 ---h----- c:\winnt\ShellIconCache
2009-02-19 12:43 . 09-02-19 12:43 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb
2009-02-16 17:59 . 09-02-16 17:59 73,728 --a------ c:\winnt\system32\javacpl.cpl
2009-02-16 16:45 . 09-02-16 16:45 <DIR> d-------- c:\winnt\Sun
2009-02-16 16:42 . 09-02-16 17:59 410,984 --a------ c:\winnt\system32\deploytk.dll
2009-02-16 11:10 . 09-02-16 11:12 <DIR> d-------- c:\winnt\SHELLNEW
2009-02-16 11:09 . 09-02-16 11:09 <DIR> d-------- c:\programmi\Microsoft.NET
2009-02-13 15:41 . 09-02-13 15:42 <DIR> d-------- C:\rsit
2009-02-11 09:18 . 09-02-11 09:18 <DIR> d-------- c:\programmi\Trend Micro
2009-02-10 12:08 . 09-02-10 12:08 0 --ahs---- c:\winnt\klif.spi
2009-01-29 16:49 . 09-02-16 09:18 250 --a------ c:\winnt\gmer.ini
2009-01-26 09:33 . 09-01-26 09:33 0 --a------ c:\winnt\oodcnt.INI
2009-01-23 16:50 . 09-01-26 09:32 <DIR> d-------- c:\winnt\system32\oodag

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 08:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-16 11:08 --------- d-----w c:\programmi\Google
2009-02-16 09:45 --------- d-----w c:\programmi\Hewlett-Packard
2009-02-04 14:44 33,808 ----a-w c:\winnt\system32\drivers\klbg.sys
2009-02-04 07:58 89,601 ----a-w c:\winnt\system32\drivers\klick.dat
2009-02-04 07:58 101,287 ----a-w c:\winnt\system32\drivers\klin.dat
2009-01-23 16:05 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-23 16:05 --------- d-----w c:\programmi\File comuni\InstallShield
2009-01-12 16:30 --------- d-----w c:\programmi\OpenVPN
2009-01-09 14:11 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-09 13:49 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-09 13:49 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-01-09 10:19 --------- d-----w c:\programmi\Kaspersky Lab
2008-12-23 13:52 --------- d-----w c:\programmi\File comuni\Adobe
2007-04-18 15:22 271 ---h--w c:\programmi\desktop.ini
2007-04-18 15:22 22,075 -c-h--w c:\programmi\folder.htt
1999-12-23 00:00 32,528 -c--a-w c:\winnt\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((( SnapShot_lun 2009-02-16_12.13.56.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 11:02:28 163,328 ----a-w c:\winnt\ERDNT\20-02-2009\ERDNT.EXE
+ 2009-02-20 13:08:35 4,075,520 ----a-w c:\winnt\ERDNT\20-02-2009\Users\00000001\NTUSER.DAT
+ 2009-02-20 13:08:37 221,184 ----a-w c:\winnt\ERDNT\20-02-2009\Users\00000002\UsrClass.dat
+ 2009-02-16 16:59:18 144,792 ----a-w c:\winnt\system32\java.exe
+ 2009-02-16 16:59:18 144,792 ----a-w c:\winnt\system32\javaw.exe
+ 2009-02-16 16:59:18 148,888 ----a-w c:\winnt\system32\javaws.exe
+ 2004-12-07 09:11:34 258,352 ----a-w c:\winnt\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [09-02-04 15:44 206088]
"SunJavaUpdateSched"="f:\programmi\Java\jre6\bin\jusched.exe" [09-02-16 17:59 148888]
"Synchronization Manager"="mobsync.exe" [03-06-19 11:05 111376 c:\winnt\system32\mobsync.exe]
"AtiPTA"="atiptaxx.exe" [01-09-27 00:39 245760 c:\winnt\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 11:05 188176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\winnt\system32\drivers\klbg.sys [2008-01-29 33808]
R2 eugss;EUTRON SmartKey GSS2 Driver;c:\winnt\system32\drivers\eugss2k.sys [2008-01-21 63336]
R2 eusk2par;EUTRON SmartKey Parallel Driver;c:\winnt\system32\drivers\eusk2par.sys [2008-01-21 30656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\winnt\system32\drivers\klim5.sys [2008-04-30 24592]
S2 XipConnect;Xway TCP/IP;c:\xwaydrv\XIPCONNECT.EXE --> c:\xwaydrv\XIPCONNECT.EXE [?]
S3 Duntlw;UNTLW device;c:\winnt\system32\Drivers\DuntlwNT.sys --> c:\winnt\system32\Drivers\DuntlwNT.sys [?]
S3 gpibclsb;GPIB Board Class Driver;c:\winnt\system32\Drivers\gpibclsb.sys --> c:\winnt\system32\Drivers\gpibclsb.sys [?]
S3 gpibclsd;GPIB Device Class Driver;c:\winnt\system32\Drivers\gpibclsd.sys --> c:\winnt\system32\Drivers\gpibclsd.sys [?]
S3 HPFLASH0;HPFLASH0;\??\c:\swsetup\SP30221\HPFlash.sys --> c:\swsetup\SP30221\HPFlash.sys [?]
S3 skeyusb;SmartKey USB;c:\winnt\system32\drivers\skeyusb.sys [2008-01-21 43968]
S3 tap0801;TAP-Win32 Adapter V8;c:\winnt\system32\drivers\tap0801.sys [2004-06-24 23552]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = <local>
IE: Converti destinazione link in Adobe PDF - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
TCP: {C34AF2CE-F228-47F9-8D01-5AEDBF139AFA} = 151.99.125.1
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 09:40:16
Windows 5.0.2195 Service Pack 4 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="2BB9A136B36967DA8A1AA9BF6E95382A1E1E101B707BBEFCC2F01AB1EB48A05EE693D594634D6444076F6F95E9BAC90
E37B40CAB73A4AE4EC08AB4253DDE026A47925D2E3BA3D30286B76DA51C0DE3B01DCA5D3FDA5C4919677B69786612AC40E48F
CFDF4A5A09B8BB7D19287D4108253AC17E8AA73B657BF618D3FC8F80E42BFAF607B786355B03F8E3AF87EB5EC0EE9A11AB754
02EDB87594D4FB74B1CF76BE948A276C6C9A56C392031E4A840198A70C0679E70778AC6969980E20CA9B23636978794C882C8
7618F9E212591722E51472F4D464A853B1DF914BEBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE
CC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452BA7FD869164D6794
F4224889BADE41F889F5551A6EE4C80CE945E0ABBC18701F3EAC50D57B0C1F8DBAB98C3CB8CE1F1BB0AEA51689D84EE330A08
C0EFDCCD6253BDC556F948786CD8CA011A0CB0225E761A5B472B504E74863F58CB6A69CEC931895C334EDFBCA98657F7E5D23
10B16A2067FAE0FA7015DF33554B843829EF50CD0F194F21C18AABA8D1820A8F21645ED9537789033F9904B225374C55A6E3E
EB6D3D4646BBF2C7B1B66CBB607F4A3B25BA02A081EA4F941599F4355C55D11BB94C279072C735530E561906424DC190E56D5
1AE9BEE3FEDA04D1E6DC76A880348B8E0F40696E732416BB880A24403048E2D0D0B2FA5C3A456F1F9B92767A838AA4BC210E4
B5737679D407111E8981BEDFA425B590EFB7B2A40BA601A7955AB27CA2A40E020E4133D520F8BD67874CEBF7C2ECAC958C459
E7FEB0B70C58D250A250057E9D5767C01E6D1B9A2EFCF584312A6F36E15ACE2E8E15DDA8F20E9E8D4CE74EF41E07BDBC348BA
D675D4454B86B2AB0B674BC461864D3F33DCF3CF7C2272B5FBF2E665D45E02EE0401E41D7AD4B8773694A49E978636D780597
243611E895E17C0FD4D05FB4BC26739D87E06761B08C711D700CF6B878C612312F3E61FB88544FF65035D47B7D3F58005360B
0727625739BC3157C45F28AFB78E90E5E80C789E10E803AAE2C9FC5445900DC957590B898E9F980B79F3AC65B3E8236F647FB
A85DF0ACA6407934A497B31270E698991A8E9DEEDC9B9012D05046CEDA5ED6312C73B142539AC5B11D300FADCABABC0FEB084
4A1CC5C95A2527D48C5B20CE9D7E255D4522E9828EFC0F25B9D2C69F354A8BAD93489F460764A09F0020CBB70C46FBDD291B6
556D2D77C97FCFEC1109AE1BDE536D5CA5D6FC889E5F45C56B8B304A6698580430140BFE21D5D5F511784A66331739A66C920
A346C287355DE9236BB0E09243F4E4F0D65E82CE5C590F034FDF801A5D914E0544724D293411C8E57E2FB77952418871F1096
4358ED78D8DDABF5DD66FD2342790E7CDC"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(264)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Ora fine scansione: 2009-02-23 9:46:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-23 08:46:33
ComboFix2.txt 2009-02-20 16:01:06
ComboFix3.txt 2009-02-16 13:37:09
ComboFix4.txt 2009-02-16 11:17:29
ComboFix5.txt 2009-02-23 08:29:11

Pre-Run: 49.086.464 byte disponibili
Post-Run: 86,147,072 byte disponibili

142 --- E O F --- 2008-07-14 08:19:41


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.52.55, on 23/02/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINNT\System32\svchost.exe
F:\Programmi\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\atiptaxx.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
F:\Programmi\Java\jre6\bin\jusched.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Programmi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C34AF2CE-F228-47F9-8D01-5AEDBF139AFA}: NameServer = 151.99.125.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\hpzipm12.exe
O23 - Service: Xway TCP/IP (XipConnect) - Unknown owner - C:\XWAYDRV\XIPCONNECT.EXE (file missing)

--
End of file - 5792 bytes

[Flegias]

Hello fenzodahl512!



ComboFix 09-02-21.01 - Administrator 23/02/2009 9.31.27.5 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1040.18.511.316 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
c:\winnt\system32\dwfvqwxb.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\dwfvqwxb.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GEEDOZB
-------\Service_geedozb


((((((((((((((((((((((((( Files Creati Da 2009-01-23 al 2009-02-23 )))))))))))))))))))))))))))))))))))
.

2009-02-23 09:37 . 09-02-23 09:37 16,384 --a----t- c:\winnt\system32\Perflib_Perfdata_238.dat
2009-02-20 14:07 . 09-02-20 14:07 <DIR> d-------- c:\programmi\ERUNT
2009-02-20 09:06 . 09-02-20 17:04 1,010,658 ---h----- c:\winnt\ShellIconCache
2009-02-19 12:43 . 09-02-19 12:43 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb
2009-02-16 17:59 . 09-02-16 17:59 73,728 --a------ c:\winnt\system32\javacpl.cpl
2009-02-16 16:45 . 09-02-16 16:45 <DIR> d-------- c:\winnt\Sun
2009-02-16 16:42 . 09-02-16 17:59 410,984 --a------ c:\winnt\system32\deploytk.dll
2009-02-16 11:10 . 09-02-16 11:12 <DIR> d-------- c:\winnt\SHELLNEW
2009-02-16 11:09 . 09-02-16 11:09 <DIR> d-------- c:\programmi\Microsoft.NET
2009-02-13 15:41 . 09-02-13 15:42 <DIR> d-------- C:\rsit
2009-02-11 09:18 . 09-02-11 09:18 <DIR> d-------- c:\programmi\Trend Micro
2009-02-10 12:08 . 09-02-10 12:08 0 --ahs---- c:\winnt\klif.spi
2009-01-29 16:49 . 09-02-16 09:18 250 --a------ c:\winnt\gmer.ini
2009-01-26 09:33 . 09-01-26 09:33 0 --a------ c:\winnt\oodcnt.INI
2009-01-23 16:50 . 09-01-26 09:32 <DIR> d-------- c:\winnt\system32\oodag

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 08:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-16 11:08 --------- d-----w c:\programmi\Google
2009-02-16 09:45 --------- d-----w c:\programmi\Hewlett-Packard
2009-02-04 14:44 33,808 ----a-w c:\winnt\system32\drivers\klbg.sys
2009-02-04 07:58 89,601 ----a-w c:\winnt\system32\drivers\klick.dat
2009-02-04 07:58 101,287 ----a-w c:\winnt\system32\drivers\klin.dat
2009-01-23 16:05 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-23 16:05 --------- d-----w c:\programmi\File comuni\InstallShield
2009-01-12 16:30 --------- d-----w c:\programmi\OpenVPN
2009-01-09 14:11 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-09 13:49 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-09 13:49 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-01-09 10:19 --------- d-----w c:\programmi\Kaspersky Lab
2008-12-23 13:52 --------- d-----w c:\programmi\File comuni\Adobe
2007-04-18 15:22 271 ---h--w c:\programmi\desktop.ini
2007-04-18 15:22 22,075 -c-h--w c:\programmi\folder.htt
1999-12-23 00:00 32,528 -c--a-w c:\winnt\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((( SnapShot_lun 2009-02-16_12.13.56.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 11:02:28 163,328 ----a-w c:\winnt\ERDNT\20-02-2009\ERDNT.EXE
+ 2009-02-20 13:08:35 4,075,520 ----a-w c:\winnt\ERDNT\20-02-2009\Users\00000001\NTUSER.DAT
+ 2009-02-20 13:08:37 221,184 ----a-w c:\winnt\ERDNT\20-02-2009\Users\00000002\UsrClass.dat
+ 2009-02-16 16:59:18 144,792 ----a-w c:\winnt\system32\java.exe
+ 2009-02-16 16:59:18 144,792 ----a-w c:\winnt\system32\javaw.exe
+ 2009-02-16 16:59:18 148,888 ----a-w c:\winnt\system32\javaws.exe
+ 2004-12-07 09:11:34 258,352 ----a-w c:\winnt\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [09-02-04 15:44 206088]
"SunJavaUpdateSched"="f:\programmi\Java\jre6\bin\jusched.exe" [09-02-16 17:59 148888]
"Synchronization Manager"="mobsync.exe" [03-06-19 11:05 111376 c:\winnt\system32\mobsync.exe]
"AtiPTA"="atiptaxx.exe" [01-09-27 00:39 245760 c:\winnt\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 11:05 188176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\winnt\system32\drivers\klbg.sys [2008-01-29 33808]
R2 eugss;EUTRON SmartKey GSS2 Driver;c:\winnt\system32\drivers\eugss2k.sys [2008-01-21 63336]
R2 eusk2par;EUTRON SmartKey Parallel Driver;c:\winnt\system32\drivers\eusk2par.sys [2008-01-21 30656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\winnt\system32\drivers\klim5.sys [2008-04-30 24592]
S2 XipConnect;Xway TCP/IP;c:\xwaydrv\XIPCONNECT.EXE --> c:\xwaydrv\XIPCONNECT.EXE [?]
S3 Duntlw;UNTLW device;c:\winnt\system32\Drivers\DuntlwNT.sys --> c:\winnt\system32\Drivers\DuntlwNT.sys [?]
S3 gpibclsb;GPIB Board Class Driver;c:\winnt\system32\Drivers\gpibclsb.sys --> c:\winnt\system32\Drivers\gpibclsb.sys [?]
S3 gpibclsd;GPIB Device Class Driver;c:\winnt\system32\Drivers\gpibclsd.sys --> c:\winnt\system32\Drivers\gpibclsd.sys [?]
S3 HPFLASH0;HPFLASH0;\??\c:\swsetup\SP30221\HPFlash.sys --> c:\swsetup\SP30221\HPFlash.sys [?]
S3 skeyusb;SmartKey USB;c:\winnt\system32\drivers\skeyusb.sys [2008-01-21 43968]
S3 tap0801;TAP-Win32 Adapter V8;c:\winnt\system32\drivers\tap0801.sys [2004-06-24 23552]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = <local>
IE: Converti destinazione link in Adobe PDF - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - f:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
TCP: {C34AF2CE-F228-47F9-8D01-5AEDBF139AFA} = 151.99.125.1
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 09:40:16
Windows 5.0.2195 Service Pack 4 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="2BB9A136B36967DA8A1AA9BF6E95382A1E1E101B707BBEFCC2F01AB1EB48A05EE693D594634D6444076F6F95E9BAC90
E37B40CAB73A4AE4EC08AB4253DDE026A47925D2E3BA3D30286B76DA51C0DE3B01DCA5D3FDA5C4919677B69786612AC40E48F
CFDF4A5A09B8BB7D19287D4108253AC17E8AA73B657BF618D3FC8F80E42BFAF607B786355B03F8E3AF87EB5EC0EE9A11AB754
02EDB87594D4FB74B1CF76BE948A276C6C9A56C392031E4A840198A70C0679E70778AC6969980E20CA9B23636978794C882C8
7618F9E212591722E51472F4D464A853B1DF914BEBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE
CC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452BA7FD869164D6794
F4224889BADE41F889F5551A6EE4C80CE945E0ABBC18701F3EAC50D57B0C1F8DBAB98C3CB8CE1F1BB0AEA51689D84EE330A08
C0EFDCCD6253BDC556F948786CD8CA011A0CB0225E761A5B472B504E74863F58CB6A69CEC931895C334EDFBCA98657F7E5D23
10B16A2067FAE0FA7015DF33554B843829EF50CD0F194F21C18AABA8D1820A8F21645ED9537789033F9904B225374C55A6E3E
EB6D3D4646BBF2C7B1B66CBB607F4A3B25BA02A081EA4F941599F4355C55D11BB94C279072C735530E561906424DC190E56D5
1AE9BEE3FEDA04D1E6DC76A880348B8E0F40696E732416BB880A24403048E2D0D0B2FA5C3A456F1F9B92767A838AA4BC210E4
B5737679D407111E8981BEDFA425B590EFB7B2A40BA601A7955AB27CA2A40E020E4133D520F8BD67874CEBF7C2ECAC958C459
E7FEB0B70C58D250A250057E9D5767C01E6D1B9A2EFCF584312A6F36E15ACE2E8E15DDA8F20E9E8D4CE74EF41E07BDBC348BA
D675D4454B86B2AB0B674BC461864D3F33DCF3CF7C2272B5FBF2E665D45E02EE0401E41D7AD4B8773694A49E978636D780597
243611E895E17C0FD4D05FB4BC26739D87E06761B08C711D700CF6B878C612312F3E61FB88544FF65035D47B7D3F58005360B
0727625739BC3157C45F28AFB78E90E5E80C789E10E803AAE2C9FC5445900DC957590B898E9F980B79F3AC65B3E8236F647FB
A85DF0ACA6407934A497B31270E698991A8E9DEEDC9B9012D05046CEDA5ED6312C73B142539AC5B11D300FADCABABC0FEB084
4A1CC5C95A2527D48C5B20CE9D7E255D4522E9828EFC0F25B9D2C69F354A8BAD93489F460764A09F0020CBB70C46FBDD291B6
556D2D77C97FCFEC1109AE1BDE536D5CA5D6FC889E5F45C56B8B304A6698580430140BFE21D5D5F511784A66331739A66C920
A346C287355DE9236BB0E09243F4E4F0D65E82CE5C590F034FDF801A5D914E0544724D293411C8E57E2FB77952418871F1096
4358ED78D8DDABF5DD66FD2342790E7CDC"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(264)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Ora fine scansione: 2009-02-23 9:46:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-23 08:46:33
ComboFix2.txt 2009-02-20 16:01:06
ComboFix3.txt 2009-02-16 13:37:09
ComboFix4.txt 2009-02-16 11:17:29
ComboFix5.txt 2009-02-23 08:29:11

Pre-Run: 49.086.464 byte disponibili
Post-Run: 86,147,072 byte disponibili

142 --- E O F --- 2008-07-14 08:19:41


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.52.55, on 23/02/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINNT\System32\svchost.exe
F:\Programmi\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\atiptaxx.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
F:\Programmi\Java\jre6\bin\jusched.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Programmi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C34AF2CE-F228-47F9-8D01-5AEDBF139AFA}: NameServer = 151.99.125.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\hpzipm12.exe
O23 - Service: Xway TCP/IP (XipConnect) - Unknown owner - C:\XWAYDRV\XIPCONNECT.EXE (file missing)

--
End of file - 5792 bytes

[fenzodahl512]

Looks good.. Apart from your err.. show hidden files/folder problem, how's the computer now?..

About that hidden files/folder problem things, I'd suggest you seek further assistance at our Windows forum below..

http://www.geekstogo...2003-NT-f5.html


Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.

• Make sure you have internet connection..
• Double-click OTCleanIt.exe
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware



Read these links about safe internet surfing..

http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm



Please reply to this thread once more and tell us about the computer behaviour before we can close this thread



Have a safe and happy computing day!


Regards
fenzodahl512

[Flegias]

Hello fenzodahl512!

My computer is fine, finally!

Thank you so much for your time and for your suggestions!

Bye!!

[fenzodahl512]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.