• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
Kriss

Pop-up when starting Firefox

7 posts in this topic

So i have a problem with a pop-ups I am using Firefox as my browser and everytime I open it, a pop-up in IE opens usually it's like this one:

/http://url.adtrgt.com/cpv.jsp?p=112140&ip=84.50.243.107&url=http%3A%2F%2Fwww.neti.ee%2Fcgi-bin%2Fotsing%3Fquery%3Dspywareinfo%26src%3Dweb&selectedKeyword=ron&selectedListingId=7012747

 

and sometimes it's something with poker and stuff...

 

Here's HiJackLog:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:03, on 2008-01-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Launchy\Launchy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

C:\WINDOWS\system32\imapi.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

 

--

End of file - 5372 bytes

Share this post


Link to post
Share on other sites

I searched the internet for the problem with the same symptops like my problem and what i have learned is, that i likely have a problem with "RootKit.TnCore/Trace" and it creates a file: C:\WINDOWS\system32\drivers\core.cache.dsk. Everytime i try to delete it, it comes back. I used some of the same tools that helped other users. Tools were: SDFix, Combofix and SUPERAntiSpyware. But I still have the same problem - pop-ups when opening Firefox or IE.

 

Here are the logs:

 

NEW HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:25:45, on 13.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Launchy\Launchy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

--

End of file - 5397 bytes

 

 

ComboFix Log:

 

ComboFix 08-01-09.2 - Administrator 2008-01-13 22:21:35.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1257.1.1033.18.1608 [GMT 2:00]

Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

 

.

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))

.

 

2008-01-13 22:23 . 2008-01-13 22:23 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk

2008-01-13 22:11 . 2008-01-13 22:11 <DIR> d-------- C:\WINDOWS\ERUNT

2008-01-13 22:05 . 2008-01-13 22:05 1,208,261 --a------ C:\SDFix.exe

2008-01-13 20:34 . 2008-01-13 20:34 <DIR> d-------- C:\Program Files\MoveOnBoot

2008-01-13 20:34 . 2008-01-13 20:34 <DIR> d-------- C:\Program Files\GiPo@Utilities

2008-01-13 20:34 . 2008-01-13 20:34 <DIR> d-------- C:\Program Files\Common Files\Gibinsoft Shared

2008-01-13 20:18 . 2008-01-13 20:40 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-01-13 14:05 . 2008-01-13 14:05 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2008-01-13 02:49 . 2008-01-13 02:49 23 --a------ C:\WINDOWS\BlendSettings.ini

2008-01-13 02:34 . 2008-01-13 02:34 <DIR> d-------- C:\Program Files\Bethesda Softworks

2008-01-13 01:38 . 2008-01-13 01:38 315,392 --a------ C:\WINDOWS\HideWin.exe

2008-01-13 01:38 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe

2008-01-13 01:38 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss

2008-01-13 00:58 . 2008-01-13 00:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Styler

2008-01-13 00:57 . 2008-01-13 21:58 <DIR> d-------- C:\Program Files\Styler

2008-01-13 00:44 . 2008-01-13 00:44 <DIR> d-------- C:\Program Files\Common Files\Stardock

2008-01-13 00:40 . 2008-01-13 00:40 0 --------- C:\WINDOWS\WB.ini

2008-01-13 00:31 . 2008-01-13 00:48 <DIR> d-------- C:\VISTA PACK 2

2008-01-13 00:17 . 2008-01-13 14:05 <DIR> d-------- C:\Program Files\Stardock

2008-01-13 00:17 . 2007-07-11 15:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-01-12 23:22 . 2008-01-12 23:22 <DIR> d-------- C:\Program Files\Driver Cleaner Pro

2008-01-12 20:38 . 2008-01-12 22:27 <DIR> d-------- C:\Program Files\Steam

2008-01-12 15:18 . 2000-05-21 23:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX

2008-01-12 15:18 . 1999-05-06 16:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-01-12 15:18 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx

2008-01-12 15:18 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx

2008-01-12 14:15 . 2008-01-12 14:15 <DIR> d-------- C:\Program Files\Uniblue

2008-01-12 14:15 . 2008-01-12 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue

2008-01-12 13:25 . 2008-01-12 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-01-12 13:21 . 2008-01-12 13:21 <DIR> d-------- C:\Program Files\Ares

2008-01-12 13:20 . 2008-01-12 13:20 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-12 13:17 . 2001-08-23 13:00 39,274 --a------ C:\WINDOWS\system32\mem.exe

2008-01-12 13:16 . 2008-01-12 13:16 <DIR> d--h----- C:\WINDOWS\PIF

2008-01-12 13:16 . 2008-01-12 13:16 2,855 --a------ C:\WINDOWS\system32\mem.PIF

2008-01-12 12:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 12:19 . 2008-01-12 12:19 <DIR> d-------- C:\Program Files\Lavasoft

2008-01-12 12:19 . 2008-01-12 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-12 12:03 . 2008-01-13 20:35 165 --a------ C:\WINDOWS\wininit.ini

2008-01-12 11:45 . 2008-01-12 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-01-12 11:44 . 2008-01-13 21:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-01-12 11:44 . 2008-01-12 12:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-12 11:44 . 2008-01-12 11:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2008-01-12 11:38 . 2008-01-12 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-01-12 11:30 . 2008-01-12 11:30 <DIR> d-------- C:\WINDOWS\Sun

2008-01-12 11:30 . 2008-01-12 11:30 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-01-12 11:30 . 2008-01-12 11:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab

2008-01-12 11:29 . 2008-01-12 11:29 <DIR> d-------- C:\Program Files\Java

2008-01-12 11:29 . 2008-01-12 11:29 <DIR> d-------- C:\Program Files\Common Files\Java

2008-01-12 11:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-12 00:40 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys

2008-01-12 00:40 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe

2008-01-12 00:40 . 2006-08-21 14:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll

2008-01-11 22:50 . 2008-01-11 22:50 <DIR> d-------- C:\Program Files\CCleaner

2008-01-11 22:45 . 2008-01-11 22:45 <DIR> d-------- C:\Program Files\Launchy

2008-01-11 22:45 . 2008-01-11 22:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Launchy

2008-01-11 22:34 . 2008-01-12 22:37 <DIR> d-------- C:\OC Programmid

2008-01-11 22:32 . 2008-01-11 22:32 <DIR> d-------- C:\Program Files\FOXCONN

2008-01-11 21:50 . 2007-07-09 15:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-01-11 21:45 . 2006-12-07 07:29 2,374,472 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll

2008-01-11 21:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-01-11 21:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-01-11 21:13 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-01-11 20:50 . 2008-01-13 22:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-11 20:50 . 2008-01-11 20:50 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-11 20:49 . 2008-01-11 20:49 <DIR> d-------- C:\Program Files\QuickTime

2008-01-11 20:49 . 2008-01-11 20:49 <DIR> d-------- C:\Program Files\iTunes

2008-01-11 20:49 . 2008-01-11 20:49 <DIR> d-------- C:\Program Files\iPod

2008-01-11 20:49 . 2008-01-11 20:49 <DIR> d-------- C:\Program Files\Apple Software Update

2008-01-11 20:49 . 2008-01-11 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-01-11 20:49 . 2008-01-11 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer

2008-01-11 20:48 . 2008-01-11 20:48 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-01-11 20:48 . 2008-01-11 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-01-11 20:43 . 2008-01-11 20:43 <DIR> d-------- C:\Program Files\Webteh

2008-01-11 20:43 . 2008-01-11 20:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BSplayer PRO

2008-01-11 20:43 . 2008-01-11 20:43 86,144 --a------ C:\WINDOWS\system32\drivers\LHidKEE.sys

2008-01-11 20:36 . 2008-01-11 20:36 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-01-11 20:36 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-01-11 20:36 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-01-11 20:36 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-01-11 20:23 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-01-11 20:22 . 2008-01-11 20:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ESET

2008-01-11 20:21 . 2008-01-11 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET

2008-01-11 20:00 . 2008-01-11 20:00 <DIR> d-------- C:\WINDOWS\system32\Futuremark

2008-01-11 20:00 . 2008-01-11 20:00 <DIR> d-------- C:\Program Files\Futuremark

2008-01-11 20:00 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys

2008-01-11 20:00 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys

2008-01-11 19:52 . 2008-01-11 19:52 <DIR> d-------- C:\Program Files\Lavalys

2008-01-11 19:48 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-01-11 19:48 . 2007-03-08 01:51 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-01-11 19:48 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-01-11 19:48 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-01-11 19:47 . 2008-01-11 19:49 <DIR> d-------- C:\Program Files\Winamp

2008-01-11 19:47 . 2008-01-11 19:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Winamp

2008-01-11 19:43 . 2008-01-11 19:43 <DIR> d-------- C:\Program Files\uTorrent

2008-01-11 19:43 . 2008-01-13 22:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent

2008-01-11 19:38 . 2008-01-11 19:38 <DIR> d-------- C:\Program Files\Ray Adams

2008-01-11 19:38 . 2008-01-11 19:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\atitray

2008-01-11 19:23 . 2008-01-13 00:40 <DIR> d-------- C:\Downloads

2008-01-11 19:21 . 2008-01-11 19:21 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-01-11 19:21 . 2008-01-11 19:21 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-13 00:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-12 23:38 --------- d-----w C:\Program Files\Realtek

2008-01-12 10:22 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-01-11 20:24 --------- d-----w C:\Program Files\AMD

2008-01-11 18:11 --------- d-----w C:\Program Files\ATI Technologies

2008-01-11 15:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield

2008-01-11 14:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback

2008-01-11 14:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI

2008-01-11 14:31 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-12-20 16:00 4,637,696 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys

2007-12-20 14:47 16,860,672 ----a-w C:\WINDOWS\RTHDCPL.exe

2007-12-05 12:17 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe

2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-11-20 17:09 104,320 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys

2007-11-20 16:15 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 15:31 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-27 15:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 08:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2007-10-22 01:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll

2007-10-22 01:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll

2007-10-20 18:17 39,424 ----a-w C:\WINDOWS\runtime.exe

2007-10-19 17:43 491,520 ----a-w C:\WINDOWS\dependencies.exe

2007-10-18 09:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-13_20.56.23.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-12 07:21:54 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-01-13 20:12:12 1,835,008 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-01-13 20:12:12 217,088 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-01-12 07:21:54 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-01-13 20:11:51 1,835,008 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-01-13 20:11:51 217,088 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2008-01-02 08:21:38 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 11:04 521128]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 17:46 28160 C:\WINDOWS\KHALMNPR.Exe]

"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16:47 16860672 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2008-01-11 22:45:44]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 11:04]

R1 LHidKEE;LHidKEE;C:\WINDOWS\system32\drivers\LHidKEE.sys [2008-01-11 20:43]

S3 ASUDriver;ASUDriver;C:\Program Files\AMD\AMD OverDrive\i386\AODDriver.sys [2007-10-12 17:14]

S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-11 18:49:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-13 22:24:05

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll

.

Completion time: 2008-01-13 22:24:47 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-13 20:24:39

ComboFix2.txt 2008-01-13 18:56:36

.

2008-01-13 19:45:02 --- E O F ---

 

 

SDFix Log:

 

 

SDFix: Version 1.126

 

Run by Administrator on P 13.01.2008 at 22:13

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\ANTISP~1\sdfix2\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

No Trojan Files Found

 

 

 

 

 

Removing Temp Files...

 

ADS Check:

 

C:\WINDOWS

No streams found.

 

C:\WINDOWS\system32

No streams found.

 

C:\WINDOWS\system32\svchost.exe

No streams found.

 

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-13 22:17:30

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Pro\"

"h0"=dword:00000000

"hdf12"=hex:c1,3e,45,49,f0,a9,2d,ba,94,b3,bf,de,2f,00,b3,c9,a9,58,a1,bf,e5,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC�000001]

"a0"=hex:20,01,00,00,7a,aa,b4,dd,99,c0,e5,45,0e,7b,6c,51,ca,b7,a7,f5,bc,..

"hdf12"=hex:44,a7,20,ab,00,e9,31,6f,b6,c6,2b,42,18,41,8c,ef,f3,c6,ad,e6,41,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC�000001\gdq0]

"hdf12"=hex:2f,8b,cc,1f,93,73,7c,f4,4d,e8,ed,83,1e,a0,c6,61,99,37,96,a6,13,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Pro\"

"h0"=dword:00000000

"hdf12"=hex:c1,3e,45,49,f0,a9,2d,ba,94,b3,bf,de,2f,00,b3,c9,a9,58,a1,bf,e5,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC�000001]

"a0"=hex:20,01,00,00,7a,aa,b4,dd,99,c0,e5,45,0e,7b,6c,51,ca,b7,a7,f5,bc,..

"hdf12"=hex:44,a7,20,ab,00,e9,31,6f,b6,c6,2b,42,18,41,8c,ef,f3,c6,ad,e6,41,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC�000001\gdq0]

"hdf12"=hex:9b,32,28,ab,6c,4b,4f,4b,0d,cb,65,ad,bc,3e,f7,6c,fe,86,24,6a,b9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Pro\"

"h0"=dword:00000000

"hdf12"=hex:c1,3e,45,49,f0,a9,2d,ba,94,b3,bf,de,2f,00,b3,c9,a9,58,a1,bf,e5,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC�000001]

"a0"=hex:20,01,00,00,7a,aa,b4,dd,99,c0,e5,45,0e,7b,6c,51,ca,b7,a7,f5,bc,..

"hdf12"=hex:44,a7,20,ab,00,e9,31,6f,b6,c6,2b,42,18,41,8c,ef,f3,c6,ad,e6,41,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC�000001\gdq0]

"hdf12"=hex:2f,8b,cc,1f,93,73,7c,f4,4d,e8,ed,83,1e,a0,c6,61,99,37,96,a6,13,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\x12f\21]

"DisplayName"="\x8f08\x353\x8f08\x353\1"

"DeviceDesc"="\x8f08\x353\x8f08\x353\1"

"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"

"MFG"="\x640"

"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"

"DeviceInstanceIds"=str(7):"c:\ati\support\7-3-igp_xp_dd_ccc_wdm_sb_gart_enu_43737\sbdrv\smbus\smbusati.inf"

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

Remaining Files:

---------------

 

 

Files with Hidden Attributes:

 

Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"

Fri 11 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BITBF.tmp"

 

Finished!

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello Kriss, and welcome to SWI.

 

My apologies for the delay; we're all volunteers, and we've been swamped.

 

 

Please delete your copy of ComboFix, download the latest version from here.

 

 

1. Save it to your Desktop.

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log, as well as a fresh HijackThis log, in your next reply.

 

 

-screen317

Share this post


Link to post
Share on other sites

Thank you very much for helping!

 

I got my problem solved yesterday in another forum.

 

Again, thank you for assisting!

Edited by Kriss

Share this post


Link to post
Share on other sites

Thanks for letting us know. :thumbup:

Since you appear to have solved your problem and this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0