|
|
|
Malware problem, cant identify it
|
|
|
MrX1oo1
Junior Member
|
10. November 2007 @ 16:53 |
Link to this message
|
|
I've had a problem with what i think is malware for a few weeks now. I downloaded what i thought was a crack, yeah stupid mistake now IE pops up every few minutes with advertisements. I use trend micro now full suite. It had detected some spyware and what it said was a problem, deleted them and still IE pops up. I'm guessing whats causing it is a program or process that it doesn't identify as harmful. so is there any programs or something that can identify unwanted processes or programs out there? also winspool.exe keeps popping up and sucking up all my cpu usage. what is winspool and why is it doing this? thanks for your help in advance.
|
|
Advertisement
|
 |
|
|
Member
|
10. November 2007 @ 20:17 |
Link to this message
|
cracks, keygens etc usually nothing but trojans/virus or packaged with the same. winspool.exe = backdoor trojan. get another malware scanner to use like AVG antispyware or superantispyware.
regards,
echoreply
|
|
MrX1oo1
Junior Member
|
11. November 2007 @ 02:03 |
Link to this message
|
ran AVG and the problem still continues. winspool.exe wasn't identified by AVG either. whats the best way to get rid of it? run in safe mode and try deleting it? ive tried ending the active process and just right click deleting it under search but it wont let me. thanks
|
Member
|
11. November 2007 @ 09:04 |
Link to this message
|
post a hjt log:
HiJackThis:
http://www.trendsecure.com/portal/en-US/.../HJTInstall.exe
* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis .
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log into next reply.
echoreply
|
Member
|
11. November 2007 @ 13:22 |
Link to this message
|
assuming youre running xp
run all in safe mode after all is installed
and updated
AVG Anti-Virus Free Edition
EMCO Malware Destroyer
SUPERAntiSpyware (Free Edition)
Spyware Terminator
Spybot - Search and Destroy
install Ad-Aware SE
hijackthis (delete any line that ends in isp #, ie:209.45.65.103)
SpywareBlaster & McAfee SiteAdvisor after cleaning up your computer
these are all free and given my two thumbs up
found at http://www.snapfiles.com/
giving back what was freely given to me... good luck
|
Member
|
11. November 2007 @ 13:31 |
Link to this message
|
message above had errors
assuming youre running xp
run all in safe mode after all is installed
and updated & then run in normal mode
AVG Anti-Virus Free Edition (never have more than one anti-virus installed at one time)
EMCO Malware Destroyer
SUPERAntiSpyware (Free Edition)
Spyware Terminator
Spybot - Search and Destroy
Ad-Aware SE
hijackthis (delete any line that ends in isp #, ie:209.45.65.103)
SpywareBlaster & McAfee SiteAdvisor after cleaning up your computer
these are all free and given my two thumbs up
found at http://www.snapfiles.com/
giving back what was so freely given to me at afterdawn.com... good luck from zer0ink
|
|
MrX1oo1
Junior Member
|
11. November 2007 @ 15:17 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:45 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brett\Application Data\?ecurity\w?nspool.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Xtawu] "C:\Documents and Settings\Brett\Application Data\?ecurity\w?nspool.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9418 bytes
|
Member
|
11. November 2007 @ 16:08 |
Link to this message
|
hi MrX1oo1,
we can try this first:
Look in your control panel's add/remove programs for any of these:
uninstall if present
ClickSpring
Cowabanga by OIN
ipwindows / ipwins
MediaTickets
MediaTickets by OIN
OIN
Outer Info Network
PurityScan
PurityScan by OIN
Snowball Wars by OIN
TizzleTalk
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX by OIN
Yazzle Cowabanga by OIN
Yazzle Kobe :filtered:! By OIN
Yazzle Picster by OIN
Yazzle Snowball Wars by OIN
Yazzle Sudoku by OIN
Zolero Translator
WebBuying
WinPop
if you dont see any of them then:
download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
-----------------------
after a uninstall or using the uninstaller reboot computer once then rescan and post a new hjt log.
|
|
MrX1oo1
Junior Member
|
11. November 2007 @ 17:51 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:54 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9256 bytes
|
Member
|
11. November 2007 @ 19:34 |
Link to this message
|
ok. did you find any of those in the add/remove programs panel? you ran that uninstaller? i dont see this 04 in the new hjt log;
O4 - HKCU\..\Run: [Xtawu] "C:\Documents and Settings\Brett\Application Data\?ecurity\w?nspool.exe"
which is good. run your avg antispyware once.
echoreply
|
Member
|
11. November 2007 @ 19:39 |
Link to this message
|
|
hi MrX1oo1,
can't edit my posts. you can remove this via add/remove programs panel:
Viewpoint
it piggy-backed in with something else.
regards
|
|
MrX1oo1
Junior Member
|
11. November 2007 @ 19:50 |
Link to this message
|
ok from the list above i didnt find any of those under add or remove programs. i just deleted the viewpoint media player, must've piggy backed like you said. I'm running AVG again, full system scan. as for the winspool thing you commented it was good? good as in good process or good as in its identified so I can remove it? thanks again echoreply
|
Member
|
11. November 2007 @ 21:29 |
Link to this message
|
no winspool.exe isnt good. see what avg digs up this time.
shelf life
|
|
MrX1oo1
Junior Member
|
11. November 2007 @ 21:34 |
Link to this message
|
|
its still around. i guess ill try and get rid of it in safe mode
|
Member
|
11. November 2007 @ 21:46 |
Link to this message
|
MrX1oo1,
Please download ComboFix (by sUBs) from one of the following links:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Save it to the Desktop.
Double-click combofix.exe and follow the prompts.
CAUTION: Do not mouse-click ComboFix's window while it is running.
It may cause it to stall.
When finished, it produces a log.
Please provide the contents of the ComboFix log in your reply--
|
|
MrX1oo1
Junior Member
|
11. November 2007 @ 22:25 |
Link to this message
|
ComboFix 07-11-08.1 - Brett 2007-11-11 18:57:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.598 [GMT -8:00]
Running from: C:\Documents and Settings\Brett\Desktop\ComboFix.exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Brett\Application Data\ECURIT~1
C:\Program Files\ystem~1
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drvzabr.dll
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.ini
.
((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
.
2007-11-11 18:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 21:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2007-11-10 21:14 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-06 15:09 <DIR> d-------- C:\Program Files\QuickTime
2007-10-29 21:48 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\QQ Games
2007-10-29 21:48 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\QQ Games
2007-10-29 21:46 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\QQ Games Plugin
2007-10-29 21:46 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\QQ Games Plugin
2007-10-29 21:45 <DIR> d-------- C:\Program Files\Tencent
2007-10-23 02:00 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-22 21:24 726,568 --a------ C:\WINDOWS\system32\kdfmgr.exe
2007-10-22 16:27 <DIR> d-------- C:\WINDOWS\l2schemas
2007-10-22 16:12 474,624 -----c--- C:\WINDOWS\system32\dllcache\wzcsvc.dll
2007-10-22 16:12 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2007-10-22 16:12 52,736 -----c--- C:\WINDOWS\system32\dllcache\wzcsapi.dll
2007-10-22 16:12 14,592 -----c--- C:\WINDOWS\system32\dllcache\ndisuio.sys
2007-10-21 11:51 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2007-10-20 23:46 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-10-20 23:46 <DIR> d-------- C:\WINDOWS\kdefense
2007-10-20 23:46 849,920 --a------ C:\WINDOWS\system32\kdfinj.dll
2007-10-20 23:46 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2007-10-20 23:46 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2007-10-20 23:46 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2007-10-20 23:44 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-20 23:44 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-20 23:44 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-20 23:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-10-20 23:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-19 16:46 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-18 23:36 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-18 23:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-18 23:23 <DIR> d-------- C:\Program Files\Common Files\Canon
2007-10-18 23:23 <DIR> d-------- C:\Program Files\Canon
2007-10-18 16:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-10-16 21:58 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\SoundSpectrum
2007-10-16 21:58 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\SoundSpectrum
2007-10-16 20:49 <DIR> d-------- C:\Program Files\Adsense Helper Object
2007-10-16 20:47 102,400 --a------ C:\WINDOWS\system32\drvzab.dll
2007-10-16 20:47 33,792 --a------ C:\WINDOWS\system32\vtutspm.dll
2007-10-13 23:35 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\Logitech
2007-10-13 23:35 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\Logitech
2007-10-13 23:33 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-10-13 23:31 <DIR> d-------- C:\Program Files\Logitech
2007-10-13 23:31 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-10-13 23:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 00:48 --------- d-----w C:\Program Files\Viewpoint
2007-11-12 00:48 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-11-11 22:37 --------- d-----w C:\Program Files\Dl_cats
2007-11-11 21:44 --------- d-----w C:\Documents and Settings\Brett\Application Data\Azureus
2007-11-11 21:44 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Azureus
2007-11-10 22:48 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-11-08 02:40 --------- d-----w C:\Program Files\PeerGuardian2
2007-11-06 23:22 --------- d-----w C:\Program Files\iTunes
2007-11-06 23:22 --------- d-----w C:\Program Files\iPod
2007-10-30 05:46 --------- d-----w C:\Program Files\AIM6
2007-10-30 05:44 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-10-30 04:45 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-10-24 08:16 --------- d-----w C:\Documents and Settings\Brett\Application Data\iolo
2007-10-24 08:16 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\iolo
2007-10-21 07:31 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-10-19 21:28 --------- d-----w C:\Documents and Settings\Brett\Application Data\WeatherBug
2007-10-19 21:28 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\WeatherBug
2007-10-19 01:08 --------- d-----w C:\Documents and Settings\Brett\Application Data\Ahead
2007-10-19 01:08 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Ahead
2007-10-17 19:37 --------- d-----w C:\Program Files\Lavasoft
2007-10-17 19:37 --------- d-----w C:\Documents and Settings\Brett\Application Data\Lavasoft
2007-10-17 19:37 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Lavasoft
2007-10-14 07:33 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-10-14 07:33 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-10-14 07:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-10 06:12 --------- d-----w C:\Program Files\MediaCell Video Converter
2007-09-27 04:45 --------- d-----w C:\Documents and Settings\Brett\Application Data\Apple Computer
2007-09-27 04:45 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Apple Computer
2007-09-26 21:35 --------- d-----w C:\Documents and Settings\Brett\Application Data\Sonic
2007-09-26 21:35 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Sonic
2007-09-26 21:34 --------- d-----w C:\Documents and Settings\Brett\Application Data\Leadertech
2007-09-26 21:34 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Leadertech
2007-09-24 06:46 --------- d-----w C:\Program Files\DivX
2007-09-24 06:45 --------- d-----w C:\Program Files\Last.fm
2007-09-22 18:47 --------- d-----w C:\Program Files\Human Head Studios
2007-09-18 09:31 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 09:31 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-17 21:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-17 21:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-17 21:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-16 05:35 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-15 23:30 --------- d-----w C:\Program Files\Dell Photo AIO Printer 944
2007-09-15 23:27 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-15 23:25 --------- d-----w C:\Program Files\Common Files\Apple
2007-09-15 23:25 --------- d-----w C:\Program Files\Apple Software Update
2007-09-15 23:25 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-14 02:22 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2007-09-13 05:49 --------- d-----w C:\Program Files\Driver Cleaner PE
2007-09-13 05:33 --------- d-----w C:\Documents and Settings\Brett\Application Data\AdobeUM
2007-09-13 05:33 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\AdobeUM
2007-09-13 03:11 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-09-13 03:11 --------- d-----w C:\Program Files\Alcohol Soft
2007-09-13 01:02 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-13 01:00 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-09-13 01:00 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-09-13 00:57 131,072 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-09-13 00:55 --------- d-----w C:\Program Files\Illustrate
2007-09-13 00:53 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd5773.sys
2007-09-13 00:53 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-09-13 00:49 --------- d-----w C:\Program Files\Nero
2007-09-13 00:49 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-13 00:38 --------- d-----w C:\Program Files\SoundSpectrum
2007-09-13 00:29 --------- d-----w C:\Program Files\AWS
2007-09-13 00:28 --------- d-----w C:\Program Files\LimeWire
2007-09-13 00:27 --------- d-----w C:\Program Files\XviD
2007-09-13 00:26 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Last.fm
2007-09-12 14:56 77,824 ----a-w C:\WINDOWS\system32\G-Force.scr
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9}]
2007-10-16 20:49 24064 --a------ C:\Program Files\Adsense Helper Object\aho.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2007-09-16 06:21 103760]
[HKEY_CLASSES_ROOT\CLSID\{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 00:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 00:52]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 18:11]
"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 14:45]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 01:31]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 13:39]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-10 21:19]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-12 16:25:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-13 23:33:57]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-13 23:32:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqooo]
urqqooo.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 19:19:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-11 19:21:27 - machine was rebooted
.
--- E O F ---
|
Member
|
12. November 2007 @ 06:08 |
Link to this message
|
|
ok combofix got rid of some stuff. i will post back later with a script file to use.
|
|
MrX1oo1
Junior Member
|
12. November 2007 @ 15:54 |
Link to this message
|
|
awesome thanks again man/woman lol
|
Member
|
12. November 2007 @ 17:51 |
Link to this message
|
hi,
ok:
Copy and paste ALL the following red text in the box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript save to your desktop.
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqooo]
now locate the script you just saved and the combofix icon, both on the desktop--
drag the CFScript right on top of the combofix icon and release it.
combofix will run and produce another log. post the new log.
echoreply(a man)
|
|
MrX1oo1
Junior Member
|
12. November 2007 @ 19:18 |
Link to this message
|
ComboFix 07-11-08.1 - Brett 2007-11-12 16:11:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.262 [GMT -8:00]
Running from: C:\Documents and Settings\Brett\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brett\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))
.
2007-11-11 18:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 21:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2007-11-10 21:14 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-06 15:09 <DIR> d-------- C:\Program Files\QuickTime
2007-10-29 21:48 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\QQ Games
2007-10-29 21:48 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\QQ Games
2007-10-29 21:46 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\QQ Games Plugin
2007-10-29 21:46 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\QQ Games Plugin
2007-10-29 21:45 <DIR> d-------- C:\Program Files\Tencent
2007-10-23 02:00 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-22 21:24 726,568 --a------ C:\WINDOWS\system32\kdfmgr.exe
2007-10-22 16:27 <DIR> d-------- C:\WINDOWS\l2schemas
2007-10-22 16:12 474,624 -----c--- C:\WINDOWS\system32\dllcache\wzcsvc.dll
2007-10-22 16:12 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2007-10-22 16:12 52,736 -----c--- C:\WINDOWS\system32\dllcache\wzcsapi.dll
2007-10-22 16:12 14,592 -----c--- C:\WINDOWS\system32\dllcache\ndisuio.sys
2007-10-21 11:51 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2007-10-20 23:46 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-10-20 23:46 <DIR> d-------- C:\WINDOWS\kdefense
2007-10-20 23:46 849,920 --a------ C:\WINDOWS\system32\kdfinj.dll
2007-10-20 23:46 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2007-10-20 23:46 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2007-10-20 23:46 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2007-10-20 23:44 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-20 23:44 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-20 23:44 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-20 23:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-10-20 23:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-19 16:46 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-18 23:36 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-18 23:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-18 23:23 <DIR> d-------- C:\Program Files\Common Files\Canon
2007-10-18 23:23 <DIR> d-------- C:\Program Files\Canon
2007-10-18 16:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-10-16 21:58 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\SoundSpectrum
2007-10-16 21:58 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\SoundSpectrum
2007-10-16 20:49 <DIR> d-------- C:\Program Files\Adsense Helper Object
2007-10-16 20:47 102,400 --a------ C:\WINDOWS\system32\drvzab.dll
2007-10-16 20:47 33,792 --a------ C:\WINDOWS\system32\vtutspm.dll
2007-10-13 23:35 <DIR> d-------- C:\Documents and Settings\Brett\Application Data\Logitech
2007-10-13 23:35 <DIR> d-------- C:\DOCUME~1\Brett\APPLIC~1\Logitech
2007-10-13 23:33 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-10-13 23:31 <DIR> d-------- C:\Program Files\Logitech
2007-10-13 23:31 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-10-13 23:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 00:15 --------- d-----w C:\Documents and Settings\Brett\Application Data\Azureus
2007-11-13 00:15 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Azureus
2007-11-12 03:56 --------- d-----w C:\Program Files\Dl_cats
2007-11-12 00:48 --------- d-----w C:\Program Files\Viewpoint
2007-11-12 00:48 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-11-10 22:48 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-11-08 02:40 --------- d-----w C:\Program Files\PeerGuardian2
2007-11-06 23:22 --------- d-----w C:\Program Files\iTunes
2007-11-06 23:22 --------- d-----w C:\Program Files\iPod
2007-10-30 05:46 --------- d-----w C:\Program Files\AIM6
2007-10-30 05:44 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-10-30 04:45 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-10-24 08:16 --------- d-----w C:\Documents and Settings\Brett\Application Data\iolo
2007-10-24 08:16 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\iolo
2007-10-21 07:31 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-10-19 21:28 --------- d-----w C:\Documents and Settings\Brett\Application Data\WeatherBug
2007-10-19 21:28 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\WeatherBug
2007-10-19 01:08 --------- d-----w C:\Documents and Settings\Brett\Application Data\Ahead
2007-10-19 01:08 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Ahead
2007-10-17 19:37 --------- d-----w C:\Program Files\Lavasoft
2007-10-17 19:37 --------- d-----w C:\Documents and Settings\Brett\Application Data\Lavasoft
2007-10-17 19:37 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Lavasoft
2007-10-14 07:33 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-10-14 07:33 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-10-14 07:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-10 06:12 --------- d-----w C:\Program Files\MediaCell Video Converter
2007-09-27 04:45 --------- d-----w C:\Documents and Settings\Brett\Application Data\Apple Computer
2007-09-27 04:45 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Apple Computer
2007-09-26 21:35 --------- d-----w C:\Documents and Settings\Brett\Application Data\Sonic
2007-09-26 21:35 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Sonic
2007-09-26 21:34 --------- d-----w C:\Documents and Settings\Brett\Application Data\Leadertech
2007-09-26 21:34 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\Leadertech
2007-09-24 06:46 --------- d-----w C:\Program Files\DivX
2007-09-24 06:45 --------- d-----w C:\Program Files\Last.fm
2007-09-22 18:47 --------- d-----w C:\Program Files\Human Head Studios
2007-09-18 09:31 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 09:31 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-17 21:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-17 21:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-17 21:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-16 05:35 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-15 23:30 --------- d-----w C:\Program Files\Dell Photo AIO Printer 944
2007-09-15 23:27 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-15 23:25 --------- d-----w C:\Program Files\Common Files\Apple
2007-09-15 23:25 --------- d-----w C:\Program Files\Apple Software Update
2007-09-15 23:25 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-14 02:22 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2007-09-13 05:49 --------- d-----w C:\Program Files\Driver Cleaner PE
2007-09-13 05:33 --------- d-----w C:\Documents and Settings\Brett\Application Data\AdobeUM
2007-09-13 05:33 --------- d-----w C:\DOCUME~1\Brett\APPLIC~1\AdobeUM
2007-09-13 03:11 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-09-13 03:11 --------- d-----w C:\Program Files\Alcohol Soft
2007-09-13 01:02 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-13 01:00 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-09-13 01:00 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-09-13 00:57 131,072 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-09-13 00:55 --------- d-----w C:\Program Files\Illustrate
2007-09-13 00:53 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd5773.sys
2007-09-13 00:53 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-09-13 00:49 --------- d-----w C:\Program Files\Nero
2007-09-13 00:49 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-13 00:38 --------- d-----w C:\Program Files\SoundSpectrum
2007-09-13 00:29 --------- d-----w C:\Program Files\AWS
2007-09-13 00:28 --------- d-----w C:\Program Files\LimeWire
2007-09-13 00:27 --------- d-----w C:\Program Files\XviD
2007-09-13 00:26 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Last.fm
2007-09-12 14:56 77,824 ----a-w C:\WINDOWS\system32\G-Force.scr
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-11_19.20.03.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-12 03:55:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_208.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9}]
2007-10-16 20:49 24064 --a------ C:\Program Files\Adsense Helper Object\aho.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2007-09-16 06:21 103760]
[HKEY_CLASSES_ROOT\CLSID\{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 00:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 00:52]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 18:11]
"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 14:45]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 01:31]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 13:39]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-10 21:19]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-12 16:25:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-13 23:33:57]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-13 23:32:03]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"
R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe -service
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 16:15:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-12 16:17:55
C:\ComboFix2.txt ... 2007-11-11 19:21
.
--- E O F ---
|
Member
|
13. November 2007 @ 05:59 |
Link to this message
|
|
hows it looking on your end now?
|
|
MrX1oo1
Junior Member
|
13. November 2007 @ 10:27 |
Link to this message
|
|
It's looking good so far, no popups or slowdowns for a while now. I'll let you know if anything comes up. thanks again for all your help, you saved me alot of headaches.
|
|
Advertisement
|
|
|
Member
|
13. November 2007 @ 19:27 |
Link to this message
|
|
ok good. you can remove combofix like this:
start>run and type in Combofix /u
there is a space after the x and before the /
if shown the disclaimer , select option 2
happy safe surfing
|
|
