Author Topic: HJT Log (Read 627 times)

Dylan · « **on:** September 04, 2006, 09:41:41 PM »

Hey, computer is get slow again, many pop ups and freezes up. Most likely some kind of trojan or something similar. I've tried running ad-aware, but upon deletion of the infected files the program freezes. Just seeing if you can help. Would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:38:02 PM, on 9/4/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\a?sembly\r?ndll32.exe
C:\DOCUME~1\ADMINI~1\MYDOCU~1\WNSXS~1\notepad.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\CToolbar.exe
c:\PROGRA~1\Crawler\CRadio.exe
c:\progra~1\crawler\CSSaver.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/ie.aspx?tb_id=60019
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netster.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60019
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60019
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60019
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60019
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F58CC0D9-0314-2890-1C57-56F07BC03F93} - C:\WINNT\system32\vszevnp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\WNSXS~1\notepad.exe" -vt yazr
O4 - HKCU\..\Run: [Izyu] C:\Program Files\Common Files\a?sembly\r?ndll32.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/poth_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.90/images/PopupSh.ocx
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab46704.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: ping.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBHookSvc - Unknown owner - C:\PROGRA~1\ALLTEL~1\SMARTB~1\SBHookSvc.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe

guestolo · « **Reply #1 on:** September 04, 2006, 09:49:40 PM »

Can you do the following please
1. Download this file - [color=\"red\"]combofix.exe[/color]
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Also,
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Dylan · « **Reply #2 on:** September 05, 2006, 06:30:49 PM »

Administrator - Tue 09/05/2006 19:17:09.32
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Administrator\Desktop

Microsoft Windows 2000 [Version 5.00.2195]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINNT\system32\dvdplay.dll
C:\Program Files\Cowabanga

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINNT\RACLE~1
C:\QooBox\Purity\WINNT\YMANTE~1
C:\QooBox\Purity\WINNT\çSKS~1
C:\QooBox\Purity\WINNT\SSTEM3~1
C:\QooBox\Purity\WINNT\SSTEM~1
C:\QooBox\Purity\WINNT\SCURIT~1
C:\QooBox\Purity\WINNT\APPATC~1
C:\QooBox\Purity\WINNT\PPATCH~1
C:\QooBox\Purity\WINNT\àPPATC~1
C:\QooBox\Purity\WINNT\system32\SMANTE~1
C:\QooBox\Purity\WINNT\system32\SMBOLS~1
C:\QooBox\Purity\Program Files\RACLE~1
C:\QooBox\Purity\Program Files\RACLE~2
C:\QooBox\Purity\Program Files\CROSOF~1
C:\QooBox\Purity\Program Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\STEM~1
C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\YMBOLS~1
C:\QooBox\Purity\Program Files\ECURIT~1
C:\QooBox\Purity\Program Files\FNTS~1
C:\QooBox\Purity\Program Files\SSEMBL~1
C:\QooBox\Purity\Program Files\PPPATC~1
C:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET
C:\QooBox\Purity\Program Files\Common Files\SMBOLS~1
C:\QooBox\Purity\Program Files\Common Files\YMBOLS~1
C:\QooBox\Purity\Program Files\Common Files\ASEMBL~1
C:\QooBox\Purity\Program Files\Common Files\SEMBLY~1
C:\QooBox\Purity\Program Files\Common Files\ASEMBL~1\r?ndll32.exe
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\RACLE~1
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\YSTEM3~1
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\MBOLS~1
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\APPATC~1
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\APPATC~1\APPATC~1
C:\QooBox\Purity\Documents and Settings\Administrator\Application Data\APPATC~1\svchost.exe
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\RACLE~1
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\CROSOF~1.NET
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\WNSXS~1
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\FNTS~1
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\APPATC~1
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\WNSXS~1\WNSXS~1
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\WNSXS~1\notepad.exe
C:\QooBox\Purity\Documents and Settings\Administrator\My Documents\WNSXS~1\?pool32.exe

((((((((((((((((((((((((((((((( Files Created from 2006-08-05 to 2006-09-05 ))))))))))))))))))))))))))))))))))

2006-09-03   15:16   310,482   --a------   C:\WINNT\run2.exe
2006-09-03   14:55   126,976   --a------   C:\WINNT\system32\vszevnp.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-09-03 14:55    2   --a------   C:\WINNT\system32\wnsapisv.exe
2006-08-15 17:24    11376   --a------   C:\WINNT\system32\drivers\SECDRV.SYS
2006-08-15 17:07    --------   d--------   C:\Program Files\Maxis
2006-07-27 22:40    81920   ---------   C:\WINNT\system32\ping.dll
2006-07-16 10:09    309680   --a------   C:\tskmgr.exe
2006-07-02 11:26    310482   --a------   C:\wsetup.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"Promon.exe"="Promon.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhenUSave"="\"C:\\Program Files\\Save\\Save.exe\""
"Hela"="\"C:\\DOCUME~1\\ADMINI~1\\MYDOCU~1\\WNSXS~1\\notepad.exe\" -vt yazr"
"Izyu"="C:\\Program Files\\Common Files\\a?sembly\\r?ndll32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hela"="\"C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\APPATC~1\\svchost.exe\" -vt ndrv"
@="C:\\PROGRA~1\\COMMON~1\\ASEMBL~1\\RNDLL3~1.EXE"
"Bykfst"="C:\\Documents and Settings\\Administrator\\My Documents\\W?nSxS\\?pool32.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

Completion time: Tue 2006-09-05 19:23:51.75
ComboFix.txt

Uninstall List:::

545 Studios Skinstaller (remove only)
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
AIM+ (remove only)
AOL Instant Messenger
ArcSoft Software Suite
Axis & Allies Iron Blitz
BearShare
CCleaner (remove only)
CleanUp!
Crawler Toolbar
Efficient Networks SpeedStream DSL
ewido security suite
Google Toolbar for Internet Explorer
GSpot Codec Information Appliance
GST 1.36.0.2
HijackThis 1.99.1
iCam320
Intel® PRO Network Connections Drivers
Internet Explorer Q903235
iPod for Windows 2005-06-26
iPod for Windows 2006-03-23
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
LimeWire 4.10.9
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft VGX Q833989
Microsoft Windows Journal Viewer
Microsoft XML Parser and SDK
MSN Gaming Zone
MSN Messenger 6.2
Personal Training Workstation 6.0
Presto! Mr. Photo
Presto! VideoWorks
QuickTime
RealArcade
Security Update for Windows 2000 (KB904706)
Skype 1.4
Spybot - Search & Destroy 1.3
Tango Manager
The Sims Deluxe Edition
Ulead Photo Explorer 6.0
Uninstall JL2005A Toy Camera
Update Rollup 1 for Windows 2000 SP4
WebCamPlanet 5.00
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB887797
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB896727
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899588
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB904368
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix (Pre-SP4) [See Q327269 for more information]
Windows 2000 Hotfix (SP5) Q818043
Windows 2000 Service Pack 4
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See wm828026 for more information]
Windows Media Player system update (9 Series)
WinRAR archiver
YahooPoolAimer

guestolo · « **Reply #3 on:** September 05, 2006, 07:03:55 PM »

We still have some cleanup to do, but you that cleared out a bit

Can you do the following please
Your version of Spybot is out of date
Access your add/remove programs and remove Spybot 1.3
Reboot the computer

Back in Windows
Download and Install Spybot 1.4 from
HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Exit Spybot, we will need it in a bit, don't run a scan yet

Your version of Ewido is outdated, can you access your add/remove programs
Uninstall Ewido Security Suite
Reboot the computer

Back in Windows
==Download, install, and update Ewido anti-spyware[list=1]

Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close Ewido. Do not run it yet.

Print and/or save the rest of these instructions to a text file saved to desktop
This is very important, as I need you too reboot into safe mode without internet connection

Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

In safe mode
You have both CleanUp! and CCleaner installed
Can you use them both to clean your temp files, etc...

Remain in safe mode
Ewido Scan

Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Afterwards
Open Spybot 1.4
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer back to Normal windows

Back in Windows, do all the following
1. Can you run Combofix again, post the log that it produces once more
2. Can you also post a fresh hijackthis log
3. Post the whole report you saved earlier with Ewido

If it takes more than one reply to post all the info, do so please

TheTechGuide Forum

News:

Author Topic: HJT Log (Read 627 times)

Dylan

HJT Log

guestolo

HJT Log

Dylan

HJT Log

guestolo

HJT Log