Windows 7 Support
Become a Fan of PCHF on Facebook!
 User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs
Reload this Page Virus on my computer....
Register for a Free Account

[Fixed] Hijackthis! Logs - Virus on my computer.... posted in the Security & Safety forums; Hi guys, Thanks for taking a look at this thread. I have a virus. Many many popups and when i click on links to google it takes me somewhere completely ...

Advertisement
Advertisement

Reply
Scan your PC for Errors
Page 1 of 2 1 2
Old 11-11-2009   #1
Bronze Member
 
Join Date: Dec 2005
Posts: 29
Default Virus on my computer....
Hi guys,

Thanks for taking a look at this thread. I have a virus. Many many popups and when i click on links to google it takes me somewhere completely different 2/3 times. Tried all major virus scans.

Thanks for your help
Attached Files
File Type: log hijackthis.log (14.8 KB, 4 views)
davidwilcock is offline   Reply With Quote
Old 11-11-2009   #2
Tech Support Team
 
Wolfeymole's Avatar
 
Join Date: Nov 2006
Location: In the Slaughtered Lamb having a pint.
Posts: 6,457
PC Experience: Smarter than the average Bear
Default Re: Virus on my computer....
Hi David

Welcome back.

Please click this link called Prework and follow the instructions and a member of the Security Team will assist you as soon as possible.
__________________

If PCHF has helped you please consider a donation by clicking this link Donate
Wolfeymole is offline   Reply With Quote
Old 11-11-2009   #3
Bronze Member
 
Join Date: Dec 2005
Posts: 29
Default Re: Virus on my computer....
Sorry about that guys.

Step one was a pain, I couldnt open it, I think i need winrar, but for reasons which i can explain via pm i cant download any programs at the minute. but heres the rest


DDS


DDS (Ver_09-10-26.01) - NTFSx86
Run by Dwilcock at 20:24:53.84 on 11/11/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.1116 [GMT 0:00]

AV: ISS Proventia 9.0.226.2212 *On-access scanning enabled* (Outdated) {CC5CB8EC-3531-44F2-BD71-A0FFE5BF399A}
AV: WebrootŪ Client Security *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ISS Proventia 9.0.226.2084 *enabled* {3A20BAC9-1D3C-41AA-AC2B-4AC7F02F706C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
D:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Dwilcock\My Documents\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by KPMG
uStart Page = hxxp://www.kworld.kpmg.com
uSearch Bar = hxxp://uknow.uk.kworld.kpmg.com/search/index.htm
mDefault_Page_URL = hxxp://www.kworld.kpmg.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://mylearning.uk.kworld.kpmg.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\s wg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [COMMUNICATOR] "c:\program files\microsoft office communicator\Communicator.exe"
uRun: [ISUSPM] "d:\documents and settings\all users\application data\macrovision\flexnet connect\6\isuspm.exe" -scheduler
mRun: [SchedulingAgent_nDG] "c:\program files\managesoft\schedule agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SBMGRNT.EXE] c:\progra~1\safeboot\SBMGRNT.EXE -WinLogon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Installuserkeys] c:\windows\ExecuteExe.vbs
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\ado bea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\vpn cli~1.lnk - c:\windows\installer\{ef912a6f-a263-4590-a92f-5f852748067d}\Icon3E5562ED7.ico
uPolicies-explorer: NoManageMyComputerVerb = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoChangeStartMenu = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: HideStartupScripts = 1 (0x1)
mPolicies-system: HideShutdownScripts = 1 (0x1)
dPolicies-explorer: NoActiveDesktop = 1 (0x1)
dPolicies-explorer: NoWindowsUpdate = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_A54B 7D6FB1DA63EA.dll/cmsidewiki.html
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: datasite.com\www
Trusted Zone: kpmg.com\abcv.kworld
Trusted Zone: kpmg.com\conf.kworld
Trusted Zone: kpmg.com\cvsearch.kworld
Trusted Zone: kpmg.com\maint.kworld
Trusted Zone: kpmg.com\search.kworld
Trusted Zone: kpmg.com\suggestions.kworld
Trusted Zone: kpmg.com\training1.us.kworld
Trusted Zone: kpmg.com\www.kworld
Trusted Zone: kpmgconsulting.com
Trusted Zone: mentor-uk.com
Trusted Zone: meomweb14
Trusted Zone: merrillcorp.com\datasite
Trusted Zone: newsedge-web.com\kworld2
Trusted Zone: datasite.com\www
Trusted Zone: kpmg.com\abcv.kworld
Trusted Zone: kpmg.com\conf.kworld
Trusted Zone: kpmg.com\cvsearch.kworld
Trusted Zone: kpmg.com\maint.kworld
Trusted Zone: kpmg.com\search.kworld
Trusted Zone: kpmg.com\suggestions.kworld
Trusted Zone: kpmg.com\training1.us.kworld
Trusted Zone: kpmg.com\www.kworld
Trusted Zone: kpmgconsulting.com
Trusted Zone: mentor-uk.com
Trusted Zone: meomweb14
Trusted Zone: merrillcorp.com\datasite
Trusted Zone: newsedge-web.com\kworld2
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {833BB77C-2888-455F-88CF-704E07108FF2} - hxxp://efisis.fss.or.kr/ocx/sp/fs/Any_CIFSSKAOGRIDE.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D042C408-D100-4F43-8DFE-03BA929D3EBB} - hxxp://efisis.fss.or.kr/ocx/sp/fs/AnyTreeE.CAB
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvucricket.com/player/vjocx-en-black.cab
DPF: {DCEF9574-19A1-4069-95FE-BBB49210DD5F} - hxxp://efisis.fss.or.kr/ocx/sp/fs/AnyChartE.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {8D065CBF-28FF-4881-89AB-067D6E7C92A2} = 10.203.65.68 10.203.65.68
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sappc\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sappc\sapgui\SAPHTMLP.DLL
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNtf.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - shdocvw.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\safe boot.sys [2008-8-26 30267]
R0 SBAlg;SBAlg;c:\windows\system32\drivers\sbalg.sys [2008-8-26 44848]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvloc k.sys [2008-8-26 4752]
R1 SBFlop;SBFlop;c:\windows\system32\drivers\sbflop.s ys [2008-8-26 6096]
R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\sbpr cctl.sys [2008-8-26 14864]
R2 BlackICE;BlackICE;c:\program files\iss\proventia desktop\blackd.exe [2008-8-26 2093322]
R2 ndGlobalLauncher;ManageSoft installation agent;c:\program files\managesoft\launcher\ndserv.exe [2005-12-20 2433024]
R2 ndinit;ManageSoft managed device;c:\program files\managesoft\schedule agent\ndinit.exe [2005-12-20 610304]
R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\safeboot\sbmgrnt.exe [2008-8-26 49212]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-7-4 14336]
R2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\iss\proventia desktop\vpatch.exe [2008-8-26 405770]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-16 102448]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-10-29 58880]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2009-10-29 106112]
R3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [2009-10-29 18816]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-10-29 8064]
R3 MakoNT;MakoNT;c:\windows\system32\drivers\isskboep .sys [2008-8-26 80512]
R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [2008-8-26 50163]
R4 black;black;c:\windows\system32\drivers\Blackcat.s ys [2008-8-26 205938]
S2 vvdsvc;VJVodClientServices;c:\windows\system32\svc host.exe -k vvdsvc [2005-5-22 14336]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [2009-6-26 23888]
S3 usbkey;USB Dongle;c:\windows\system32\drivers\Usbkey.sys [2008-11-11 33852]
S4 mblTrigger;KPMG GD MBL Trigger;c:\program files\kpmg\global desktop\mbl\base\MBLTrigger.exe [2003-11-19 57344]

=============== Created Last 30 ================

2009-11-11 19:35:21 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-11 19:35:21 1409 ----a-w- c:\windows\QTFont.for
2009-11-11 19:06:52 45684 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-11 18:38:21 0 d-----w- c:\program files\Microsoft
2009-11-04 12:17:02 0 d-----w- C:\Sym_LoadPointDiag
2009-11-03 10:11:44 205312 ----a-w- c:\windows\system32\KPMGSCREEN.scr
2009-11-02 22:07:57 0 d-----w- c:\program files\AVG
2009-11-02 19:55:56 0 d-----w- d:\documents and settings\dwilcock\.housecall6.6
2009-10-29 16:14:15 18816 ----a-r- c:\windows\system32\drivers\gtuhsoms.sys
2009-10-29 16:11:15 106112 ----a-r- c:\windows\system32\drivers\gtuhs51.sys
2009-10-29 16:11:06 8064 ----a-r- c:\windows\system32\drivers\gtuhsser.sys
2009-10-29 16:10:36 58880 ----a-r- c:\windows\system32\drivers\gtuhsbus.sys
2009-10-29 16:10:26 0 d-----w- d:\docume~1\dwilcock\applic~1\Vodafone
2009-10-29 16:09:58 0 d-----w- d:\docume~1\alluse~1\applic~1\Vodafone
2009-10-29 16:09:51 0 d-----w- c:\program files\Vodafone

==================== Find3M ====================

2009-09-25 05:56:36 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-16 08:12:14 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-16 08:12:14 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-16 08:12:14 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-16 08:12:14 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-08-27 14:22:15 3100672 ----a-w- c:\program files\common files\sapxlhelper.dll
2008-08-27 14:22:12 626688 ----a-w- c:\program files\common files\sapconsaccess.dll
2008-08-27 14:22:12 192512 ----a-w- c:\program files\common files\sapconsr3.dll
2008-08-27 14:22:12 1124864 ----a-w- c:\program files\common files\SAPActiveXL_nosig.xlt
2008-08-27 14:22:11 1129984 ----a-w- c:\program files\common files\SAPActiveXL.xlt
2008-08-27 14:22:09 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx
2002-10-04 09:09:14 0 ----a-w- c:\program files\dummy.txt

============= FINISH: 20:25:44.94 ===============


Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 26/08/2008 14:51:39
System Uptime: 11/11/2009 18:05:01 (2 hours ago)

Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2193/200mhz
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2193/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 38 GiB total, 25.32 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 6.359 GiB free.
E: is CDROM (UDF)
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\14F0E870484FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\14F0E870484FC000
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

.NET Enterprise Security Configuration 2.0
32 Bit HP BiDi Channel Components Installer
3G_Dashboard v7.0.0.11
3rd Party
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Advanced Desktop Reporting Agent
Advisory Toolbar
Advisory Toolbar Check [dwilcock] (via ManageSoft)
Apple Software Update
Barrie and Hibbert ESG 6.1.1
Borland Database Engine
CABS2000 eBilling 2.1.11
Cache Cleaner 4.2.0
ChartMagic
Citrix Presentation Server Client
CMI Tables Program
CommonModules
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
CRM Systems
eMobility Training [Dwilcock] (via ManageSoft)
eMobilityCert
Enterprise
eRoom Client
Fix for GDV3.2 Image [Common] (via ManageSoft)
Fix For OutlookForms
Fonts
GDCoreComponents
GDSetup
GDUtilities v2.0.2
GDv3 Resource Kit 1.01
Global Desktop Background Images
Global Desktop Version Check Utility
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB906681)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB954550-v5)
ICT Oracle Settings [dwilcock] (via ManageSoft)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iPass Connect v3.35 Installer
J2SE Runtime Environment 5.0 Update 11
KPMG Cisco VPN Client 4.8.01.0300
KPMG Corporate Network Awareness v1.0
KPMG Email Archiving Training [dwilcock] (via ManageSoft)
KPMG In-house Merge Modules
KPMG MD Client Settings [Common] (via ManageSoft)
KPMG MD Customisations [Common] (via ManageSoft)
KPMG Screensaver v57.0
KPMG Shortcut Menu
KPMG SSE Word v9.4
KPMG Timesheet
KPMGDirectory 3.01.03
KSA
LiveUpdate 3.3 (Symantec Corporation)
Local Policy Update
Managed DirectX (0901)
ManageSoft for managed devices
MBL
MBL [Common] (via ManageSoft)
mCore
mDriver
mDrWiFi
Meeting Manager for Internet Explorer
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Baseline Security Analyzer 2.0.1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access 2003 Runtime
Microsoft Office Communicator 2005
Microsoft Office Professional Edition 2003
Microsoft Office Visio Standard 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft XML Parser
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MS ActiveX
mSCfg
mSSO
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MSXML4.0 redistributable
mWlsSafe
mWMI
mZConfig
Nectar Reference v1.0
OEMinfo Update [Dwilcock] (via ManageSoft)
OEMinfo Update v1.0
Office Update Inventory Tool [Common] (via ManageSoft)
Oracle 09.20.0001
PolicyMaker™ Standard Edition Client
PowerPoint Templates for Re-Branding
QuickTime
QuickTimePlayerFix [Dwilcock] (via ManageSoft)
RealPlayer
Safari
Safeboot Shortcut Removal [Dwilcock] (via ManageSoft)
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
SAP Business Explorer
SAP GUI 7.10
SAP GUI 7.2
SAP User Config [dwilcock] (via ManageSoft)
Security Patch Settings for Microsoft Office [Common] (via ManageSoft)
Security Patch Settings for Microsoft Windows [Common] (via ManageSoft)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Segoe UI
SigmaTel Audio
SSE Word CRM Letter v3.4
Symantec Endpoint Protection
Symantec Parent Server Migration [dwilcock] (via ManageSoft)
SynThesys Life Client Components
UKFonts
UKRas
Update for Windows XP (KB908531)
Update for Windows XP (KB911280)
Update for Windows XP (KB931836)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VLC media player 0.9.8a
Vodafone Mobile Connect Lite
Web Services Enhancements v1.0
Webex Player v2.1
WebFldrs XP
WebrootŪ Client
Windows Desktop Search 3.01
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Rights Management client
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888603
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Winzip 10.0

==== Event Viewer Messages From Past Week ========

07/11/2009 11:47:42, error: NETLOGON [5719] - No Domain Controller is available for domain UK due to the following: The remote procedure call was cancelled. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
07/11/2009 11:47:16, error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\UKCCHGC01.uk.kworld.kpmg.com for the domain UK is not responsive. The current RPC call from Netlogon on \\UKK32660 to \\UKCCHGC01.uk.kworld.kpmg.com has been cancelled.
07/11/2009 10:38:28, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
07/11/2009 09:37:28, error: NETLOGON [5719] - No Domain Controller is available for domain UK due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
06/11/2009 09:22:53, error: Dhcp [1002] - The IP address lease 10.46.147.171 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.57.193.143 (The DHCP Server sent a DHCPNACK message).
06/11/2009 09:20:02, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
05/11/2009 20:27:58, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{114FF057-88CC-4843-9389-23F4E4445ADD} because another computer on the network has the same name. The server could not start.
05/11/2009 19:58:16, error: Dhcp [1002] - The IP address lease 10.57.2.54 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.46.147.170 (The DHCP Server sent a DHCPNACK message).
05/11/2009 19:51:44, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
05/11/2009 19:33:34, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
05/11/2009 19:30:22, error: Dhcp [1002] - The IP address lease 10.47.117.4 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.57.2.55 (The DHCP Server sent a DHCPNACK message).
05/11/2009 19:27:43, error: NETLOGON [5719] - No Domain Controller is available for domain UK due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
05/11/2009 17:38:07, error: Dhcp [1002] - The IP address lease 10.57.43.251 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.46.147.170 (The DHCP Server sent a DHCPNACK message).
05/11/2009 17:38:00, error: Service Control Manager [7034] - The UFD Command Service service terminated unexpectedly. It has done this 1 time(s).
05/11/2009 17:38:00, error: Service Control Manager [7022] - The UFD Command Service service hung on starting.

==== End Of File ===========================

checkup.txt

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Symantec Endpoint Protection
Antivirus out of date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Out of date HijackThis installed!
HijackThis 1.99.1
Adobe Flash Player 10
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Symantec AntiVirus Smc.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus SmcGui.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````
davidwilcock is offline   Reply With Quote
Old 11-12-2009   #4
Senior Security Analyst
 
chiaz's Avatar
 
Join Date: Jun 2006
Location: Singapore
Posts: 5,289
PC Experience: PC Guru
Default Re: Virus on my computer....
Hi David,

A few things before we start....
1. Please Read All Instructions Carefully.
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you.
4. If you have to go away for an extended period of time, let me know.
5. Please continue to respond until I give you the "All Clear".
(Just because you can't see a problem doesn't mean it isn't there)


======

Please download Malwarebytes' Anti-Malware by clicking the link below:
Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* You'll be required to post the contents of this log later.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.


Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system.


Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.
chiaz is offline   Reply With Quote
Old 11-12-2009   #5
Bronze Member
 
Join Date: Dec 2005
Posts: 29
Default Re: Virus on my computer....
Please find attached

Thanks,
David
Attached Files
File Type: txt ComboFix.txt (24.9 KB, 1 views)
File Type: txt mbam-log-2009-11-12 (19-47-04).txt (972 Bytes, 1 views)
File Type: log hijackthis.log (13.9 KB, 1 views)
davidwilcock is offline   Reply With Quote
Old 11-12-2009   #6
Bronze Member
 
Join Date: Dec 2005
Posts: 29
Default Re: Virus on my computer....
Wow, great, popups have gone!
davidwilcock is offline   Reply With Quote
Old 11-13-2009   #7
Senior Security Analyst
 
chiaz's Avatar
 
Join Date: Jun 2006
Location: Singapore
Posts: 5,289
PC Experience: PC Guru
Default Re: Virus on my computer....
Your computer appears clean, but there are some things that remain to be done if you want to ensure your system will remain clean.

OS: Your system is current at Windows XP Service Pack 2. I recommend you upgrade to SP3, which includes security updates and hotfixes:
http://www.microsoft.com/windows/pro...3/default.mspx

AV: Is your anti-virus program (Symantec Anti-Virus/Norton) disabled and out-of-date? If yes, please take steps to resolve that please.

Adobe: Your version of Adobe reader is out-dated. Outdated versions have security vulnerabilities that could render your computer less secure. Please download the latest version (9.2) here:
Adobe - Adobe Reader download - All versions

=========

It's time to remove ComboFix.

Go to to Start > Run
Type in box

combofix /u

Note: the space between the X and the /u

Press Enter.

This command will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.


Even if you have no more queries, I would appreciate if you can reply once more to this thread so that I will be able to have this archived. Thanks.
chiaz is offline   Reply With Quote

Reply
Page 1 of 2 1 2

Bookmarks

Tags
computer, virus
Similar discussions...
Thread Thread Starter Forum Replies Last Post
Virtual Computer Virus Randymaarsh General Software 3 08-04-2009 05:51 PM
Solved: Slow computer and I am sure have virus bmorgan1954 [Fixed] Hijackthis! Logs 4 08-05-2008 12:50 PM
virus and computer problems bara3190 Anti-Virus 9 05-08-2008 02:16 PM
my computer attacked buy virus...plz help me lo232157 Anti-Virus 1 10-10-2007 01:31 AM
Solved: Computer not virus clean squeegee00 Spyware / AdWare 7 05-15-2006 02:11 AM

« Rootkit? | Hijackthis file analysis »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Site Map - Top

All times are GMT. The time now is 12:01 AM.
Powered by vBulletin
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2