Solve : Computer Infected with Malware/Virus/Trojan?? – InterviewSolution

InterviewSolution

1.	Solve : Computer Infected with Malware/Virus/Trojan??
Answer» Hi, I think my computer is infected with something. One online scanner (I now can not remember which one) said I had a 'bifrost' virus, but I could not find a way to remove it. I fisrt noticed something wrong when checking the html of websites I have uploaded. Extra code was being added just after the body tag pointing to other sites. I would re-upload the sites and they would STAY clean for a day and then the extra code would reappear again. One example is the following site www.gaptourism.com I tried to run Malwarebytes Anti Malware but it would shut down after a few seconds. I was using Panda Cloud Anti virus. It said everything was ok but it couldn't find an internet connection. Tried various anti virus sites but many I could not connect to, but I was able to do some online scans on some sites. From another computer I made a CD Boot disk with Panda virus scan from their website. And it found and deleted Rootkit/Booto.C I have followed all the Malware Removal Steps from your site. I have now installed Microsoft Security Essentials instead of Panda Cloud Anti Virus. Changed from Windows Firewall to Online Armour. I still can not run Malwarebytes so that log is not included below. Any help or advice you could give would be greatly appreaciated. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/08/2010 at 05:11 PM Application Version : 4.34.1000 Core Rules Database Version : 4650 Trace Rules Database Version: 2462 Scan type : Complete Scan Total Scan Time : 03:12:40 Memory items scanned : 456 Memory threats detected : 0 Registry items scanned : 7196 Registry threats detected : 2 File items scanned : 318214 File threats detected : 27 Adware.Tracking Cookie C:\Documents and Settings\Brian\Cookies\[email protected][1].txt C:\Documents and Settings\Brian\Cookies\[email protected][1].txt C:\Documents and Settings\Naomi\Cookies\[email protected][2].txt C:\Documents and Settings\Naomi\Cookies\[email protected][1].txt C:\Documents and Settings\Naomi\Cookies\[email protected][2].txt C:\Documents and Settings\Naomi\Cookies\[email protected][2].txt C:\Documents and Settings\Naomi\Cookies\[email protected][1].txt C:\Documents and Settings\Naomi\Cookies\[email protected][2].txt C:\Documents and Settings\Naomi\Cookies\[email protected][3].txt C:\Documents and Settings\Naomi\Cookies\[email protected][1].txt C:\Documents and Settings\Naomi\Cookies\[email protected][1].txt C:\Documents and Settings\Naomi\Cookies\[email protected][1].txt C:\Documents and Settings\Naomi\Cookies\[email protected][1].txt C:\Documents and Settings\Naomi\Cookies\[email protected][1].txt C:\Documents and Settings\Naomi\Cookies\[email protected][2].txt Rogue.Agent/Gen HKLM\SOFTWARE\03608623 HKLM\SOFTWARE\03608623#FirstRun Trojan.Agent/Gen-Nullo[QE] C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5CA1F79-E9A2-4DA2-9F18-B1599C1193BA}\RP765\A0156398.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5CA1F79-E9A2-4DA2-9F18-B1599C1193BA}\RP765\A0156412.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5CA1F79-E9A2-4DA2-9F18-B1599C1193BA}\RP767\A0156563.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5CA1F79-E9A2-4DA2-9F18-B1599C1193BA}\RP771\A0157728.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5CA1F79-E9A2-4DA2-9F18-B1599C1193BA}\RP772\A0157734.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5CA1F79-E9A2-4DA2-9F18-B1599C1193BA}\RP772\A0157974.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5CA1F79-E9A2-4DA2-9F18-B1599C1193BA}\RP772\A0158301.EXE Trojan.Agent/Gen-Nullo[Short] C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5CA1F79-E9A2-4DA2-9F18-B1599C1193BA}\RP771\A0156729.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5CA1F79-E9A2-4DA2-9F18-B1599C1193BA}\RP771\A0156733.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5CA1F79-E9A2-4DA2-9F18-B1599C1193BA}\RP772\A0157771.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5CA1F79-E9A2-4DA2-9F18-B1599C1193BA}\RP772\A0157773.EXE Adware.CouponBar C:\WINDOWS\SYSTEM32\CPNPRT2.CID =============================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:46:02, on 08/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\FuzLez\WheelsOfVolume\WheelsOfVolume.exe C:\Program Files\GIZMO2\GIZMO.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Brian\My Documents\Downloads\taskbar_shuffle_2.2\taskbarshuffle.exe C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\Common Files\Chameleon Manager\monitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [FuzLez WheelsOfVolume] "C:\Program Files\FuzLez\WheelsOfVolume\WheelsOfVolume.exe" O4 - HKLM\..\Run: [GIZMO2] C:\Program Files\GIZMO2\GIZMO.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Documents and Settings\Brian\My Documents\Downloads\taskbar_shuffle_2.2\taskbarshuffle.exe O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [Chameleon System Monitor] C:\Program Files\Common Files\Chameleon Manager\monitor.exe /startup O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader CONTROL) - http://asp07.photoprintit.de/microsite/12855//defaults/activex/IPSUploader.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.domore.ie/member/upload/ImageUploader4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Update Service (gupdate1c9296e95d8854a) (gupdate1c9296e95d8854a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 10982 bytesWelcome to CH. If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix*Thank you for your response. I have run Combofix and attached the log report below. ==================================================== ComboFix 10-03-09.04 - Brian 09/03/2010 20:53:32.1.4 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.2756 [GMT 0:00] Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe AV: Microsoft Security Essentials On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Online Armor Firewall disabled {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Brian\LOCALS~1\temp\hcda.tmp c:\documents and settings\Brian\Application Data\.# c:\program files\Antispyware c:\program files\Antispyware\Antispyware.url c:\program files\Antispyware\vistaCPtasks.xml c:\program files\temp c:\program files\temp\Amazing Windows XP.exe c:\program files\temp\Holiday Snowflakes.exe c:\program files\WinPCap c:\program files\WinPCap\rpcapd.exe c:\recycler\S-1-5-21-7608389861-4229364978-742926350-5186 c:\recycler\S-1-5-21-804958079-876268488-945908249-1003 c:\windows\COUPON~1.OCX c:\windows\CouponPrinter.ocx c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll c:\windows\winhelp.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_icf -------\Legacy_npf -------\Service_npf ((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 ))))))))))))))))))))))))))))))) . 2010-03-08 17:42 . 2010-03-08 17:42 -------- d-----w- c:\program files\Trend Micro 2010-03-08 17:29 . 2010-03-08 17:29 -------- d-----w- c:\program files\Common Files\Java 2010-03-08 13:46 . 2010-03-08 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-03-08 13:45 . 2010-03-08 13:45 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-08 13:45 . 2010-03-08 13:45 -------- d-----w- c:\documents and settings\Brian\Application Data\SUPERAntiSpyware.com 2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\program files\CCleaner 2010-03-08 11:02 . 2010-03-08 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2010-03-08 11:02 . 2010-03-08 11:02 -------- d-----w- c:\documents and settings\Brian\Application Data\OnlineArmor 2010-03-08 11:01 . 2009-12-05 07:28 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys 2010-03-08 11:01 . 2009-12-05 07:27 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys 2010-03-08 11:01 . 2009-12-05 07:27 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys 2010-03-08 11:01 . 2010-03-08 11:01 -------- d-----w- c:\program files\Tall Emu 2010-03-08 09:28 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-03-06 17:03 . 2010-03-06 17:04 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-03-06 11:30 . 2010-03-06 11:31 -------- d-----w- c:\documents and settings\Brian\Application Data\QuickScan 2010-03-06 09:59 . 2010-03-06 09:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp 2010-03-06 09:57 . 2010-03-06 09:57 -------- d-----w- c:\windows\system32\wbem\Repository 2010-03-06 09:57 . 2010-03-06 09:58 -------- d-----w- c:\documents and settings\All Users\HF_PCA_1.00.00.0002 2010-03-06 09:57 . 2010-03-06 09:57 -------- d-----w- c:\program files\TVUPlayer 2010-03-04 18:06 . 2010-03-04 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-03-04 18:06 . 2010-03-04 18:06 -------- d-----w- c:\program files\Lavasoft 2010-03-02 21:40 . 2010-03-06 09:54 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Analog Clock 2010-03-02 08:58 . 2010-03-06 09:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2) 2010-02-22 08:25 . 2010-03-06 09:55 -------- d-----w- c:\program files\SimpleTaskTimer 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-09 20:45 . 2009-01-30 22:41 -------- d-----w- c:\documents and settings\Brian\Application Data\HPAppData 2010-03-09 13:02 . 2008-04-16 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-08 17:29 . 2009-10-03 01:12 -------- d-----w- c:\program files\Java 2010-03-08 13:44 . 2008-03-27 23:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-03-08 09:36 . 2008-09-16 20:44 -------- d-----w- c:\program files\Panda Security 2010-03-06 17:09 . 2007-11-01 11:47 200256 ----a-w- c:\documents and settings\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-06 11:34 . 2010-03-06 09:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-06 10:05 . 2007-10-31 01:49 -------- d-----w- c:\program files\Google 2010-03-06 09:58 . 2010-03-05 10:50 -------- d-----w- c:\program files\Spyware Doctor 2010-03-06 09:57 . 2010-01-16 22:35 -------- d-----w- c:\program files\FLV Player 2010-03-06 09:56 . 2010-01-28 15:56 -------- d-----w- c:\program files\SlickRun 2010-03-06 09:56 . 2010-01-28 15:56 -------- d-----w- c:\documents and settings\Brian\Application Data\SlickRun 2010-03-06 09:56 . 2009-10-14 15:55 -------- d-----w- c:\program files\CDBurnerXP 2010-03-06 09:54 . 2009-09-23 22:52 -------- d-----w- c:\program files\Opera 2010-03-06 09:54 . 2010-03-04 18:06 -------- dc----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-03-06 09:54 . 2010-03-05 10:41 -------- d-----w- c:\program files\Exterminate It! 2010-03-06 09:54 . 2010-03-05 10:50 -------- d-----w- c:\program files\Common Files\PC Tools 2010-03-06 09:53 . 2010-03-05 11:55 -------- d-----w- c:\program files\Backdoor Bifrose Removal Tool 2010-03-06 09:52 . 2010-03-05 14:31 -------- d-----w- c:\program files\Windows Defender 2010-03-06 09:12 . 2008-03-27 23:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-01 08:52 . 2008-10-01 21:38 -------- d-----w- c:\documents and settings\Brian\Application Data\vlc 2010-02-02 14:56 . 2007-10-31 02:44 -------- d-----w- c:\documents and settings\Brian\Application Data\Serif 2010-02-02 14:55 . 2007-10-30 23:45 -------- d-----w- c:\program files\Serif 2010-02-02 01:29 . 2008-11-24 12:54 -------- d-----w- c:\documents and settings\Brian\Application Data\Skype 2010-02-01 17:24 . 2008-11-24 12:58 -------- d-----w- c:\documents and settings\Brian\Application Data\skypePM 2010-01-23 21:15 . 2008-07-21 14:38 -------- d-----w- c:\program files\Aplus DVD Copy 2010-01-07 16:07 . 2009-10-22 08:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 16:07 . 2009-10-22 08:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-23 17:56 . 2009-12-23 17:56 31728 ----a-w- c:\windows\dbrmdwb.exe 2009-12-23 17:56 . 2009-12-23 17:56 26 ----a-w- c:\windows\dbrmdwb.bat 2009-12-23 17:56 . 2009-12-23 17:56 241744 ----a-w- c:\windows\system32\DNLEng.dll 2009-12-23 17:56 . 2009-12-23 17:56 143360 ----a-w- c:\windows\picn1120.dll 2009-12-23 17:56 . 2009-12-23 17:56 143360 ----a-w- c:\windows\picn1020.dll 2009-12-23 17:56 . 2009-12-23 17:56 1025688 ----a-w- c:\windows\dbplugin.exe 2009-12-23 17:56 . 2009-12-23 17:56 2445312 ----a-w- c:\windows\npdbplug.dll 2009-12-17 17:14 . 2009-10-03 01:12 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-05-12 23:53 . 2007-11-04 01:33 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-05-12 23:53 . 2007-11-04 01:33 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-05-12 23:53 . 2007-11-04 01:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-05-12 23:53 . 2007-11-04 01:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-05-12 23:53 . 2007-11-04 01:33 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ------- Sigcheck ------- [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys [-] 2004-08-04 . 7399D854596BFEFEED6B60879F28CE07 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Taskbar Shuffle"="c:\documents and settings\Brian\My Documents\Downloads\taskbar_shuffle_2.2\taskbarshuffle.exe" [2007-11-01 827392] "VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352] "Chameleon System Monitor"="c:\program files\Common Files\Chameleon Manager\monitor.exe" [2009-10-18 1590784] "Google Update"="c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568] "nwiz"="nwiz.exe" [2007-05-10 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-10-17 16855552] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "FuzLez WheelsOfVolume"="c:\program files\FuzLez\WheelsOfVolume\WheelsOfVolume.exe" [2005-11-24 487424] "GIZMO2"="c:\program files\GIZMO2\GIZMO.exe" [2008-05-21 2217224] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-03 198160] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] [BU] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] ="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] ="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\KeyHoleTV\\KeyHoleTV.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Program Files\\Opera\\opera.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/01/2008 11:58 AM 685816] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [08/03/2010 11:01 AM 223312] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [08/03/2010 11:01 AM 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [08/03/2010 11:01 AM 29776] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 AM 66632] R1 StarPortLite;StarPort STORAGE Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [06/01/2008 11:58 AM 85760] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [08/03/2010 11:01 AM 1282248] R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [23/10/2007 10:06 PM 472096] S1 8d2febeb;8d2febeb;c:\windows\system32\drivers\8d2febeb.sys --> c:\windows\system32\drivers\8d2febeb.sys [?] S2 gupdate1c9296e95d8854a;Google Update Service (gupdate1c9296e95d8854a);c:\program files\Google\Update\GoogleUpdate.exe [08/10/2008 5:52 PM 133104] S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [05/09/2007 4:10 PM 32384] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 AM 12872] S3 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [08/03/2010 11:01 AM 3291336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-03-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-16 11:35] 2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-10-08 19:41] 2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-10-08 19:41] 2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2865573587-1871110255-1844121720-1005Core.job - c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:41] 2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2865573587-1871110255-1844121720-1005UA.job - c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:41] 2010-03-09 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 18:02] 2010-03-09 c:\windows\Tasks\User_Feed_Synchronization-{381ECA43-508D-423B-B297-40B884C65A1F}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 04:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/calendar/render?pli=1 IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp07.photoprintit.de/microsite/12855//defaults/activex/IPSUploader.cab FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\uczybqw1.default\ FF - prefs.js: browser.startup.homepage - www.onetouchireland.com FF - component: c:\program files\Evernote\Evernote3\FfTbClipper\components\enbar3.dll FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Lively\nplively.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdbplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Opera\program\plugins\npdbplug.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - plugin: c:\program files\Picasa2\npPicasa3.dll FF - plugin: c:\program files\Picasa2\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll . - - - - ORPHANS REMOVED - - - - AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-09 21:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\SoftwareDistribution c:\windows\system32\wuapi.dll.mui 15064 bytes executable c:\windows\system32\wuauclt.exe.wusetup.179828.bak 111104 bytes executable c:\windows\system32\wuaucpl.cpl.mui 15072 bytes executable c:\windows\system32\wups2.dll 44768 bytes executable c:\windows\system32\wuaucpl.cpl.wusetup.181484.bak 162304 bytes executable scan completed successfully hidden files: 6 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ACDC1E8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS 0xba90cfc3 \Driver\ACPI -> ACPI.sys 0xba67dcb8 \Driver\atapi -> 0x8acdc1e8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(540) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(3660) c:\program files\VisualTaskTips\VttHooks.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\corel\Graphics8\programs\CMFFld80.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe . ********************************************************************** . Completion time: 2010-03-09 21:09:39 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-09 21:09 Pre-Run: 362,417,909,760 bytes free Post-Run: 362,379,616,256 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - BFFC6B7287FF6A0C47F39EF9E3DE44FBPlease go to Jotti's malware scan** (If more than one file needs scanned they must be done separately and logs posted for each one) * Copy the file path in the below Code box: Code: [Select]c:\windows\system32\drivers\tcpip.sys* At the upload site, click once inside the window next to Browse. * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window. * Next click Submit file * Your file will possibly be entered into a queue which normally takes less than a minute to clear. * This will perform a scan across multiple different virus scanning engines. * Important: Wait for all of the scanning engines to complete. * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply. Also scan this file and post the link to the results. Code: [Select]c:\windows\system32\dllcache\tcpip.sysHere are the two links for the scans http://virusscan.jotti.org/en-gb/scanresult/ad1f758996ebcc4fad4b68385978dacd7196b30d/70f5948293fdad40527dbb2f0e42bd728ab217b8 http://virusscan.jotti.org/en-gb/scanresult/91f7ff20220d78ceeea44f9f32af44867761e43d/e4a17609999d772f32d037a3018c2e7f8e9b12db

Discussion

No Comment Found

Related InterviewSolutions