Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
its on a usb stick, and when I try to delete it
it comes back 2 seconds later under changed name like AAAØÒª×ÊÁÏ.exe.Its always 95kb in size.
Make sure the jump drive is plugged in.
Please download http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe and save to your desktop.
NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)Please post the log it produces.
Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.Double-click Flash_Disinfector.exe to run it.
Follow any prompts that may appear.
Wait until the program has finished scanning, then please exit the program.
0 
heres what happens after installing combofix
It quits without confirming. I see no icons for it so I go to explorer and double click on combofix.exe
,then the pc closes my explorer window and does nothing.
---------------------
I then tried disinfector, the same thing happend.
-------------------
I then tried to see if new software was installing OK, so I tried a video program,
the program installed and works fine.combofix.exe and Flash_Disinfector.exe, do not want to seem to run, they just close themself and exploerer off.
0
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
0
Now I find the full force of the virus.
Its disabled getting into sytem restore and system configuration utility.
Its also killed taskbar, as soon as I press
Ctr+Alt+del to open taskbar, everything freezes.
When I try to run SmitfraudFix or any of the other previuos mentioned anti virus, the pc just freezes.
Looks like I may have the only option now to
re-install XP, unless you think there may be
another way ?
0
Can you run Hijack This and post its log?
Please download SilentRunners from this link http://www.silentrunners.org/Silent%20Runners.zip. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.
0
Ok Ive been able to get some of your applications running now.
The virus also adjusted my clock back to 2004. And a 24hour time standard which I didnt have before, I used to have 2PM not 1400. I also can not get the date to display correctly to tell me what day of the week it is with the mouse over ,like I used to.I ran combofix again and it said "preparing to run " on ablue screen, but that was the last I saw it continuing to run, unless I just click on it again,it
just keeps repeating the same thing.I also ran my antivirus which I basically knew might happen ,but It can not delete the
viruses. That one ÖØÒª×ÊÁÏ.exe virus created
new viruses called conime.exe ,jitpjr.exe , oso.exe
----------------------
Here is the Log file produced by Hyjackthis00Scan of C:\; D:\; F:\; H:\;
09
0822.01.2004 09:29
09
07C:\hiberfil.sys The file could not be opened
09C:\hiberfil.sys
03C:\cav-0.94.exe HEUR/Malware Virus can't be removed
09C:\cav-0.94.exe
03C:\WINDOWS\inetloader.dll TR/Dldr.Small.ddp.32 Virus can't be removed
09C:\WINDOWS\inetloader.dll
03C:\WINDOWS\system32\severe.exe TR/Crypt.NSAnti.Gen Virus can't be removed
09C:\WINDOWS\system32\severe.exe
03C:\WINDOWS\system32\jitpjr.exe TR/Crypt.NSAnti.Gen Virus can't be removed
09C:\WINDOWS\system32\jitpjr.exe
03C:\WINDOWS\system32\jitpjr.dll TR/Crypt.NSAnti.Gen Virus can't be removed
09C:\WINDOWS\system32\jitpjr.dll
03C:\WINDOWS\system32\verclsid.dat TR/Crypt.NSAnti.Gen Virus can't be removed
09C:\WINDOWS\system32\verclsid.dat
03C:\WINDOWS\system32\drivers\conime.exe TR/Crypt.NSAnti.Gen Virus can't be removed
09C:\WINDOWS\system32\drivers\conime.exe
03C:\WINDOWS\system32\drivers\cisceq.exe TR/Crypt.NSAnti.Gen Virus can't be removed
09C:\WINDOWS\system32\drivers\cisceq.exe
07C:\Documents and Settings\NetworkService\ntuser.dat.LOG The file could not be opened
09C:\Documents and Settings\NetworkService\ntuser.dat.LOG
07C:\Documents and Settings\NetworkService\NTUSER.DAT The file could not be opened
09C:\Documents and Settings\NetworkService\NTUSER.DAT
07C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG The file could not be opened
09C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
07C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat The file could not be opened
09C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
07C:\Documents and Settings\LocalService\ntuser.dat.LOG The file could not be opened
09C:\Documents and Settings\LocalService\ntuser.dat.LOG
07C:\Documents and Settings\LocalService\NTUSER.DAT The file could not be opened
09C:\Documents and Settings\LocalService\NTUSER.DAT
07C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG The file could not be opened
09C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
07C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat The file could not be opened
09C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
07C:\Documents and Settings\mycomputer\ntuser.dat.LOG The file could not be opened
09C:\Documents and Settings\mycomputer\ntuser.dat.LOG
07C:\Documents and Settings\mycomputer\ntuser.dat The file could not be opened
09C:\Documents and Settings\mycomputer\ntuser.dat
07C:\Documents and Settings\mycomputer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG The file could not be opened
09C:\Documents and Settings\mycomputer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
07C:\Documents and Settings\mycomputer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat The file could not be opened
09C:\Documents and Settings\mycomputer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
03C:\Documents and Settings\mycomputer\Desktop\SmitfraudFix\Reboot.exe SPR/Tool.Reboot.C Virus can't be removed
09C:\Documents and Settings\mycomputer\Desktop\SmitfraudFix\Reboot.exe
03C:\Documents and Settings\mycomputer\Desktop\SmitfraudFix\restart.exe SPR/Tool.Hardoff.A Virus can't be removed
09C:\Documents and Settings\mycomputer\Desktop\SmitfraudFix\restart.exe
03C:\Documents and Settings\mycomputer\Desktop\SmitfraudFix\SmiUpdate.exe ADSPY/SmiUpdate Virus can't be removed
09C:\Documents and Settings\mycomputer\Desktop\SmitfraudFix\SmiUpdate.exe
03C:\Fraps\fraps.dll HEUR/Malware Virus can't be removed
09C:\Fraps\fraps.dll
03C:\ComboFix\setpath.cfexe HEUR/Malware Virus can't be removed
09C:\ComboFix\setpath.cfexe
03C:\games\alien2\3dsl-avp2.rar TR/Blakhal.D Virus can't be removed
09C:\games\alien2\3dsl-avp2.rar
03C:\games\alien2\3dsl-avp2_fix.rar TR/Blakhal.D Virus can't be removed
09C:\games\alien2\3dsl-avp2_fix.rar
03C:\games\davidvgaliath\david.exe HEUR/Crypted Virus can't be removed
09C:\games\davidvgaliath\david.exe
03C:\MPEG4 Direct Maker5.5.2\mpeg4directmaker.exe HEUR/Crypted Virus can't be removed
09C:\MPEG4 Direct Maker5.5.2\mpeg4directmaker.exe
03C:\MPEG4 Direct Maker5.5.2\Patch.exe HEUR/Crypted Virus can't be removed
09C:\MPEG4 Direct Maker5.5.2\Patch.exe
03D:\OSO.exe TR/Crypt.NSAnti.Gen Virus can't be removed
09D:\OSO.exe
03D:\games\alienVpred\3dsl-avp2.rar TR/Blakhal.D Virus can't be removed
09D:\games\alienVpred\3dsl-avp2.rar
03D:\games\alienVpred\3dsl-avp2_fix.rar TR/Blakhal.D Virus can't be removed
09D:\games\alienVpred\3dsl-avp2_fix.rar
03D:\tools\todvd\keygen.exe PCK/FSG Virus can't be removed
09D:\tools\todvd\keygen.exe
03F:\OSO.exe TR/Crypt.NSAnti.Gen Virus can't be removed
09F:\OSO.exe
03F:\RECYCLER\S-1-5-21-2239728771-3655117105-3091563318-1005\De35.zip DR/Zlob.BrA Virus can't be removed
09F:\RECYCLER\S-1-5-21-2239728771-3655117105-3091563318-1005\De35.zip
0267447
09
01Scan time: 3838 s
09
------------------
I will now try the HijackThis utility to clean or kill the viruses.
0
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe modeSet up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.For now do not try to enter safe mode by any other method than the F8 method.
Navigate to and delete these files if found.
C:\WINDOWS\inetloader.dll
03C:\WINDOWS\system32\severe.exe
C:\WINDOWS\system32\jitpjr.exe
C:\WINDOWS\system32\drivers\conime.exe
C:\WINDOWS\system32\drivers\cisceq.exe
F:\OSO.exe
D:\OSO.exe
C:\WINDOWS\System32\drivers\nkruls.exe
C:\WINDOWS\System32\alligt.exe
C:\WINDOWS\System32\hx1.bat
C:\WINDOWS\System32\noruns.reg
C:\WINDOWS\system32\verclsid.dat
D:\ÖØÒª×ÊÁÏ.exe
C:\ÖØÒª×ÊÁÏ.exe
F:\ÖØÒª×ÊÁÏ.exe
C:\AAÅROII·.PIF
D:\AAÅROII·.PIF
F:\AAÅROII·.PIF
C:\AAÅROII·.PIF
D:\AAÅROII·.PIF
F:\AAÅROII·.PIF
C:\ÖOOªXEAI.exe
D:\ÖOOªXEAI.exe
F:\ÖOOªXEAI.EXE
While still in safe mode open notepad (Start Menu > Run > Type notepad and press "ok".)
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\alligt]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nkurls]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=explorer.exe %System%\drivers\conime.exe]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXGo to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Run your antivirus from safe mode.
From safe mode run Combofix, save the log and post it after we exit safe mode.
From safe mode run Hijack This, save the log and post it after we exit safe mode.
If any of the above removal process cause a reboot from safe mode re-enter safe mode and continue.
Post the Hijack This log and the combofix log please.
0
Thats weird, how do I navigate to
03C:\WINDOWS\system32\severe.exe ?
or
09C:\WINDOWS\system32\severe.exe ?
or
09D:\OSO.exe ?when I only have C:,D:,E:,F: ? drives and directories ?
I tried googling this but there is no help available for this.
Its weird because when I open processes it says all those viruses are still there.
0
The info you sent was not the requested scans.
That would be:
C:\WINDOWS\system32\severe.exe
C:\WINDOWS\system32\severe.exe
D:\OSO.exe
The files/folders will change rapidly. If you do not post the requested scans there is not much we can do for you.
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)Please post the log it produces.
Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
0
I had the same problem... well kinda. I had ÖØÒª×ÊÁÏ.exe and AAÅROII•.PIF showing up on my usb, deleting them would not help they would just come back. When I follow the instructions on the "Name: jabuck
Date: October 13, 2007 at 07:56:01 Pacific" post the first thing I noticed after unticking the (box beside "hide extensions of known file types" and "hide protected system operating files) was in safe mode there was another file showing up called ÖOOª.exe similar to the "ÖOOªXEAI.EXE" file mentioned. I removed the these three files, I couldn't find the others files(they where not there)and did the regit fix, followed by AVG and Clamwin scan that found nothing :(I checked the usb one more time before exit safe mode to noticed the files where back, not sure what to do next I thought I would reboot to find new solution on the web, but I didn't need to.
Windows preformed a check disk on the usb which located the three files and truncated them. Now after a normal and safe mode boot I can't find the files anywhere. Not 100% sure whats happened but it's worked and I thought I would share what has happened. Hope this can help someone else.
0
combofix creates no log file. It may be possible that the virus is set up so combofix will not run. When I click it ,it just says
preparing to run combofix ,and thats the last I see of combofix, there
is no log file.
Here is another Log file of HijackthisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:25, on 2004-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\jitpjr.exe
C:\WINDOWS\system32\drivers\conime.exe
C:\WINDOWS\system32\severe.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\conime.exe
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - E:\FreshDownload\FDCatch.dll (file missing)
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll (file missing)
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - E:\FreshDownload\fdiebar.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.exe
O4 - HKLM\..\Run: [RemoteControl] C:\tools\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [cisceq] C:\WINDOWS\system32\jitpjr.exe
O4 - HKLM\..\Run: [jitpjr] C:\WINDOWS\system32\severe.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O9 - Extra button: FreshDownload - {28EC5201-AF08-4232-B819-184D8E49B16B} - E:\FreshDownload\fd.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avGuard Service (avGuard) - Unknown owner - D:\Ashampoo AntiVirus\ashAvSrv.exe--
End of file - 3342 bytes
-----------
Here is the log file produced by the Silentrunners program"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
----HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"NBJ" = ""C:\Nero\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
"StartCCC" = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [null data]
"Tok-Cirrhatus" = "(empty string)" [file not found]HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"LaunchApp" = "Alaunch" ["Acer Inc."]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32" [MS]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /IMEName" [MS]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"PCMService" = ""C:\Program Files\Arcade\PCMService.exe"" ["CyberLink Corp."]
"EPM-DM" = "c:\acer\epm\epm-dm.exe" ["Acer Value Labs, USA"]
"ePowerManagement" = "C:\Acer\ePM\ePM.exe boot" ["Acer Value Labs, Taiwan"]
"LManager" = "C:\Program Files\Launch Manager\QtZgAcer.exe" ["Dritek System Inc."]
"RemoteControl" = "C:\tools\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"cisceq" = "C:\WINDOWS\system32\jitpjr.exe" [null data]
"jitpjr" = "C:\WINDOWS\system32\severe.exe" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{206E52E0-D52E-11D4-AD54-0000E86C26F6}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\FreshDownload\FDCatch.dll" [file not found]
{f015f320-ab08-11db-abbd-0800200c9a66}\(Default) = (no title provided)
-> {HKLM...CLSID} = "WeeklyExecuter Class"
\InProcServer32\(Default) = "C:\WINDOWS\inetloader.dll" [file not found]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [file not found]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{5E2121EE-0310-11D4-8D3B-444553540000}" = "AshAv extension"
-> {HKLM...CLSID} = "AshAvShell Class"
\InProcServer32\(Default) = "D:\Ashampoo AntiVirus\ashavshell.dll" ["Ashampoo GmbH"]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Shell" = "Explorer.exe C:\WINDOWS\system32\drivers\conime.exe" [MS], [null data]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
<<!>> 360Safe.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> adam.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> avp.com\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> avp.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> EGHOST.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> IceSword.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> iparmo.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> kabaload.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> KRegEx.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> KvDetect.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> KVMonXP.kxp\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> KvXP.kxp\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> MagicSet.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> mmsk.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> msconfig.com\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> msconfig.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> NOD32.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> PFW.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> PFWLiveUpdate.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> QQDoctor.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> Ras.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> Rav.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> RavMon.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> regedit.com\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> regedit.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> runiep.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> SREng.EXE\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> TrojDie.kxp\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]
<<!>> WoptiClean.exe\Debugger = "C:\WINDOWS\system32\drivers\cisceq.exe" [null data]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Bkav\(Default) = "{7E41911F-13AA-11D3-A831-00104B9E30B8}"
-> {HKLM...CLSID} = "CopyPathContextMenu Class"
\InProcServer32\(Default) = "E:\Bkav2006\ContextMenu.dll" ["Bkis center"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [file not found]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
Bkav\(Default) = "{7E41911F-13AA-11D3-A831-00104B9E30B8}"
-> {HKLM...CLSID} = "CopyPathContextMenu Class"
\InProcServer32\(Default) = "E:\Bkav2006\ContextMenu.dll" ["Bkis center"]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [file not found]
Default executables:
--------------------<<!>> HKLM\Software\Classes\scrfile\shell\open\command\(Default) = ""%1" %*" [file not found]
Group Policies {policy setting}:
---Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Startup items in "mycomputer" & "All Users" startup folders:
--C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Office Startup" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.exe -b" [MS]
Winsock2 Service Provider DLLs:
--Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
-------Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{ED0E8CA5-42FB-4B18-997B-769E0408E79D}" = "FreshDownload Bar"
-> {HKLM...CLSID} = "FreshDownload Bar"
\InProcServer32\(Default) = "E:\FreshDownload\fdiebar.dll" [file not found]Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{28EC5201-AF08-4232-B819-184D8E49B16B}\
"ButtonText" = "FreshDownload"
"Exec" = "E:\FreshDownload\fd.exe" [file not found]{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
--------Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avGuard Service, avGuard, "D:\Ashampoo AntiVirus\ashAvSrv.exe" [null data]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
---------- (launch time: 2004-01-22 21:07:33)
<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 82 seconds, including 15 seconds for message boxes)
0
Post a Hijack This log by this procedure.
Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Please download and install
SuperAntiSpyware
Load SUPERAntiSpyware and click the Check for Updates button.
Once the update has finished, click the Scan your Computer button.
Check Perform Complete Scan and then click Next.
SUPERAntiSpyware will now scan your computer, and when it’s finished it will list all the infections it has found.
Make sure that they all have a check next to them, and then click Next.
Click Finish and you will be taken back to the main interface.
It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
I'll need a log afterwards of what has been found.
To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
Please post the results of the SUPERAntiSpyware log.
0
SuperAntiSpyware found nothing heres the log
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 01/22/2004 at 09:05 PM
Application Version : 3.9.1008
Core Rules Database Version : 3259
Trace Rules Database Version: 1270Scan type : Complete Scan
Total Scan Time : 01:03:09Memory items scanned : 171
Memory threats detected : 0
Registry items scanned : 4674
Registry threats detected : 0
File items scanned : 24782
File threats detected : 0
I then retried my anti virus called ashampoo
antivirus, only in safe mode, and it managed
to delete the 3 viruses. I then was able to
run combofix finally. Heres the logComboFix 07-10-19.1 - mycomputer 2004-01-23 7:36:29.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.242 [GMT 11:00]
Running from: C:\Documents and Settings\mycomputer\Desktop\ComboFix(2).exe
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\Documents and Settings\mycomputer\Application Data\inst.exe
C:\WINDOWS\system32\drivers\conime.exe
C:\WINDOWS\system32\drivers\conime.exe
C:\WINDOWS\system32\severe.exe
C:\WINDOWS\system32\verclsid.dat
D:\Autorun.inf
D:\autorun.inf
D:\OSO.exe
E:\autorun.inf
E:\OSO.exe
F:\Autorun.inf
F:\autorun.inf
F:\OSO.exe.
((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).
-------\nm
((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.2007-10-13 16:14 2,516 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-13 15:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-13 15:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-13 15:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-13 15:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-13 15:12 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-13 14:38 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 21:23 7,040 --a------ C:\WINDOWS\system32\drivers\AshAvScan.sys
2007-10-09 20:35 96,899 ---hs---- C:\WINDOWS\system32\jitpjr.exe
2007-10-09 20:35 38,400 ---hs---- C:\WINDOWS\system32\jitpjr.dll
2007-10-08 21:43 <DIR> d-------- C:\blaze
2007-10-07 09:24 <DIR> d-------- C:\alive
2007-10-03 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Phenomedia
2007-10-02 18:28 <DIR> d-------- C:\aimone
2007-10-02 09:48 <DIR> d-------- C:\easyvideoconv
2007-10-02 08:38 <DIR> d-------- C:\winavi
2007-10-02 08:34 <DIR> d-------- C:\anyvideocon
2007-09-30 10:58 <DIR> d-------- C:\mpg4
2007-09-25 16:39 <DIR> d-------- C:\Program Files\vso
2007-09-25 16:39 <DIR> d-------- C:\Documents and Settings\mycomputer\Application Data\Vso
2007-09-25 16:39 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-09-25 16:39 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-09-25 16:39 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-09-25 16:39 47,360 --a------ C:\Documents and Settings\mycomputer\Application Data\pcouffin.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-25 06:39 47,360 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-09-11 05:10 --------- d-----w C:\Documents and Settings\mycomputer\Application Data\DVD Flick
2007-08-24 03:22 --------- d-----w C:\Documents and Settings\mycomputer\Application Data\VideoReDoPlus
2007-07-08 02:50 82 ----a-w C:\Documents and Settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
2007-03-21 07:07:20 96,899 --sh--w C:\WINDOWS\system32\jitpjr.exe
2004-01-22 09:04:34 38,400 --sh--w C:\WINDOWS\system32\jitpjr.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f015f320-ab08-11db-abbd-0800200c9a66}]
C:\WINDOWS\inetloader.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 08:31]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 08:27]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2004-08-27 16:50]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2004-07-14 14:19]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2004-09-01 17:38]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.exe" [2004-07-30 11:30]
"RemoteControl"="C:\tools\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 21:05][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]
"NBJ"="C:\Nero\Nero BackItUp\NBJ.exe" [2005-01-04 14:17]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"Tok-Cirrhatus"="" []C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.exe [1997-08-01][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dllR1 UBHelper;MRW remapping;C:\WINDOWS\system32\drivers\UBHelper.sys
R2 avGuard;avGuard Service;D:\Ashampoo AntiVirus\ashAvSrv.exe
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
R3 AshAvScan;AshAvScan;C:\WINDOWS\system32\DRIVERS\AshAvScan.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
S1 atitray;atitray;\??\C:\omegadriver\ATI Tray Tools\atitray.sys.
**************************************************************************catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 07:48:37
Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2007-10-19 7:50:26 - machine was rebooted
.
--- E O F ---
I still have osa.exe running wich I assume is
for Microsoft office ?
Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
I then ran the usb disinfector prog.
For now everything seems to be running again.
Thanks
0
A little left to do.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\jitpjr.exe
C:\WINDOWS\system32\jitpjr.dllRegistry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f015f320-ab08-11db-abbd-0800200c9a66}]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".Post a new Hijack This log and a new Combofix log please.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
