Jump to content

Recommended Posts

I've been at this all day. I managed to get rid of most of the AV 2009 virus, but there are still left overs.

Any search I do on google gives me links that are all redirections to other sites. If I try to update spybot, it will not connect, the same for mcafee.

Here are the logs from MBAM: I ran Housecall Micro's scan earlier today as well. Below this is my log file for HJT. I am concerned that I am getting redirected and cannot connect to those protective sites.

Malwarebytes' Anti-Malware 1.30

Database version: 1306

Windows 5.1.2600 Service Pack 2

11/11/2008 2:35:45 PM

mbam-log-2008-11-11 (14-35-45).txt

Scan type: Quick Scan

Objects scanned: 49774

Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 9

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 14

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\VirusProtectPro 3.4 (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

C:\WINNT\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINNT\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\VirusProtectPro 3.4\ignored.lst (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.

C:\WINNT\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINNT\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINNT\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINNT\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINNT\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINNT\system32\wini10802.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINNT\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

Here is my second one run later in the day.

Malwarebytes' Anti-Malware 1.30

Database version: 1306

Windows 5.1.2600 Service Pack 2

11/11/2008 3:46:41 PM

mbam-log-2008-11-11 (15-46-41).txt

Scan type: Quick Scan

Objects scanned: 50358

Time elapsed: 14 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:12:29 PM, on 11/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Common Files\AOL\1155758737\ee\AOLSoftware.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

C:\WINNT\System32\NMSSvc.exe

C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\WINNT\System32\svchost.exe

C:\WINNT\wanmpsvc.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\AOL 9.1\waol.exe

C:\Program Files\AOL 9.1\shellmon.exe

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://espn.go.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155758737\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB

O16 - DPF: {10000000-1000-0000-1000-000000000000} -

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/250d3895325f1f...ip/RdxIE601.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://69.84.106.21:50001/bl_camera.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_04) -

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab

O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://antivirus.temple.edu/webinstall/webinst.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe

O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--

End of file - 6930 bytes

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.30

Database version: 1378

Windows 5.1.2600 Service Pack 2

11/12/2008 6:10:29 AM

mbam-log-2008-11-12 (06-10-29).txt

Scan type: Quick Scan

Objects scanned: 49540

Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{28caeff3-0f18-4036-b504-51d73bd81abc} (Adware.MediaAccess) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINNT\system32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:12:07 AM, on 11/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Common Files\AOL\1155758737\ee\AOLSoftware.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\AOL 9.1\waol.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\WINNT\System32\svchost.exe

C:\WINNT\wanmpsvc.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\AOL 9.1\shellmon.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

C:\Program Files\Malwarebytes' Anti-Malware\mba.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

C:\PROGRA~1\Symantec\LiveUpdate\AUpdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://ie.search.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://espn.go.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155758737\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\winrnr.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\rsvpsp.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\rsvpsp.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll

O15 - Trusted Zone: http://free.aol.com

O16 - DPF: DirectAnimation Java Classes - file://C:\WINNT\Java\classes\dajava.cab

O16 - DPF: Microsoft XML Parser for Java - file://C:\WINNT\Java\classes\xmldso.cab

O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab

O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/voxacm.CAB

O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/msaudio.cab

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB

O16 - DPF: {10000000-1000-0000-1000-000000000000} -

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab

O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/i263_32.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/250d3895325f1f...ip/RdxIE601.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://69.84.106.21:50001/bl_camera.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_04) -

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7867.7462731482

O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab

O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://antivirus.temple.edu/webinstall/webinst.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll

O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINNT\system32\msvidctl.dll

O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll

O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll

O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll

O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll

O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll

O18 - Protocol: ipp - (no CLSID) - (no file)

O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll

O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll

O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll

O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll

O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\System32\inetcomm.dll

O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll

O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll

O18 - Protocol: msdaipp - (no CLSID) - (no file)

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll

O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\System32\mshtml.dll

O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINNT\system32\msvidctl.dll

O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll

O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\System32\wiascr.dll

O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll

O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll

O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll

O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll

O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll

O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll

O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll

O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINNT\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINNT\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\System32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\System32\stobject.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll

O23 - Service: Application Layer Gateway Service (ALG) - Microsoft Corporation - C:\WINNT\System32\alg.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe

O23 - Service: Application Management (AppMgmt) - Microsoft Corporation - C:\WINNT\system32\svchost.exe

O23 - Service: Windows Audio (AudioSrv) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Computer Browser (Browser) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Indexing Service (CiSvc) - Microsoft Corporation - C:\WINNT\system32\cisvc.exe

O23 - Service: COM+ System Application (COMSysApp) - Microsoft Corporation - C:\WINNT\System32\dllhost.exe

O23 - Service: Cryptographic Services (CryptSvc) - Microsoft Corporation - C:\WINNT\system32\svchost.exe

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Microsoft Corporation - C:\WINNT\system32\svchost.exe

O23 - Service: DHCP Client (Dhcp) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINNT\System32\dmadmin.exe

O23 - Service: Logical Disk Manager (dmserver) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: DNS Client (Dnscache) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Error Reporting Service (ERSvc) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Event Log (Eventlog) - Microsoft Corporation - C:\WINNT\system32\services.exe

O23 - Service: COM+ Event System (EventSystem) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Help and Support (helpsvc) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: HTTP SSL (HTTPFilter) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Microsoft Corporation - C:\WINNT\System32\imapi.exe

O23 - Service: iprip - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Server (lanmanserver) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Workstation (lanmanworkstation) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Microsoft Corporation - C:\WINNT\System32\mnmsrvc.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Microsoft Corporation - C:\WINNT\System32\msdtc.exe

O23 - Service: Windows Installer (MSIServer) - Microsoft Corporation - C:\WINNT\System32\msiexec.exe

O23 - Service: Net Logon (Netlogon) - Microsoft Corporation - C:\WINNT\System32\lsass.exe

O23 - Service: Network Connections (Netman) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Network Location Awareness (NLA) (Nla) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Microsoft Corporation - C:\WINNT\System32\lsass.exe

O23 - Service: Removable Storage (NtmsSvc) - Microsoft Corporation - C:\WINNT\system32\svchost.exe

O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

O23 - Service: Plug and Play (PlugPlay) - Microsoft Corporation - C:\WINNT\system32\services.exe

O23 - Service: IPSEC Services (PolicyAgent) - Microsoft Corporation - C:\WINNT\System32\lsass.exe

O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

O23 - Service: Protected Storage (ProtectedStorage) - Microsoft Corporation - C:\WINNT\system32\lsass.exe

O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Remote Access Connection Manager (RasMan) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Microsoft Corporation - C:\WINNT\system32\sessmgr.exe

O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Microsoft Corporation - C:\WINNT\System32\locator.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Microsoft Corporation - C:\WINNT\system32\svchost.exe

O23 - Service: QoS RSVP (RSVP) - Microsoft Corporation - C:\WINNT\System32\rsvp.exe

O23 - Service: Security Accounts Manager (SamSs) - Microsoft Corporation - C:\WINNT\system32\lsass.exe

O23 - Service: Smart Card (SCardSvr) - Microsoft Corporation - C:\WINNT\System32\SCardSvr.exe

O23 - Service: Task Scheduler (Schedule) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Secondary Logon (seclogon) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: System Event Notification (SENS) - Microsoft Corporation - C:\WINNT\system32\svchost.exe

O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Shell Hardware Detection (ShellHWDetection) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Print Spooler (Spooler) - Microsoft Corporation - C:\WINNT\system32\spoolsv.exe

O23 - Service: System Restore Service (srservice) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: SSDP Discovery Service (SSDPSRV) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Microsoft Corporation - C:\WINNT\System32\dllhost.exe

O23 - Service: Performance Logs and Alerts (SysmonLog) - Microsoft Corporation - C:\WINNT\system32\smlogsvc.exe

O23 - Service: Telephony (TapiSrv) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Terminal Services (TermService) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Themes - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Distributed Link Tracking Client (TrkWks) - Microsoft Corporation - C:\WINNT\system32\svchost.exe

O23 - Service: Windows User Mode Driver Framework (UMWdf) - Microsoft Corporation - C:\WINNT\System32\wdfmgr.exe

O23 - Service: Universal Plug and Play Device Host (upnphost) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Uninterruptible Power Supply (UPS) - Microsoft Corporation - C:\WINNT\System32\ups.exe

O23 - Service: Volume Shadow Copy (VSS) - Microsoft Corporation - C:\WINNT\System32\vssvc.exe

O23 - Service: Windows Time (W32Time) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

O23 - Service: WebClient - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Windows Management Instrumentation (winmgmt) - Microsoft Corporation - C:\WINNT\system32\svchost.exe

O23 - Service: WMDM PMSP Service - Microsoft Corporation - C:\WINNT\System32\MsPMSPSv.exe

O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: WMI Performance Adapter (WmiApSrv) - Microsoft Corporation - C:\WINNT\System32\wbem\wmiapsrv.exe

O23 - Service: Security Center (wscsvc) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Automatic Updates (wuauserv) - Microsoft Corporation - C:\WINNT\system32\svchost.exe

O23 - Service: Wireless Zero Configuration (WZCSVC) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

O23 - Service: Network Provisioning Service (xmlprov) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

--

End of file - 22687 bytes

Link to post
Share on other sites

OK, we still have work to do.

Please set your system to show

all files; Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O16 - DPF: {10000000-1000-0000-1000-000000000000} -

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/250d3895325f1f...ip/RdxIE601.cab

O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://antivirus.temple.edu/webinstall/webinst.cab

O23 - Service: Task Scheduler (Schedule) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

Click on Fix Checked when finished and exit HijackThis.

Please install SP3 reboot update MBAM run a quick scan, post a new log from it and a new HJT log please.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.