Solve : Logs for following malware removal steps? – InterviewSolution

1.	Solve : Logs for following malware removal steps?
Answer» Please can someone look at my logs, not sure if I got rid of all virus. I've run through the malware removal steps and here are my logs for superanti spyware/malwarebytes anti-malware/HJT SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/07/2008 at 07:04 PM Application Version : 4.21.1004 Core Rules Database Version : 3665 Trace Rules Database Version: 1645 Scan type : Complete Scan Total Scan Time : 00:39:02 Memory items scanned : 313 Memory threats detected : 0 Registry items scanned : 5797 Registry threats detected : 7 File items scanned : 22934 File threats detected : 12 Adware.Tracking Cookie C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[emailprotected][1].txt C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[emailprotected][1].txt C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[emailprotected][2].txt C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[emailprotected][2].txt C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[emailprotected][2].txt C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[emailprotected][2].txt C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[emailprotected][1].txt C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[emailprotected][2].txt Rogue.Component/Trace HKLM\Software\Microsoft\E04E9B0C HKLM\Software\Microsoft\E04E9B0C#e04e9b0c HKLM\Software\Microsoft\E04E9B0C#red_srv HKLM\Software\Microsoft\E04E9B0C#red_srv_bckp HKLM\Software\Microsoft\E04E9B0C#Version HKLM\Software\Microsoft\E04E9B0C#e04e368c HKLM\Software\Microsoft\E04E9B0C#e04e5f69 Rootkit.TDSServ/Fake C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1359\A0203487.SYS Adware.Vundo Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1414\A0213359.DLL Adware.Vundo/Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1415\A0215395.DLL Trojan.Unknown Origin C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1418\A0217412.DLL Malwarebytes' Anti-Malware 1.31 Database version: 1469 Windows 5.1.2600 Service Pack 2 12/7/2008 5:49:47 PM mbam-log-2008-12-07 (17-49-47).txt Scan type: Quick Scan Objects scanned: 71051 Time elapsed: 25 minute(s), 11 second(s) Memory Processes Infected: 3 Memory Modules Infected: 3 Registry Keys Infected: 18 Registry Values Infected: 3 Registry Data Items Infected: 3 Folders Infected: 4 Files Infected: 34 Memory Processes Infected: C:\Documents and Settings\Matt & Ariana\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Unloaded PROCESS successfully. C:\Program Files\Extra Antivir\Extra Antivir.exe (Rogue.Extraantivir) -> Unloaded process successfully. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\ddcDspPj.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vtUmLcCv.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vgjvvb.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c45c649-d662-40ff-8f3b-cb9c1e13ae58} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3c45c649-d662-40ff-8f3b-cb9c1e13ae58} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtumlccv (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3632e35-300c-487e-b96f-22428439bb1d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{e3632e35-300c-487e-b96f-22428439bb1d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f34dd418-b748-46eb-8305-baaeb7353cac} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f34dd418-b748-46eb-8305-baaeb7353cac} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cab59b4-55a3-4737-9fd5-b93c6430bf78} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7cab59b4-55a3-4737-9fd5-b93c6430bf78} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f34dd418-b748-46eb-8305-baaeb7353cac} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3c45c649-d662-40ff-8f3b-cb9c1e13ae58} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\extra antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiexec.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcdsppj -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcdsppj -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Extra Antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\START Menu\Programs\Extra Antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Documents and Settings\Matt & Ariana\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Matt & Ariana\Application Data\Extra Antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\nnnnNDuU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UuDNnnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UuDNnnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vtUmLcCv.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ddcDspPj.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jPpsDcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jPpsDcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vgjvvb.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gjeosdmu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Matt & Ariana\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ifmtmlir.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Matt & Ariana\Local Settings\Temporary Internet Files\Content.IE5\2KG3E0C7\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Matt & Ariana\Local Settings\Temporary Internet Files\Content.IE5\M6NM0N4O\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Matt & Ariana\Local Settings\Temporary Internet Files\Content.IE5\M6NM0N4O\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Extra Antivir\Buy.url (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Program Files\Extra Antivir\Extra Antivir.exe (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Program Files\Extra Antivir\Help.url (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Program Files\Extra Antivir\HowToBuy.txt (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Program Files\Extra Antivir\ID.dat (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Program Files\Extra Antivir\License.txt (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Program Files\Extra Antivir\Uninstall.exe (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Purchase License.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Start Extra Antivir.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Support Page.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Uninstall.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Documents and Settings\Matt & Ariana\Application Data\Extra Antivir\Extra Antivir.ini (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Documents and Settings\Matt & Ariana\Application Data\Extra Antivir\spl.ini (Rogue.Extraantivir) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\Best BDSM P0rn.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\Gay Fetish Sex.url (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv481228549733.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Matt & Ariana\Start Menu\Programs\Startup\Extra Antivir.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:24:14 PM, on 12/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [Zzoechk] C:\WINDOWS\W?nSxS\w?wexec.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Matt & Ariana\Application Data\Twain\Twain.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base MODULE) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163132585593 O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.cashcall.com/LoanStatus/x86/capicom.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O20 - AppInit_DLLs: eofgmvmn.dll rseuuw.dll bnlevj.dll vgjvvb.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe -- End of file - 6968 bytes Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before PERFORMING a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. For Windows XP Systems INSTALL the Recovery Console: - If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes*. - If for some reason your Internet is not working click No. - If you are not using Windows XP, you will not be prompted. - When prompted to accept the EULA click OK. - Accept Microsoft's EULA (Click Yes). - When you are told that the RC is installed correctly click YES* to continue scanning for malware. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. *Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.*

Discussion

No Comment Found

Related InterviewSolutions