Red: Source: Service Control Manager
Source ID: 7026
Description: The following boot-start or system-start driver(s) failed to load: ShldDrv
This maybe related to Panda Anti-Virus. Go into Add/Remove programs and uninstall anything related to Panda.
Red: Source: Service Control Manager
Source ID: 7000
Description: The Panda Process Protection Driver service failed to start due to the following error:
The system cannot find the file specified.
As above.
Red: Source: Service Control Manager
Source ID: 7000
Description: The Java Quick Starter service failed to start due to the following error:
The system cannot find the path specified.
Only info I can find is from Microsoft. Let me know if you need help with it.
Red: Source: DCOM
Source ID: 10016
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool. (This one occurs a few times).
Microsoft. Again, let me know if you need help with this.
I haven't gone through all the errors. Let me know what happens with the above.
This maybe related to Panda Anti-Virus. Go into Add/Remove programs and uninstall anything related to Panda.
As above.
Only info I can find is from Microsoft. Let me know if you need help with it.
Microsoft. Again, let me know if you need help with this.
I haven't gone through all the errors. Let me know what happens with the above.
Hey. Thanks for your patience.
I uninstalled the Panda Active Scan.
I looked at your first Microsoft link and it referred to Windows NT disk in the solution, so I don't know if that will help?
The second link I followed up but when it got to 3 I couldn't go any further as there was no appid to double click on.
ADDING at 2:57PM:
AVG ran a scheduled scan. It detected 2 Trojan Horse Generic11.BEOG infections in Program Files>Adobe Reader 9.
I can't understand why all of a sudden Adobe is being treated as an infection. The Adobe 9 files were downloaded through the Adobe update my computer ran over a month ago.
Also, when I googled this trojan, I couldn't find any information, not even on AVG. Have you heard of this trojan? Is this possibly a false-positive?
Sounds good. Only a minor issue occurring still:
-Programs at times (doesn't matter what programs) continue to crash and stop responding:sad2:
Hi.
Adding to my last post, today my computer randomly jarred and then rebooted by itself. Once it had logged back on, no error appeared so I checked the Event Viewer. There is no record of an error.
Can you download a new copy of ComboFix and post the results.
Hi.
No programs in particular; sometimes when I listen to music in iTunes the computer goes slow so I check task manager and find iTunes has stopped responding. Same goes for Mozilla Firefox, IE, AVG, Spybot, Notepad, etc.
I have just downloaded ComboFix and will post the report shortly.
Combofix found 2 files to delete: the usual SuggestedSites.dat and a thing called MSINET.oca
The report:
ComboFix 08-11-02.04 - Liam 2008-11-03 16:27:44.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1456 [GMT 11:00]
Running from: C:\Documents and Settings\Liam\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Liam\Local Settings\Temporary Internet Files\SuggestedSites.dat
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-10-03 to 2008-11-03 )))))))))))))))))))))))))))))))
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
2008-10-11 13:46:09 A
5,242,980 C:\Qoobox\Quarantine\C\Documents and Settings\Liam\Local Settings\Temporary Internet Files\SuggestedSites.dat.vir
2008-10-18 10:40:56 A
29,184 C:\Qoobox\Quarantine\C\WINDOWS\system32\MSINET.oca.vir
2008-11-03 16:26:54 A
58 C:\Qoobox\Quarantine\catchme.log
2008-11-03 16:29:03 A
12,283 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-11-03 16:29:57 A
2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-11-03 16:29:57 A
2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-11-03 16:29:57 A
2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-11-03 16:30:03 A
276 C:\Qoobox\Quarantine\Registry_backups\Notify-AtiExtEvent.reg.dat
Copy and paste the following file path into the Search Box in the middle of the page:
hkcmd(6).exe
Now click on the Send File button
NOTE:
If you come to the "File has already been analysed:" page, select "Reanalyse file now" to get a fresh scan.
Save a copy of the Anti-Virus results only. Post the results in your next reply.
I'm not sure why your program would be crashing.
Hi.
I ran Virus Total on the file and all 36 avg engines reported the file clean. Also, in the Windows Folder where this hkmcd(6).exe was found, there are also similar files found except with different numbers in the brackets like 1. Are these required files?
Also, do you have any ideas how I acquired the virus which ComboFix removed?
I ran Virus Total on the file and all 36 avg engines reported the file clean. Also, in the Windows Folder where this hkmcd(6).exe was found, there are also similar files found except with different numbers in the brackets like 1. Are these required files?
Also, do you have any ideas how I acquired the virus which ComboFix removed?
And, spybot crashed today. No error appeared.
Hey.
Today I thought I would run Panda Active Scan to see if it came up clean. Instead, the System Restore was shown to be infected again. Also, it found 2 suspicious files called 404Fix.exe and VACFix.exe
I ran them through Virus Total and both times the reports showed up with suspected IEDefender and Win32. So I have deleted them. Are they dangerous?
They have most likely come from IRC, P2P, suspected emails, etc. Just have to be extra careful on what gets downloaded or installed.
404Fix.exe and VACFix.exe are from SmitfraudFix, which is safe, but are flagged as malicious because they are unknown to Anti-Virus vendors.
Hey.
Sorry for the delayed reply. Been really busy with Year 12 school work.
Ok. So those SmitFraud files are now gone I hope? My computer is finally clean, yes?
The programs have stopped crashing. Everything seems to be normal again. But I just want to make sure that it is clean and that I won't have more nasty files appearing.
Hi. Thank you so much for the time you have spent over the last 2 months helping me clean my computer. I really appreciate your help, prompt replies and patience.
Comments
Starting with the errors...
This maybe related to Panda Anti-Virus. Go into Add/Remove programs and uninstall anything related to Panda.
As above.
Only info I can find is from Microsoft. Let me know if you need help with it.
Microsoft. Again, let me know if you need help with this.
I haven't gone through all the errors. Let me know what happens with the above.
Hey. Thanks for your patience.
I uninstalled the Panda Active Scan.
I looked at your first Microsoft link and it referred to Windows NT disk in the solution, so I don't know if that will help?
The second link I followed up but when it got to 3 I couldn't go any further as there was no appid to double click on.
ADDING at 2:57PM:
AVG ran a scheduled scan. It detected 2 Trojan Horse Generic11.BEOG infections in Program Files>Adobe Reader 9.
I can't understand why all of a sudden Adobe is being treated as an infection. The Adobe 9 files were downloaded through the Adobe update my computer ran over a month ago.
Also, when I googled this trojan, I couldn't find any information, not even on AVG. Have you heard of this trojan? Is this possibly a false-positive?
Windows XP is part of Windows NT, so it is fine to follow.
OK! Does the error still appear in Event Viewer?
Hey.
Thanks for your reply. Sorry I haven't replied sooner; been so busy.
Yeah, after I posted about the AVG other computers in my house reported the same thing so I figured it must have been a false positive.
I just followed the NT instructions so I will let you know if the error reappears in the Event Viewer.
The other error doesn't appear to be showing up in Event Viewer anymore. A good sign?
Also, is my computer almost clean and safe now?
Yes. I normally find that errors that show in Event Viewer only occur a few times and not regularly.
I would say Yes.
Let me know if there is anything else I can do.
Sounds good.
-Programs at times (doesn't matter what programs) continue to crash and stop responding:sad2:
Hi.
Adding to my last post, today my computer randomly jarred and then rebooted by itself. Once it had logged back on, no error appeared so I checked the Event Viewer. There is no record of an error.
Is this viral or software malfunction?
It could be a hardware problem.
Update Malwarebytes and run a scan with it. Please pot the results here.
Hi. Thanks for your fast reply. I ran Malwarebyte's AntiMalware:
Malwarebytes' Anti-Malware 1.30
Database version: 1338
Windows 5.1.2600 Service Pack 3, v.3311
30/10/2008 5:01:25 PM
mbam-log-2008-10-30 (17-01-23).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 146219
Time elapsed: 43 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Any ideas?
Is it any programs in particular?
Can you download a new copy of ComboFix and post the results.
Hi.
No programs in particular; sometimes when I listen to music in iTunes the computer goes slow so I check task manager and find iTunes has stopped responding. Same goes for Mozilla Firefox, IE, AVG, Spybot, Notepad, etc.
I have just downloaded ComboFix and will post the report shortly.
The report:
ComboFix 08-11-02.04 - Liam 2008-11-03 16:27:44.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1456 [GMT 11:00]
Running from: C:\Documents and Settings\Liam\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Liam\Local Settings\Temporary Internet Files\SuggestedSites.dat
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-10-03 to 2008-11-03 )))))))))))))))))))))))))))))))
.
2008-11-02 09:47 . 2008-11-02 09:47 <DIR> d
C:\Program Files\HostsMan
2008-11-02 09:47 . 2008-11-02 09:47 <DIR> d
C:\Documents and Settings\Liam\Application Data\abelhadigital.com
2008-11-02 09:47 . 2008-11-02 09:47 <DIR> d
C:\Documents and Settings\All Users\Application Data\abelhadigital.com
2008-11-02 09:06 . 2008-11-02 09:24 <DIR> d
C:\Program Files\Zoned Out
2008-10-30 16:15 . 2008-10-30 16:16 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 16:15 . 2008-10-22 16:10 38,496 --a
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-30 16:15 . 2008-10-22 16:10 15,504 --a
C:\WINDOWS\system32\drivers\mbam.sys
2008-10-29 12:41 . 2008-10-29 12:41 <DIR> d
C:\Program Files\PerformanceTest
2008-10-19 21:37 . 2008-10-19 21:37 <DIR> d
C:\WESTWOOD
2008-10-19 21:37 . 1994-08-24 00:00 188,960 --a
C:\WINDOWS\system\WINGDE.DLL
2008-10-19 21:37 . 1994-09-21 00:00 92,208 --a
C:\WINDOWS\system\WING.DLL
2008-10-19 21:37 . 1994-09-21 00:00 12,800 --a
C:\WINDOWS\system\WING32.DLL
2008-10-19 21:37 . 1994-09-21 00:00 6,736 --a
C:\WINDOWS\system\WINGDIB.DRV
2008-10-19 21:37 . 1994-09-21 00:00 5,024 --a
C:\WINDOWS\system\WINGPAL.WND
2008-10-19 21:37 . 1994-06-27 00:00 1,966 --a
C:\WINDOWS\system\DVA.386
2008-10-19 21:37 . 2008-10-19 21:37 78 --a
C:\WINDOWS\system\WIN32S.INI
2008-10-19 16:12 . 2008-10-19 16:12 <DIR> d
C:\Program Files\Disney Interactive
2008-10-19 16:12 . 2008-10-19 16:12 946 --a
C:\WINDOWS\disney.ini
2008-10-19 16:08 . 2008-10-19 16:08 <DIR> d
C:\Documents and Settings\Liam\WINDOWS
2008-10-19 16:08 . 2008-10-19 16:08 286 --a
C:\WINDOWS\EReg077.dat
2008-10-19 16:08 . 2008-10-19 16:09 23 --a
C:\WINDOWS\TLCAPPS.INI
2008-10-18 10:40 . 1998-06-18 09:00 89,360 --a
C:\WINDOWS\system32\VB5DB.DLL
2008-10-18 10:40 . 2000-03-17 17:21 69,632 --a
C:\WINDOWS\system32\xmltok.dll
2008-10-18 10:40 . 2000-03-17 17:21 36,864 --a
C:\WINDOWS\system32\xmlparse.dll
2008-10-18 10:40 . 2002-04-24 21:43 35,840 --a
C:\WINDOWS\system32\comdlg32.oca
2008-10-18 10:40 . 2002-10-17 19:35 26,096 --a
C:\WINDOWS\system32\xmlinst.exe
2008-10-18 10:37 . 2008-10-18 10:40 <DIR> d
C:\Program Files\Ubisoft
2008-10-17 16:04 . 2008-09-11 10:15 5,672,960 --a
C:\WINDOWS\system32\igfxress.dll
2008-10-17 16:04 . 2008-09-11 10:16 212,992 --a
C:\WINDOWS\system32\igfxpph.dll
2008-10-12 14:30 . 2000-06-26 11:45 106,496 --a
C:\WINDOWS\system32\TwnLib20.dll
2008-10-12 14:30 . 2001-06-26 08:15 38,912
C:\WINDOWS\system32\picn20.dll
2008-10-12 14:29 . 2008-10-12 14:32 <DIR> d
C:\Program Files\Common Files\Ahead
2008-10-12 14:29 . 2008-10-12 14:30 <DIR> d
C:\Program Files\Ahead
2008-10-12 14:29 . 2001-07-09 11:50 155,648 --a
C:\WINDOWS\system32\NeroCheck.exe
2008-10-11 14:07 . 2008-10-11 15:03 <DIR> d
C:\WINDOWS\system32\URTTemp
2008-10-11 07:30 . 2008-10-11 07:30 <DIR> d
C:\ERDNT
2008-10-10 21:10 . 2008-10-10 21:10 606 --a
C:\WINDOWS\Uninstall Manager.INI
2008-10-10 21:07 . 2008-10-10 21:12 <DIR> d
C:\Program Files\Advanced System Optimizer
2008-10-10 21:07 . 2008-10-10 21:07 <DIR> d
C:\Documents and Settings\Liam\Application Data\Systweak
2008-10-10 20:59 . 2008-10-10 21:02 <DIR> d
C:\Program Files\RegCure
2008-10-10 17:42 . 2008-10-10 17:42 <DIR> d
C:\Program Files\MSXML 4.0
2008-10-10 17:02 . 2008-10-11 14:57 <DIR> d
C:\Documents and Settings\Liam\work
2008-10-10 17:02 . 2008-10-10 17:02 1,683,456 --a
C:\Documents and Settings\Liam\FahCore_82.exe
2008-10-10 17:02 . 2008-10-10 17:02 7,168 --a
C:\Documents and Settings\Liam\queue.dat
2008-10-10 08:36 . 2008-10-10 08:36 <DIR> d
C:\Program Files\Folding@home
2008-10-10 07:48 . 2008-10-10 07:53 <DIR> d
C:\Folding
2008-10-10 07:48 . 2008-10-18 08:22 <DIR> d
C:\Documents and Settings\Liam\Application Data\Folding@home-x86
2008-10-09 16:37 . 2008-05-14 09:34 1,000,744 --a
C:\WINDOWS\system32\ShellManager10E2D762.dll
2008-10-09 14:23 . 2008-10-09 14:23 <DIR> d
C:\Documents and Settings\Liam\Application Data\SUPERAntiSpyware.com
2008-10-09 12:53 . 2008-04-10 19:52 648,192 --a
C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-10-08 19:04 . 2008-10-08 19:04 <DIR> d
C:\Documents and Settings\Liam\Application Data\Nero
2008-10-08 18:59 . 2008-10-08 19:33 <DIR> d
C:\Program Files\Common Files\Nero
2008-10-08 13:14 . 2008-10-09 17:18 <DIR> d
C:\Documents and Settings\All Users\Application Data\Nero
2008-10-08 12:32 . 2008-10-08 12:32 <DIR> d
C:\Program Files\Secunia
2008-10-07 09:07 . 2008-10-07 09:08 <DIR> d
C:\Program Files\Your Uninstaller 2008
2008-10-06 16:39 . 2008-11-02 14:09 <DIR> d
C:\Documents and Settings\Liam\Tracing
2008-10-06 15:07 . 2008-10-06 15:07 <DIR> d
C:\WINDOWS\Performance
2008-10-06 15:07 . 2008-10-06 15:12 <DIR> d
C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-10-06 15:04 . 2008-10-06 15:04 <DIR> d
C:\Sandbox
2008-10-05 09:05 . 2008-11-03 16:25 <DIR> d
C:\Documents and Settings\Liam\Application Data\SiteAdvisor
2008-10-05 09:05 . 2008-10-05 09:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-05 09:05 . 2008-10-05 09:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-05 08:13 . 2008-10-05 08:13 <DIR> d
C:\rsit
2008-10-04 18:53 . 2008-10-05 14:23 <DIR> d
C:\Program Files\MagicISO
2008-10-04 18:36 . 2008-10-04 18:36 <DIR> d
C:\Program Files\Lavasoft
2008-10-04 16:54 . 2008-10-04 16:54 <DIR> d
C:\Program Files\Sandboxie
2008-10-04 16:54 . 2008-10-28 20:57 1,850 --a
C:\WINDOWS\Sandboxie.ini
2008-10-04 14:48 . 2008-10-04 14:48 <DIR> d
C:\Program Files\Microsoft Office Outlook Connector
2008-10-04 14:47 . 2008-10-04 14:47 <DIR> d
C:\Program Files\Microsoft
2008-10-04 14:45 . 2008-10-04 14:45 <DIR> d
C:\Program Files\Common Files\Windows Live
2008-10-04 14:42 . 2008-10-04 14:42 <DIR> d
C:\Program Files\Common Files\Adobe AIR
2008-10-04 13:17 . 2008-10-04 13:18 <DIR> d
C:\Program Files\iTunes
2008-10-04 13:17 . 2008-10-04 13:17 <DIR> d
C:\Program Files\iPod
2008-10-04 13:17 . 2008-10-04 13:18 <DIR> d
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 12:36 . 2008-11-03 16:22 <DIR> d
C:\WINDOWS\system32\drivers\Avg
2008-10-04 12:36 . 2008-10-05 17:32 <DIR> d
C:\Documents and Settings\Liam\Application Data\AVGTOOLBAR
2008-10-04 12:36 . 2008-10-31 16:56 98,440 --a
C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-04 12:36 . 2008-10-23 19:32 90,632 --a
C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-04 12:36 . 2008-10-04 12:36 12,936 --a
C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-10-04 12:36 . 2008-10-04 12:36 10,520 --a
C:\WINDOWS\system32\avgrsstx.dll
2008-10-04 12:35 . 2008-10-23 19:32 50,968 --a
C:\WINDOWS\system32\avgfwdx.dll
2008-10-04 12:35 . 2008-10-23 19:32 29,208 --a
C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-10-04 10:43 . 2003-12-11 10:50 37,916 --a
C:\WINDOWS\system32\drivers\LHidUsb.sys
2008-10-04 08:50 . 2008-10-04 08:50 <DIR> d
C:\Program Files\uTorrent
2008-10-03 13:46 . 2008-06-10 02:32 73,728 --a
C:\WINDOWS\system32\javacpl.cpl
2008-10-03 12:03 . 2008-10-03 12:03 <DIR> d
C:\Program Files\WOT
2008-10-03 12:01 . 2008-10-03 19:15 <DIR> d
C:\Documents and Settings\Liam\Application Data\SpamPal
2008-10-03 09:38 . 2008-10-03 09:38 <DIR> d
C:\Documents and Settings\Liam\Application Data\URSoft
2008-10-03 08:54 . 2008-10-06 13:28 <DIR> d
C:\Documents and Settings\All Users\Application Data\SecTaskMan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 22:54
d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-01 22:54
d
w C:\Program Files\SpywareBlaster
2008-11-01 11:23
d
w C:\Documents and Settings\Liam\Application Data\uTorrent
2008-10-21 06:08
d
w C:\Program Files\Microsoft Silverlight
2008-10-19 10:35
d--h--w C:\Program Files\InstallShield Installation Information
2008-10-19 10:35
d
w C:\Program Files\Common Files\InstallShield
2008-10-17 05:16
d
w C:\Program Files\Macromedia
2008-10-16 09:12
d
w C:\Program Files\Panda Security
2008-10-11 04:36
d
w C:\Program Files\Microsoft.NET
2008-10-09 01:32
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-08 22:46
d
w C:\Program Files\Driver Sweeper
2008-10-07 05:58
d
w C:\Program Files\TuneUp Utilities 2008
2008-10-06 04:50
d
w C:\Program Files\Java
2008-10-05 21:33
d
w C:\Documents and Settings\All Users\Application Data\Avira
2008-10-05 10:02
d
w C:\Program Files\Windows Live Safety Center
2008-10-04 03:47
d
w C:\Program Files\Windows Live
2008-10-04 01:35
d
w C:\Documents and Settings\All Users\Application Data\avg8
2008-10-04 01:14 62,834 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_10_04_09_20_27_small.dmp.zip
2008-10-03 00:49
d
w C:\Program Files\Sun
2008-10-02 23:49 2,285,056 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-10-02 20:41
d
w C:\Program Files\Spybot - Search & Destroy
2008-10-02 07:58
d
w C:\Documents and Settings\Liam\Application Data\U3
2008-10-02 07:50
d
w C:\Program Files\Innovative Solutions
2008-10-01 21:48
d
w C:\Program Files\EsetOnlineScanner
2008-09-29 23:40
d
w C:\Program Files\Raxco
2008-09-29 23:19
d
w C:\Documents and Settings\All Users\Application Data\Raxco
2008-09-29 23:07
d
w C:\Program Files\BillP Studios
2008-09-29 23:07
d
w C:\Documents and Settings\Liam\Application Data\WinPatrol
2008-09-29 23:05
d
w C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-29 22:47
d
w C:\Documents and Settings\All Users\Application Data\NOS
2008-09-29 22:45
d
w C:\Program Files\Common Files\Adobe
2008-09-29 22:30
d
w C:\Program Files\NOS
2008-09-29 02:32
d
w C:\Documents and Settings\All Users\Application Data\U3
2008-09-28 06:00
d
w C:\Program Files\Common Files\Macromedia
2008-09-23 11:42
d
w C:\Documents and Settings\All Users\Application Data\Premium Security Suite
2008-09-21 07:45
d
w C:\Program Files\Windows Installer Clean Up
2008-09-21 07:45
d
w C:\Program Files\MSECache
2008-09-18 22:11 920,088 ----a-w C:\WINDOWS\system32\igxpun.exe
2008-09-16 06:40
d
w C:\Documents and Settings\Liam\Application Data\Malwarebytes
2008-09-16 06:40
d
w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 08:50 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-13 05:00
d
w C:\Documents and Settings\Liam\Application Data\TrojanHunter
2008-09-13 02:02
d
w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-12 06:45
d
w C:\Program Files\Bonjour
2008-09-12 06:44
d
w C:\Program Files\QuickTime
2008-09-12 06:44
d
w C:\Program Files\Common Files\Apple
2008-09-11 00:00 147,456 ----a-w C:\WINDOWS\system32\igfxCoIn_v4990.dll
2008-09-10 23:53 3,401,216 ----a-w C:\WINDOWS\system32\igxpdx32.dll
2008-09-10 23:52 6,047,904 ----a-w C:\WINDOWS\system32\drivers\igxpmp32.sys
2008-09-10 23:52 2,352,128 ----a-w C:\WINDOWS\system32\igxpdv32.dll
2008-09-10 23:52 181,760 ----a-w C:\WINDOWS\system32\igxpgd32.dll
2008-09-10 23:52 1,481,884 ----a-w C:\WINDOWS\system32\igkrng400.bin
2008-09-10 23:51 57,344 ----a-w C:\WINDOWS\system32\igxprd32.dll
2008-09-10 23:34 2,277,376 ----a-w C:\WINDOWS\system32\ig4dev32.dll
2008-09-10 23:27 3,862,528 ----a-w C:\WINDOWS\system32\ig4icd32.dll
2008-09-10 23:18 651,264 ----a-w C:\WINDOWS\system32\igfxcfg.exe
2008-09-10 23:17 172,032 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-09-10 23:17 143,360 ----a-w C:\WINDOWS\system32\igfxtray.exe
2008-09-10 23:16 52,224 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
2008-09-10 23:16 249,856 ----a-w C:\WINDOWS\system32\igfxsrvc.exe
2008-09-10 23:16 24,576 ----a-w C:\WINDOWS\system32\igfxexps.dll
2008-09-10 23:16 172,032 ----a-w C:\WINDOWS\system32\igfxext.exe
2008-09-10 23:16 143,360 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-09-10 23:16 135,168 ----a-w C:\WINDOWS\system32\igfxdo.dll
2008-09-10 23:16 106,496 ----a-w C:\WINDOWS\system32\hccutils.dll
2008-09-10 23:15 217,088 ----a-w C:\WINDOWS\system32\igfxdev.dll
2008-09-10 07:31
d
w C:\Program Files\Belarc
2008-09-10 00:11 410,976 ----a-w C:\WINDOWS\system32\deploytk.dll
2008-09-09 09:42
d
w C:\Documents and Settings\Liam\Application Data\Uniblue
2008-09-09 09:06
d
w C:\Program Files\Trend Micro
2008-09-09 02:17 2,826 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-08 14:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-06 12:12
d
w C:\Documents and Settings\Liam\Application Data\My Battle for Middle-earth(tm) II Files
2008-09-04 00:02
d
w C:\Documents and Settings\Liam\Application Data\Search Settings
2008-09-02 06:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-08-29 00:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-28 23:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-21 17:16 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-21 17:10 11,985,408 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-21 17:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-21 17:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-21 17:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-21 17:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-21 17:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-21 17:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-21 17:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-21 17:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-21 17:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-21 17:07 18,944 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-21 17:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-08-21 17:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-08-21 17:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-21 17:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-21 17:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-21 17:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-21 16:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-21 16:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-21 16:42 443,392 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-18 02:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd(6).exe
2008-03-01 22:49 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030220080303\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 15360]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 153856]
"AVG Watchdog Service"="C:\Program Files\AVG\AVG8\avgwdsvc.exe" [2008-10-04 231704]
"FahCore_82"="C:\Documents and Settings\Liam\FahCore_82.exe" [2008-10-10 1683456]
"Folding@home"="C:\Documents and Settings\Liam\Start Menu\Programs\Folding@home-x86\Folding@home.lnk" [2008-10-30 2569]
"SetDefaultMIDI"="MIDIDef.exe" [2005-12-08 C:\WINDOWS\MIDIDEF.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-23 1235736]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-09-11 143360]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 C:\WINDOWS\RTHDCPL.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-26 C:\WINDOWS\Logi_MwX.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-12 15360]
C:\Documents and Settings\Liam\Start Menu\Programs\Startup\
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [6/16/2008 8:03:08 PM 663552]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/16/2008 5:03:11 PM 113664]
AlarmS4.lnk - C:\WINDOWS\system32\AlarmS4.exe [8/20/2003 10:15:36 AM 241664]
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [1/26/2006 6:55:04 PM 1486848]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 0 (0x0)
"DisableClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-10-04 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-31 98440]
R1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-23 90632]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2006-05-18 26090]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-04 231704]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-10-23 1224984]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [2006-06-06 17536]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [2006-06-07 90112]
R2 LMS;Intel(R) Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe [2006-06-29 98304]
R2 LockServ;LockServ;C:\Acer\Empowering Technology\eLock\LockServ.exe [2006-05-30 368640]
R2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys [2006-01-25 11136]
R2 netlock;netlock;C:\WINDOWS\system32\drivers\netlock.sys [2006-01-19 2116096]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-07-01 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-04-01 4010]
R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-02-12 14336]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-23 29208]
R3 PortRW;PortRW;C:\WINDOWS\system32\Drivers\PortRW.sys [2003-08-16 3456]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-09-02 100352]
S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [ ]
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [ ]
S3 Acer ODDSpeedControl;Acer ODDSpeedControl;C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe [2005-02-16 81920]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-23 29208]
S3 bepldr;BCL easyPDF SDK 5 Loader;C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-08-22 151552]
S3 cmusbnet;WAN Driver @ 3GPP (6280);C:\WINDOWS\system32\DRIVERS\cmusbnet.sys [2006-11-24 81152]
S3 cmusbser;%CMUSBSER%;C:\WINDOWS\system32\DRIVERS\cmusbser.sys [2006-12-14 87040]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 MTXPARH;MTXPARH;C:\WINDOWS\system32\DRIVERS\MTXPARHM.sys [2005-04-22 500608]
S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-01 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2008-11-03 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 10:09]
2008-11-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2008-11-03 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-06-03 13:19]
2008-10-10 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-06-03 13:19]
2008-11-03 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A41D1FC8-2A4B-4DBD-8205-49472C823A79}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 04:05]
.
- - - - ORPHANS REMOVED - - - -
Notify-AtiExtEvent - (no file)
.
Supplementary Scan
.
FireFox -: Profile - C:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\ru356jyp.default\
FF -: plugin - C:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\ru356jyp.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 16:29:22
Windows 5.1.2600 Service Pack 3, v.3311 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-03 16:31:14
ComboFix-quarantined-files.txt 2008-11-03 05:30:19
ComboFix2.txt 2008-10-10 21:02:32
Pre-Run: 125,022,912,512 bytes free
Post-Run: 125,132,599,296 bytes free
377 --- E O F --- 2008-10-21 04:56:39
2008-10-11 13:46:09 A
5,242,980 C:\Qoobox\Quarantine\C\Documents and Settings\Liam\Local Settings\Temporary Internet Files\SuggestedSites.dat.vir
2008-10-18 10:40:56 A
29,184 C:\Qoobox\Quarantine\C\WINDOWS\system32\MSINET.oca.vir
2008-11-03 16:26:54 A
58 C:\Qoobox\Quarantine\catchme.log
2008-11-03 16:29:03 A
12,283 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-11-03 16:29:57 A
2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-11-03 16:29:57 A
2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-11-03 16:29:57 A
2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-11-03 16:30:03 A
276 C:\Qoobox\Quarantine\Registry_backups\Notify-AtiExtEvent.reg.dat
The log looks fine, but one file I'd like scanned please:
- Go to VirusTotal
- Copy and paste the following file path into the Search Box in the middle of the page:
- hkcmd(6).exe
- Now click on the Send File button
- If you come to the "File has already been analysed:" page, select "Reanalyse file now" to get a fresh scan.
[*]Save a copy of the Anti-Virus results only. Post the results in your next reply.NOTE:
I'm not sure why your program would be crashing.
Hi.
I ran Virus Total on the file and all 36 avg engines reported the file clean. Also, in the Windows Folder where this hkmcd(6).exe was found, there are also similar files found except with different numbers in the brackets like 1. Are these required files?
Also, do you have any ideas how I acquired the virus which ComboFix removed?
And, spybot crashed today. No error appeared.
Hey.
Today I thought I would run Panda Active Scan to see if it came up clean. Instead, the System Restore was shown to be infected again. Also, it found 2 suspicious files called 404Fix.exe and VACFix.exe
I ran them through Virus Total and both times the reports showed up with suspected IEDefender and Win32. So I have deleted them. Are they dangerous?
They have most likely come from IRC, P2P, suspected emails, etc. Just have to be extra careful on what gets downloaded or installed.
404Fix.exe and VACFix.exe are from SmitfraudFix, which is safe, but are flagged as malicious because they are unknown to Anti-Virus vendors.
Hey.
Sorry for the delayed reply. Been really busy with Year 12 school work.
Ok. So those SmitFraud files are now gone I hope? My computer is finally clean, yes?
The programs have stopped crashing. Everything seems to be normal again. But I just want to make sure that it is clean and that I won't have more nasty files appearing.
Yes, your computer is clean.
Hi. Thank you so much for the time you have spent over the last 2 months helping me clean my computer. I really appreciate your help, prompt replies and patience.
Thank you.:)