Win32.Brontok

View previous topic View next topic Go down

Win32.Brontok

Post by IIRCMII on Tue Aug 11, 2009 4:35 pm

I have been infected by a Win32.Brontok virus, and I have gone to the link given on this website to [You must be registered and logged in to see this link.] but for whatever reason that website could not be opened. My browser has been opening every other site without problems but not that one. Please advise me what to do next to go about removing the worm and returning my Laptop to its previous state. Thanks in advance.

IIRCMII
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-08-11
OS OS : Vista Home Premium
Points Points : 26737
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Brontok

Post by jaminjenn on Tue Aug 11, 2009 4:37 pm

my computer has the personal antivirus 2009 and i can not get rid of it...... what do i do

jaminjenn
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-08-11
OS OS : hp pavilion mx70
Points Points : 26732
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Brontok

Post by Belahzur on Tue Aug 11, 2009 4:52 pm

jaminjenn - Please post your own topic if you need help.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32.Brontok

Post by IIRCMII on Tue Aug 11, 2009 5:41 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:35, on 11/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Perfect Defender 2009\pdmonitor.exe
C:\Program Files\eSnips\ClientGW.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Users\Bob\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Bob\AppData\Roaming\Google\dwms.exe
C:\Program Files\Perfect Defender 2009\pdfndr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Mirar - {DF16B24B-8DC7-4384-9A79-139B4D5448DA} - C:\Windows\system32\winc178.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: esnips toolbar helper - {F9B72325-A029-4a39-943A-02433C978829} - C:\Program Files\eSnips\eSnipsToolbar\1.3.0.0\escort.dll
O3 - Toolbar: esnips Toolbar - {3132F1DF-2C69-49f5-ACA5-69965FC18E59} - C:\Program Files\eSnips\eSnipsToolbar\1.3.0.0\escorTlbr.dll
O3 - Toolbar: Mirar - {DF16B24A-8DC7-4384-9A79-139B4D5448DA} - C:\Windows\system32\winc178.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [Bar] C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFBVY318\SETUP[1].exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Bob\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Save] C:\Users\Bob\AppData\Roaming\Save\Save.exe
O4 - HKCU\..\Run: [realteks] "C:\Users\Bob\AppData\Roaming\Google\dwms.exe" 2
O4 - HKCU\..\Run: [Perfect Defender 2009] "C:\Program Files\Perfect Defender 2009\pdfndr.exe" auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{18168ADA-FB23-44A8-92A9-9D7997BCB4FB}: NameServer = 85.255.112.196,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{78425480-6906-4BA2-A917-F7BA1ED09038}: NameServer = 85.255.112.196,85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.196,85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{18168ADA-FB23-44A8-92A9-9D7997BCB4FB}: NameServer = 85.255.112.196,85.255.112.13
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.196,85.255.112.13
O17 - HKLM\System\CS4\Services\Tcpip\..\{18168ADA-FB23-44A8-92A9-9D7997BCB4FB}: NameServer = 85.255.112.196,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.196,85.255.112.13
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11119 bytes

IIRCMII
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-08-11
OS OS : Vista Home Premium
Points Points : 26737
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Brontok

Post by Belahzur on Tue Aug 11, 2009 6:05 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    O3 - Toolbar: Mirar - {DF16B24A-8DC7-4384-9A79-139B4D5448DA} - C:\Windows\system32\winc178.dll
    O4 - HKCU\..\Run: [Save] C:\Users\Bob\AppData\Roaming\Save\Save.exe
    O4 - HKCU\..\Run: [realteks] "C:\Users\Bob\AppData\Roaming\Google\dwms.exe" 2
    O4 - HKCU\..\Run: [Perfect Defender 2009] "C:\Program Files\Perfect Defender 2009\pdfndr.exe" auto
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18168ADA-FB23-44A8-92A9-9D7997BCB4FB}: NameServer = 85.255.112.196,85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\..\{78425480-6906-4BA2-A917-F7BA1ED09038}: NameServer = 85.255.112.196,85.255.112.13
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.196,85.255.112.13
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18168ADA-FB23-44A8-92A9-9D7997BCB4FB}: NameServer = 85.255.112.196,85.255.112.13
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.196,85.255.112.13
    O17 - HKLM\System\CS4\Services\Tcpip\..\{18168ADA-FB23-44A8-92A9-9D7997BCB4FB}: NameServer = 85.255.112.196,85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.196,85.255.112.13


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32.Brontok

Post by IIRCMII on Tue Aug 11, 2009 6:13 pm

Neither of the following were on the list:

O4 - HKCU\..\Run: [realteks] "C:\Users\Bob\AppData\Roaming\Google\dwms.exe" 2
O4 - HKCU\..\Run: [Perfect Defender 2009] "C:\Program Files\Perfect Defender 2009\pdfndr.exe" auto

And Whenever I try the link to malwarebytes it says that the page cannot be displayed. The same happens whenever I try a different anti-malware site. I am guessing it is part of the programming of the worm to stop attempts at getting rid of it, but I may be wrong. Thanks.

IIRCMII
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-08-11
OS OS : Vista Home Premium
Points Points : 26737
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Brontok

Post by Belahzur on Tue Aug 11, 2009 6:22 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32.Brontok

Post by IIRCMII on Wed Aug 12, 2009 11:30 am

I have AVG Free 8.0 and the only step on that link is to disable AVG 8.0. For some reason Add/Remove Programs is no longer in my Control Panel. What should I do?

IIRCMII
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-08-11
OS OS : Vista Home Premium
Points Points : 26737
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Brontok

Post by Belahzur on Wed Aug 12, 2009 4:59 pm

Try running Combofix anyway, AVG is as aggressive as other AV's, doesn't interfere as much.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32.Brontok

Post by IIRCMII on Wed Aug 12, 2009 6:31 pm

It seems to have returned everything to normal. Thank you so much! Smile

IIRCMII
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-08-11
OS OS : Vista Home Premium
Points Points : 26737
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Brontok

Post by Belahzur on Wed Aug 12, 2009 9:12 pm

Can you post the Combofix log?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum