3.exe virus/malware + LOG

Hi all, how are you!

I recently bought a brand new laptop G42-245br, it's about 2 weeks old!

So here we go again, today the Avira found 8 detections and moved them to
quarantine, see LOG.

Oh BTW. my Avira anti virus is installed in Portuguese, should I change that
to English, and how, would that be easy, or need I reinstall it?

I would like help to check the system, before it crashes.

Detail: I use Glary Utilities free, WinASO Registry Optimizer free, and MyD.

And a whole bunch of other cra* programs, like the uniblue RB registry
booster, which I deleted cuz it wasn't free.

So I might already have messed up the REG>

Thanks,



Wrenchman

 

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this aother user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
​

 

Hello again!

The problems continue like never before!

Had blue screen when trying to repair SAS

Did rerun without:
Use Kernel Direct File Access (recommended)
Use Kernel Direct Registry Access (recommended)

SAS came out fine after that, but this time it found 63 faults, instead of 30 the first time.

Blue screen when trying to repair MBAM

Ran mbam, it found 63 faults, same amount of faults as SAS.

I have NOT been able to Fix mbam, therefore they all appear as NOT fixed

MGtools: Exit, OK.

I could NOT find information about when to start ComboFix, decided to start it after the MGtools.

Blue screen when trying to RUN ComboFix

Before I started the scans, I removed just about all the junk DL's, during this
a bunch of boxes pops up, I do not remember them all, one says:
3.exe set to autostart
another
Windows Defender will NO longer autostart.

The cpu runs 100% ALL the time

Heeeeeeeeeeeeeeeeeeeeelp!

Plus a whole lot of other problems

Every now and then(more now than then), a box pops up saying:

95653945.exe stopped working(see foto), with a smiley to make bad worse.

Thanks



Wrenchman

PS. Oh I'm sorry my system is Brazilian Portuguese, but a lot of it is English, I
will help you translate if in doubt.

 

I'm currently working through your logs, please be patient as there is a lot of information to review.

 

First, we need to get into Safe Mode with Networking to run some more tests.


Starting your computer in Safe mode with Networking

Once in Safe Mode..
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator

You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

1. Rkill.exe
2. Rkill.com
3. Rkill.scr
4. iExplore.exe
5. uSeRiNiT.exe
6. WiNlOgon.exe
   

Once you've gotten one of them to run then try to immediately run the following.

Now download and Run exeHelper

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• A log file named log.txt will be created in the directory where you ran exeHelper.com
• Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file)


I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run

If TDSSKiller requests that you reboot in order for the changes to take affect, please do so.

1. Boot back into Safe Mode with Networking
2. Rerun rkill files until you get one that works without any errors.
3. Now download and run ComboFix

Let me know if you had any trouble running any of these programs.. and once you're done, please attach the following:

• tdsskillerlog.txt (can be found at the root of C:)
• log.txt (from exeHelper)
• rkill.log (can be found at the root of C:)
• combofix.txt (can be found at the root of C:)

 

I need to communicate a few things before we can go on!

First of all, thank you for taking your time to help me out!

I had success in starting the cpu in safe mode with networking...BUT

I was not able to go online...

Remote access connection application(whatever) NOT able to start in S.M. w/ Net!

Question:
Should I by now (always) be logging on to the administrator account, which I activated for the same purpose?

UAC is also deactivated!

Question:
Would it be ok to download the programs in normal mode and then execute them in safe mode?

Discovery:
The 3.exe application is(also) located on the PEN drive(see attachment)

Cpu speed (sometimes) goes down to 0.1% - 10% after plugging in the pen drive, and taking it out again, right now it stays about 50%

Thanks



Wrenchman

Ps. right now, the malware on the pen-drive(as shown on attachment) is quarantined on Avira and MbaM, please notify me if I am supposed to clear them!

Edit: Forgot to say that there appeared two desktop.ini on my desktop, somewhere in between the scan! (combofix I think)

 

Let's stick to the affected account for now

Yes, this would be ok as well. Try it

Let's stick to removing infections from your computer first. We may tackle your pen-drive issue later

This could be normal, combofix will delete infected desktop.ini files if detected.

 

Hi :cool

Looks like the clouds went away.

Every thing seems to have come back to normal.

The sign above the a, e, i, o, u (áà éè í ì óò úù), came back too!

A very nice birthday present,

Thanks,

I that it?



Wrenchman

PS. Could you help me fix the pendrive too? Please...please, pretty please! :cry

 

I'm glad to hear that things are running better. Let us double check your logs

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

One double check getlogs.bat coming up.

Here you go!

Thanks,



Wrenchman

PS. until the present moment I use the pre-installed win 7 FIREWALL, would that be sufficient, or should I install another?

 

Thanks, reviewing now

 

Please disable all anti-virus and anti-spyware programs while we do the following:

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.




Now let's use ComboFix to remove a bunch of malware files.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::
File::
C:\Users\NMFD\AppData\Roaming\qfzzorf.exe
C:\Users\NMFD\AppData\Roaming\dmfejej.exe
C:\Users\NMFD\AppData\Roaming\lbgesyd.exe
C:\Users\NMFD\AppData\Roaming\trdecii.exe
C:\Users\NMFD\AppData\Roaming\ns.exe!download
C:\Users\NMFD\AppData\Roaming\mess.dat
C:\Users\NMFD\AppData\Roaming\mail.dat
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
C:\Windows\Windefend.exe
C:\Windows\system32\Windefend.exe
C:\Windows\SysWOW64\Windefend.exe
Folder::
C:\Windows\Adobee
DirLook::
C:\users\Public\Symantec
c:\users\Public\Cyberlink
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=-
"SystemPro"=-
"worm, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"SystemPro"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Note: If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Yes please!

Make sure you tell me how things are working now!

 

By accident I restarted mglogexe, when trying to upload log, by hitting the wrong button, I did stop it immediately, but it created a new mglogzip anyway, so I hope it can still be used.

Today when I started the cpu, I noticed the cpu speed had come back to 100% cpu usage, but now after the last two test, it went low usage again.(AWS)

Oh, and:
O4 - HKCU\..\Run: [Windows Defender] C:\Windows\SysWOW6\Windefend.exe

I was not able to to locate the above file, there was one that looked liked it but
without the SysWOW6.

Thanks,



Wrenchman

Quote: Ps. right now, the malware on the pen-drive(as shown on attachment) is quarantined on Avira and MbaM, please notify me if I am supposed to clear them!

"Yes please!"

Sorry, unknown command! (syntax error)

 

We're getting there, still some traces of malware in your logs.

Lets try SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :regfind
  run32.dll
  SystSec

  
  
• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

What are you referring to here?

 

When I double click the avira icon in the taskbar, a message pops up(see photo).

When I try to update avira (actualization), nothing happens, except the cpu speed
goes from 0.5%-45% for a few seconds(see photo)

About the syntax error, I was kind of trying to tell you, that, I did NOT understand
your answer to this question:

Ps. right now, the malware on the pen-drive(as shown on attachment) is quarantined on Avira and MbaM, please notify me if I am supposed to clear/delete them! ???

So anyway I hope we can go through the pen-drive afterwards, you can just
inform me when you are ready, I do appreciate it so much.

Oh, and while I remember it, well actually I don't, well let me think... anyway while I'm thinking, let me ask you if I would need to start another thread in order to
receive help on how to make a recovery disk?

Another question continues to hover in the air:

Should I stay with the Win 7 Firewall, or should I download and substitute it
with another FREE version?

Thanks,



Wrenchman

PS. Oh, now I remember!

Question:

The Java, I deleted the Java in the beginning of the process as I was informed to, but I never reinstalled the latest version, because I became in
doubt as to which version I should install, since I use a x64 system?(see link)

http://www.java.com/en/download/faq/java_win64bit.xml

 

This is most likely due to the fact that there are still some traces of malware on your computer. In most cases, the malware will prevent AntiVirus software / firewalls from working until completely clean, and even then, sometimes they are so severely damaged that doing a reinstall of Avira, in your case, would be the best option. But let's deal with that after your logs are clean.

You could make a thread in the software forum for help on how to do this

It's recommended that you replace it with another firewall. Please read this thread for more info, section 3) Firewalls.

How to Protect yourself from malware!

Download and install this one only: http://majorgeeks.com/downloadget.php?id=4648&file=5&evp=5ef8b1f3160483c4ce2de236363794fa

After you do that..

Now let's use ComboFix again to remove some more malware files.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::
File::
C:\Users\NMFD\AppData\Roaming\svchost.exe
C:\Users\NMFD\AppData\Roaming\988852841.exe
Registry::
[HKEY_USERS\S-1-5-21-1512279471-3000813561-2482985243-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"run32.dll"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SystSec"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystSec"=-
[HKEY_USERS\S-1-5-21-1512279471-3000813561-2482985243-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SystSec"=-

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Note: If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Java x64 installed.

Comodo downloaded, NOT installed.

Avira downloaded, NOT installed, still using the compromised version.

Windows defender deactivated.

The cpu seems fine.

Oh, thought I would check to see if the AV icon would work and if it would
update:

Avira seems to work normally, updated.

Thanks,



Wrenchman

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0

Help Support MajorGeeks
Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

MajorGeeks on FaceBook

 

SUPERAntiSpyware and Malwarebytes Anti-Malware, kept for scan.
ComboFix, uninstalled.
C:\MGtools, done and deleted.
Disable System Restore, done.
Enable System Restore, done.
Created restore point, done.

Comodo Firewall Defence+ free, installed, ok.
Avira free, reinstalled, ok.
Ccleaner, installed, ok.
SpyBot 20.30 Beta, installed.
Win Defender, restarted, ok.

Can all these anti-virus programs work in harmony?

If that is it, then let me express my gratitude for all the help,
you did a fantastic job!

Case closed.

Thanks,



Wrenchman

 

The only two programs I'm concerned with are

Avira Free should be able do it's job without Windows Defender interference. I don't want to push my preferences onto you, but here is what is written in the "How to Protect yourself from Malware" thread

Since Avira Free offers Real-Time protection, you may consider disabling Windows Defender in the future if you notice your PC acting a bit sluggish.

The same goes for this, I believe Spybot is turning into more of a Real-Time protection Anti-Virus program (like Avira), rather than just a malware removal tool.

I personally have not tried out the Beta.
Take a look at the different file sizes of the program though:

http://www.filehippo.com/download_spybot_search_destroy/

v1.6.2 = 15.65MB
v2.0 Beta 1 = 66.38MB

The latest version is over 4x bigger. So just like Windows Defender, if you notice the computer acting a bit slow, those programs might be conflicting with each other. You may either want to stick with Spybot version 1.6.2 which offers no Real-Time protection or consider removing the 2.0 Beta version of it.

Your welcome! :cool

 

I am still having problems, or sort of, the system works fine every thing runs nice and
smooth, but after I installed the new SpyBot beta, which btw is quite advanced,
and I started the "show advanced options", some of the files/names that you
asked me to delete...appeared!

I will add the "prt sc" pictures, for you to see what I am talking about.

The mentioned files have no further information, like the other programs have.
(all the marked lines which also contains a question mark)

As you can see from day 21 and 22, I was asked to delete a file which contained
the name "SYSWOW", which I was not able to locate that
day, has shown up again, and in a lot of places, almost a page full, not
sure if any of them are supposed to be there. (also appears in Easybits Go)

The 3.exe file, seems to have infiltrated the "Win Defender"
(or it is a copy, and the real Defender is located in another place).

There might be other files floating around, if you want, I can delete them
manually, since I have some experience with messing around in places that
I am really NOT supposed to. (with your help, that is)! :cool

Should I open another thread?

Thanks,



Wrenchman

 

I'm getting a second opinion on the Spybot S&D information, since I actually haven't tested out the Beta version.

 

Ok, let's try the following:

1. Download ComboFix.exe
2. Run ComboFix.exe
3. After ComboFix has produced a log.. exit out of the log
4. Download MGtools.exe
5. Now run MGtools.exe

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Did Spybot remove those items that it found? Have any additional files (similar to those that have already been found by Spybot) been detected after a reboot and rescans of Spybot?

Also, Win Defender is not Windows Defender. Which one were you referring to here:

 

I'm not sure, you know, I'm kind of green on IT.

Yea, I ment to say Windows Defender, but there is a win defender in the REG.

Thanks,



Wrenchman

 

Did you create this folder?

It's a folder called "Anti-Virus" on your Desktop. If that is a folder you created and you are aware of what is inside of it. I don't see any other potential traces of malware.
ComboFix did pick 1 form of malware since we last had you run it, but looks like it was able to take care of it. I must reiterate Please be careful while you are online!

I also noticed that

is now missing
Did you uninstall it?
You should keep it for your protection -- Without it, you are vulnerable to many forms of malware.

Windows Defender seems to be working fine, and I don't see any malicious forms of Windows Defender in your logs.

I'm not sure what Spybot was referring to, because those registry entries are no longer present, and the rest of your logs are clean

How is the PC running overall now?

 

Lets start with the Java:

I knew I didn't delete the Java 6-26, so I made a search for the word Java in
START, 2 results, Java program and Java setup, when I clicked the Java program a window pops up (a Java control panel), I just tried it again just to
make sure, and what do know, an msconfig window pops up, but disappears just as fast. I try it for about 5-6 times, then the Java control panel pops again.

Then there is the Java setup file, when I click it, it informs me that Java is already installed, if I want to reinstall?! Yes - NO (jre-6u26-windows-x64)

I also made a search in the regedit:

So I thought to myself, there has got to be something wrong here, when lightning strikes me and I
get the brilliant idea to test the Java on the browser, first the Opera then the
Explorer, result: No Java!

About the Anti-Virus folder on the desktop, yep that me trying to be organized.

The following files does not exist for real in the C:\*.*

Notice that Messenger is spelled Messanger!

The following files does not exist for real in the C:\*.*

Btw. What does SpyBot mean by "Many Clients Detected" ? (see zip file)
If I am the ONLY one using the CPU, then why does it say that there are 7 clients?

Now what?

Thanks,



Wrenchman

 

Lets start with the Java:

I knew I didn't delete the Java 6-26, so I made a search for the word Java in
START, 2 results, Java program and Java setup, when I clicked the Java program a window pops up (a Java control panel), I just tried it again just to
make sure, and what do know, an msconfig window pops up, but disappears just as fast. I try it for about 5-6 times, then the Java control panel pops again.

Then there is the Java setup file, when I click it, it informs me that Java is already installed, if I want to reinstall?! Yes - NO (jre-6u26-windows-x64)

I also made a search in the regedit:

So I thought to myself, there has got to be something wrong here, when lightning strikes me and I
get the brilliant idea to test the Java on the browser, first the Opera then the
Explorer, result: No Java!

About the Anti-Virus folder on the desktop, yep that me trying to be organized.

The following files does not exist for real in the C:\*.*

Notice that Messenger is spelled Messanger!

The following files does not exist for real in the C:\*.*

Btw. What does SpyBot mean by "Many Clients Detected" ? (see zip file)
If I am the ONLY one using the CPU, then why does it say that there are 7 clients?

Spybot accuses this path, to contain the following 3 files:

Now what?

Thanks,



Wrenchman

 

Sorry about the double post, I tried to fix it, but I came too late!!!
(you only have 10 minutes???), so any way, could you fix that for me Admin?
But lets keep the last Zip file!

Wrenchman.

 

The entries you are seeing are all categorized as FILE NOT FOUND. They were part of your startup before, not anymore though Your logs are clean

Spybot is not reporting any new malware. These were all entries that ComboFix took care in its very first scan

See?

 

Yea, I see that, It makes sense!

I'll try to maintain the cpu, and stay away from malware!

Thanks,



Wrenchman