Results 1 to 2 of 2

Thread: Another Virtumonde victim

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    2

    Unhappy Another Virtumonde victim

    Hi Security Gurus,

    Please help. Ran spybot and found that my comp has been infected wiht the Virtuomonde trojan. As per the earlier threads I have ran the comboxfix. Please find the log below. Please HELP !!!
    awaiting further instructions

    --------------------------------------------
    ComboFix 08-06-10.5 - Administrator 2008-06-12 22:59:31.1 - NTFSx86
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\WINDOWS\BM931dec51.xml
    C:\WINDOWS\media_motor_bundle.exe
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\Cache
    C:\WINDOWS\system32\cbXRHyXN.dll
    C:\WINDOWS\system32\icon_mediamotor.exe
    C:\WINDOWS\system32\iiffFxYr.dll
    C:\WINDOWS\system32\khfGyvuV.dll
    C:\WINDOWS\system32\KTwFLkkj.ini
    C:\WINDOWS\system32\KTwFLkkj.ini2
    C:\WINDOWS\system32\lkcnjget.dll
    C:\WINDOWS\system32\lqgmlmtt.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mdm.exe
    C:\WINDOWS\system32\ts_mediamotor.exe
    C:\WINDOWS\system32\vrnsrnyy.ini
    C:\WINDOWS\system32\yynrsnrv.dll

    ----- BITS: Possible infected sites -----

    hxxp://BLRKECSMSSS1.AD.INFOSYS.COM
    .
    ((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
    .

    2008-06-12 19:19 . 2008-06-12 19:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-12 19:19 . 2008-06-12 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-11 23:26 . 2008-06-11 23:27 <DIR> d-------- C:\Program Files\Acro Software
    2008-06-11 23:06 . 2008-06-12 22:17 349,184 --a------ C:\WINDOWS\system32\jkkLFwTK.dll_old
    2008-06-11 00:32 . 2008-06-11 00:32 <DIR> d-------- C:\Program Files\uTorrent
    2008-06-11 00:32 . 2008-06-12 00:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
    2008-06-11 00:16 . 2008-06-11 00:16 <DIR> d-------- C:\WINDOWS\Cache
    2008-05-25 11:23 . 2008-05-25 11:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\eRoom
    2008-05-25 11:22 . 2008-05-25 11:22 <DIR> d-------- C:\Program Files\eRoom 7
    2008-05-24 23:19 . 2008-05-24 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
    2008-05-24 23:19 . 2008-05-24 23:19 <DIR> d-------- C:\Documents and Settings\Administrator\LocalLow

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-12 12:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\U3
    2008-06-11 13:43 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-20 10:06 94,208 ----a-w C:\WINDOWS\DLL107.TMP
    2008-05-08 08:48 --------- d-----w C:\Program Files\AAPT Dial-up Configuration Wizard
    2008-05-04 06:58 --------- d-----w C:\Program Files\Microsoft.NET
    2008-05-04 06:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-04 06:38 --------- d-----w C:\Program Files\CheckPoint
    2008-05-04 06:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CheckPoint
    2008-01-29 10:01 560 ----a-w C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
    2008-01-23 11:33 87,608 ----a-w C:\Documents and Settings\Administrator\Application Data\inst.exe
    2008-01-23 11:33 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
    2007-08-05 08:57 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLea.DAT
    .

    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 504,080 2004-04-06 11:44:48 C:\Program Files\CA\eTrust Antivirus\bak\realmon.exe

    ----a-w 180,269 2006-06-19 21:09:26 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

    ----a-w 492,032 2006-09-25 15:24:53 C:\Program Files\SlySoft\AnyDVD\bak\AnyDVD.exe
    ----a-w 492,032 2006-11-16 10:19:44 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    ----a-w 495,616 2004-01-22 08:08:36 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe

    ----a-w 98,304 2004-01-22 08:09:00 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe

    ----a-w 81,920 2004-07-10 06:49:44 C:\Program Files\Toshiba\TME3\bak\TMERzCtl.EXE

    ----a-w 126,976 2004-11-11 18:43:56 C:\Program Files\Toshiba\TME3\bak\TMESRV31.EXE

    ----a-w 65,536 2003-09-05 11:24:46 C:\Program Files\Toshiba\TOSCDSPD\bak\toscdspd.exe

    ----a-w 135,168 2004-09-15 23:03:08 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\bak\SmoothView.exe

    ----a-w 126,976 2003-01-22 02:00:06 C:\Program Files\Toshiba\TouchED\bak\TouchED.Exe

    ----a-w 49,152 2002-09-09 23:07:34 C:\Program Files\Toshiba\Wireless Hotkey\bak\TosHKCW.exe

    ----a-w 777,424 2006-04-04 00:12:24 C:\Program Files\Windows Defender\bak\MSASCui.exe
    ----a-w 777,424 2006-04-03 08:12:24 C:\Program Files\Windows Defender\MSASCui.exe

    ----a-w 258,048 2004-06-29 01:24:28 C:\WINDOWS\system32\bak\00THotkey.exe

    ----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
    ----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe

    ----a-w 126,976 2004-10-25 00:52:00 C:\WINDOWS\system32\bak\hkcmd.exe

    ----a-w 155,648 2004-10-25 00:56:00 C:\WINDOWS\system32\bak\igfxtray.exe

    ----a-w 127,035 2004-09-28 09:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A31468B-A43B-483C-B785-95C6B6E35427}]
    C:\WINDOWS\system32\jkkLFwTK.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [ ]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-09-14 06:17 4621816]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [ ]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
    "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [ ]
    "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [ ]
    "TPSMain"="TPSMain.exe" [2004-11-09 14:30 270336 C:\WINDOWS\system32\TPSMain.exe]
    "TPSODDCtl"="TPSODDCtl.exe" [2004-11-09 14:30 110592 C:\WINDOWS\system32\TPSODDCtl.exe]
    "TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [ ]
    "TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [ ]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 14:38 88361 C:\WINDOWS\agrsmmsg.exe]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
    "oyfef681"="w0d97381.dll" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
    "Athan"="C:\Program Files\Athan\Athan.exe" [2006-09-17 19:32 978944]
    "Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [2007-01-16 21:27 407632]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-11-06 22:12 2111632]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-09-14 06:17 4621816]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
    ckpNotify.dll 2005-06-19 13:01 24669 C:\WINDOWS\system32\ckpNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Webshots.lnk]
    path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Webshots.lnk
    backup=C:\WINDOWS\pss\Webshots.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
    backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
    backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
    backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
    backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-10-24 07:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
    --a------ 2004-06-28 11:22 73728 C:\WINDOWS\system32\TFNF5.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Java\\jdk1.5.0_09\\jre\\bin\\java.exe"=
    "C:\\Program Files\\Java\\jdk1.5.0_09\\bin\\java.exe"=
    "C:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
    "C:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
    "C:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
    "C:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
    "C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Bommarillu\\mirc.exe"=
    "C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
    "C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.EXE"=
    "C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
    "C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
    "C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-01 15:49]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-14 06:24]
    R1 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2005-06-19 13:00]
    R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-17 05:08]
    R2 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe" [2005-01-14 22:35]
    R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2007-04-13 02:50]
    R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [2005-06-19 13:01]
    R2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2004-07-23 04:30]
    R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys [2005-06-19 13:00]
    R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2005-06-19 13:00]
    R3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2007-04-13 02:50]
    S2 hpdj00;hpdj00;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj00.exe []
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
    S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb872900-068f-11dd-9f78-000e7b516571}]
    \Shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb872903-068f-11dd-9f78-000e7b516571}]
    \Shell\AutoRun\command - F:\AutoRun.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-25 13:58:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-25 13:00:00 C:\WINDOWS\Tasks\Inoc Anti Virus.job"
    - C:\Program Files\CA\eTrust Antivirus\InocIT.exe
    "2008-05-31 15:32:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2006-08-31 01:25:04 C:\WINDOWS\Tasks\RegCure.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2006-11-12 01:27:19 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-12 23:19:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\C:\WINDOWS\TEMP\mc226.tmp"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\CA\eTrustITM\InoRpc.exe
    C:\Program Files\CA\eTrustITM\InoRT.exe
    C:\Program Files\CA\eTrustITM\InoTask.exe
    C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\CA\eTrustITM\Ppcl.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\CA\eTrustITM\Ppcl.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\WINDOWS\system32\taskmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2008-06-12 23:25:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-12 13:25:30

    Pre-Run: 3,164,626,944 bytes free
    Post-Run: 3,704,950,784 bytes free

    253




    -------------------------------------------------------------------------
    Cheers
    Last edited by tashi; 2008-06-12 at 15:42. Reason: Mod: Removed from New and undetected forum

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,549

    Default

    Hello,

    In order for one of our volunteer helpers to advise you, please follow the procedure in this sticky:

    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Do NOT run 'fixes' before helpers have analyzed HJT log

    Start a new topic providing the HJT log and a link back to this topic. Then I will close this one as helpers look for threads without a response.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •