Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Recently, my notebook has slowed down drastically. I ran a couple antivirus/anti spyware programs as well as added a new firewall(comodo). I've run (and been running since I got the PC) ad-aware, and recently ran spybot. Ad-aware easily finds and removes simple stuff (i.e. basic intrutions from browsing the internet) and spybot scans are clean. Other than slow down, I didn't have an issue, until yesteday, when my computer stopped being able to connect to my wireless network. (I know it's not a networking issue). When I downloaded comodo, and ran the scan it discovered (and I assume removed) virtumonde(sp). The slow down as well the more recent lack of connectablility have both started since removing that virus. I've run hijackthis in hopes of discovering what's wrong with my notebook. I suspect foul play. I ran the log through an online automatic anylist, but I don't want to risk destroying my system, from lack of knowledge. I can provide the log at your request. Thanks in advance.
Here it is. Thanks again.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:58 AM, on 8/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /IMEName
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [MaxtorOneTouch] "C:\Program Files\Maxtor\ManagerApp\Onetouch.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC954CF8-00EF-45E8-B2C6-175C40203786}: NameServer = 192.168.0.1,198.6.1.3
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--
End of file - 10079 bytes
0 
Please download Malwarebytes' Anti-Malware from one of these sites:
1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.
0
Thanks. Here it is.
Malwarebytes' Anti-Malware 1.25
Database version: 1090
Windows 5.1.2600 Service Pack 39:59:32 AM 8/28/2008
mbam-log-08-28-2008 (09-59-32).txtScan type: Quick Scan
Objects scanned: 53419
Time elapsed: 4 minute(s), 47 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.Registry Values Infected:
(No malicious items detected)Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:
(No malicious items detected)Files Infected:
C:\Documents and Settings\Guest\Local Settings\Temp\GLK4.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
0
Please download ComboFix to the desktop from one of the following links:
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.In you case to run Combofix do the following:
1. Go off line and turn off Avast, Comodo,Ad-Aware and Spybot.
2. Run Combofix and save the log.
3. Restart the computer to restart the Antivirus (leave the antispyware programs off for now).
4. Post the Combofix log.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.
0
HEre it is. I was also just curious if you've found anything that I should know about or interesting(deleted files, fixes, etc...) Thanks again for the help.
ComboFix 08-08-28.06 - Golden Zeppelin 2008-08-29 9:59:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.485 [GMT -5:00]
Running from: C:\Documents and Settings\Golden Zeppelin\Desktop\ComboFix.exe
* Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\#SharedObjects\VTUU3NJZ\bin.clearspring.com
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\#SharedObjects\VTUU3NJZ\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\#SharedObjects\VTUU3NJZ\interclick.com
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\#SharedObjects\VTUU3NJZ\interclick.com\ud.sol
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\MCX1\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Autorun.inf
G:\Autorun.inf.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.2008-08-28 09:52 . 2008-08-28 09:52 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-28 09:52 . 2008-08-28 09:52 <DIR> d----c--- C:\Documents and Settings\Golden Zeppelin\Application Data\Malwarebytes
2008-08-28 09:52 . 2008-08-28 09:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 09:52 . 2008-08-17 15:05 38,472 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-28 09:52 . 2008-08-17 15:05 17,144 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-08-27 10:26 . 2008-08-27 10:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-27 10:26 . 2008-08-27 10:26 143,104 --a--c--- C:\WINDOWS\system32\guard32.dll
2008-08-27 10:26 . 2008-08-27 10:26 87,056 --a--c--- C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-27 10:26 . 2008-08-27 10:26 24,208 --a--c--- C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-27 10:04 . 2008-08-27 10:04 249,592 --a--c--- C:\WINDOWS\system32\cssdll32.dll
2008-08-26 19:06 . 2008-08-26 19:06 <DIR> d----c--- C:\Program Files\Trend Micro
2008-08-26 18:41 . 2008-08-26 18:41 4,612 --a--c--- C:\Documents and Settings\Golden Zeppelin\log.exe
2008-08-18 15:22 . 2008-08-18 15:23 <DIR> d----c--- C:\Program Files\Spybot - Search & Destroy
2008-08-18 15:22 . 2008-08-18 23:49 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-13 03:02 . 2008-08-13 03:04 1,374 --a--c--- C:\WINDOWS\imsins.BAK
2008-08-13 01:33 . 2008-08-13 01:33 <DIR> d----c--- C:\Program Files\Microsoft Silverlight
2008-08-12 20:42 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 20:37 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-11 22:31 . 2008-08-11 22:38 <DIR> d----c--- C:\Documents and Settings\Golden Zeppelin\Application Data\DAEMON Tools
2008-08-11 22:27 . 2008-08-11 22:27 715,248 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys
2008-08-11 04:14 . 2008-08-11 04:14 <DIR> d----c--- C:\Documents and Settings\Admin
2008-08-10 01:30 . 2008-08-10 01:30 <DIR> d---sc--- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-08-10 01:30 . 2008-08-10 01:30 <DIR> d---sc--- C:\Documents and Settings\LocalService\History
2008-08-10 00:10 . 2008-08-10 00:10 <DIR> d--h-c--- C:\WINDOWS\msdownld.tmp
2008-08-09 16:08 . 2004-03-29 16:23 90,112 --a--c--- C:\WINDOWS\unvise32.exe
2008-08-09 00:40 . 2008-08-09 00:40 <DIR> d----c--- C:\Program Files\iPod
2008-08-09 00:29 . 2008-08-09 00:33 <DIR> d----c--- C:\Program Files\QuickTime
2008-08-08 05:40 . 2008-08-27 10:26 <DIR> d----c--- C:\Program Files\COMODO
2008-08-08 05:40 . 2008-08-27 10:26 <DIR> d----c--- C:\Documents and Settings\Golden Zeppelin\Application Data\Comodo
2008-08-04 13:22 . 2008-08-04 13:22 <DIR> d----c--- C:\WINDOWS\system32\scripting
2008-08-04 13:22 . 2008-08-04 13:22 <DIR> d----c--- C:\WINDOWS\system32\en
2008-08-04 13:22 . 2008-08-04 13:22 <DIR> d----c--- C:\WINDOWS\system32\bits
2008-08-04 13:22 . 2008-08-04 13:22 <DIR> d----c--- C:\WINDOWS\l2schemas
2008-08-04 13:05 . 2008-08-04 13:24 <DIR> d----c--- C:\WINDOWS\ServicePackFiles
2008-08-02 18:12 . 2008-08-02 18:12 <DIR> d----c--- C:\Program Files\MagicDisc
2008-08-02 18:12 . 2008-07-28 17:19 116,736 --a--c--- C:\WINDOWS\system32\drivers\mcdbus.sys
2008-08-01 02:50 . 2008-08-09 16:08 <DIR> d----c--- C:\Program Files\The Rosetta Stone.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 15:40 --------- dc----w C:\Program Files\Java
2008-08-27 00:14 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-25 23:54 --------- dc----w C:\Documents and Settings\Golden Zeppelin\Application Data\Azureus
2008-08-20 08:35 --------- dc----w C:\Documents and Settings\Golden Zeppelin\Application Data\Apple Computer
2008-08-13 04:57 --------- dc----w C:\Program Files\Common Files\Real
2008-08-13 02:38 --------- dc----w C:\Program Files\Pawn 2
2008-08-09 05:40 --------- dc----w C:\Program Files\iTunes
2008-08-09 05:36 --------- dc----w C:\Program Files\Bonjour
2008-08-09 05:04 --------- dc----w C:\Program Files\Apple Software Update
2008-07-17 12:49 --------- dc----w C:\Program Files\Mp3 My Mp3 2.0
2008-07-12 11:33 --------- dc----w C:\Program Files\Common Files\DVDVIDEOSOFT
2008-07-12 11:32 --------- dc----w C:\Program Files\DVDVIDEOSOFT
2008-07-10 07:58 --------- dc----w C:\Program Files\Common Files\Adobe
2008-07-10 07:55 --------- dc----w C:\Documents and Settings\Golden Zeppelin\Application Data\AdobeUM
2008-07-10 06:19 164 -c--a-w C:\install.dat
2008-07-10 05:53 --------- dc----w C:\Program Files\Azureus
2008-07-07 20:26 253,952 -c--a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09 666,112 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 -c--a-w C:\WINDOWS\system32\mswsock.dll
2008-02-19 01:46 71,400 -c--a-w C:\Documents and Settings\Golden Zeppelin\Application Data\GDIPFONTCACHEV1.DAT
2007-01-16 06:43 0 -c--a-w C:\Documents and Settings\Golden Zeppelin\Application Data\wklnhst.dat
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 03:00 7585792]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 00:01 761946]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 11:52 643072]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23 1187840]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 23:55 102400]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-15 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-15 15:00 455168]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 03:00 86016]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-15 15:00 59392]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30 81920]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-15 15:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe" [2006-03-15 15:00 44032]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 00:58 458752]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 18:02 40960]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 09:38 78008]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 13:28 202032]
"MaxtorOneTouch"="C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 08:45 712704]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-27 10:26 1655552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2006-08-18 03:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-13 19:11 177152 C:\WINDOWS\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 14:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]C:\Documents and Settings\Golden Zeppelin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-08-02 18:12:13 575488]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 20:55:40 18432]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 01:01:04 83360][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= ffdshow.ax
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%systemroot%\\winmech\\services.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center ExperienceR1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 09:35]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-27 10:26]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-27 10:26]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 09:37]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 20:55]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
S0 IFP300;iriver Internet Audio Player IFP-300;C:\WINDOWS\system32\DRIVERS\ifp300.sys []
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 15:39]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2008-04-13 19:12][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder2008-08-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-ProxyWay - C:\Program Files\ProxyWay\proxyway.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-ISUSPM Startup - c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Golden Zeppelin\Application Data\Mozilla\Firefox\Profiles\wpbgovdp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig
.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 10:03:46
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???@c??????Y?@?????<?@scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Ad-Watch Real-Time Scanner]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTPD.sys"[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Ad-Watch Registry Filter]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTRD.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dllPROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-08-29 10:06:09
ComboFix-quarantined-files.txt 2008-08-29 15:05:34Pre-Run: 19,089,821,696 bytes free
Post-Run: 19,197,272,064 bytes free220 --- E O F --- 2008-08-13 11:18:39
0
Your java is out of date and has been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 7 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.Yes to your question, these files are the brunt of the infection (cleaned by Combofix), some clean up needs to be done and a final scan with a online virus scanner:
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\#SharedObjects\VTUU3NJZ\bin.clearspring.com
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\#SharedObjects\VTUU3NJZ\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\#SharedObjects\VTUU3NJZ\interclick.com
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\#SharedObjects\VTUU3NJZ\interclick.com\ud.sol
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Golden Zeppelin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\MCX1\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Autorun.inf
G:\Autorun.infBut you are still housing some spyware.
Open Notepad and copy/paste everything between the X"s into it and make sure the first word (such as KILLALL,Folder, Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Folder::
C:\Program Files\Viewpoint
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Run an online scan with Kaspersky from the following link:
Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
0
Here it is. Thanks for the help. Just let me know what I need to do and it will be done. FYI, I shut down my real-time virus protection during the scan and my anti-spyware and firewall are still turn off.
----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, August 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 30, 2008 06:01:04
Records in database: 1166556
----------------------Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yesScan area - My Computer:
C:\
D:\
E:\
H:\Scan statistics:
Files scanned: 109013
Threat name: 5
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 02:56:44
File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D641DD4.wmf Infected: Exploit.Win32.IMG-WMF.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C222CD0.exe Infected: Trojan-Downloader.Win32.Zlob.bps 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62490521.exe Infected: Trojan-Downloader.Win32.Zlob.bmu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63C61DF2.exe Infected: Trojan-Downloader.Win32.Zlob.bps 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63C947EE.exe Infected: Trojan-Downloader.Win32.Zlob.bkn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\749C4263.dll Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76594ED1.exe Infected: Trojan-Downloader.Win32.Zlob.bkn 1The selected area was scanned.
0
Navigate to and delete the contents of the folder, not the folder itself:
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine
Turn you Antispware and firewall back on.
Go to strat> run> type in combofix /u then press enter. This will uninstall combofix and its accessories.
How is the computer operating.
0
I deleted the files and turned my firewall/antispyware back on. Then I tried to uninstall combofix, but the firewall kept asking to allow or block activities. At first I allowed them, nut then the firewall warned that the progras I was allowing had alware tendancies, so I began blocking them. After acouple of blocks, they just stopped and combofix and the files it created on my drive (including the quarentine folder), are still in y drive. Meanwhile, I can connect to my network connection, but can't connect to the internet. The connection shows extremely low packet activity (sent 100-700, recieved(90-400). I reran adware, spybot and malewarbytes, anf didn't find anything. I re ran comodo and it discovered and deleted one item. Any suggestions? Thanks.
0
Turn off your firewall,Ad-aware and spybot uninstall combofix following the above procedure.
Turn them back on and try to get on line.
0
Sorry for the delayed response. I've been out of town. I turned them off and tried again, with no success. On a positive note, I've managed to regain my connection. One of the processes I stopped the first time I tried to uninstall combofix was something like nir.cmd or nir.exe. When I looked it up online, it said it was potential malware, could this be the problem. Let me know if i need to do anything over again. Thanks again.
0
I don't think so, it is a command used by many removal tools. Lets look a little deeper.
Download SDFix.exe and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.1.Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
2. Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
3. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
4. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txtPlease download SuperAntiSpyware from the following link to your desktop:
1. Open SuperAntiSpware from its icon and install and Update it
2. Under Scanner Options make sure the following are checked (leave all others unchecked):
3. Close browsers before scanning.
4. Scan for tracking cookies.
5. Terminate memory threats before quarantining.
6. Click the "Close" button to leave the control center screen and exit the program.
DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.Now Scan with SuperAntiSpyware
1. Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
2. Perform a Complete scan. After scan,Verify they are all checked.
3. Click OK on the summary screen to quarantine all found items.
4. If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.
1. Click Preferences, then click the Statistics/Logs tab.
2. Under Scanner Logs, double-click SuperAntiSpyware Scan Log.
3. If there are several logs, click the current dated log and press View log.
4. A text file will open in your default text editor.
5. Please copy and paste the Scan Log results in your next reply.
6. Click Close to exit the program.
0  |
 virus alert. pc infected
|
Computer Shuts down Rand...
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
