Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Speed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Speed

Unread postby Jason Scott » June 17th, 2008, 11:06 am

Desktop runs extremely on and off line.

Logfile of HijackThis v1.99.1
Scan saved at 5:20:40 PM, on 6/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9943824796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9944218609
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Jason Scott
Active Member
 
Posts: 7
Joined: June 15th, 2008, 6:05 pm
Advertisement
Register to Remove

Re: Speed

Unread postby mz30 » June 17th, 2008, 11:25 am

Hi
I'm Mz30
I will be helping you with your malware issue's.
I am currently reviewing your hjt log and will post back soon with instructions.
As I am still in training, everything that I post to you, must be checked by an Admin or Moderator. Therefore there could be a delay between posts, but it shouldn't be too long.

  • The fixes i post, are for fixing your issues only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean,as even if you appear clean the chances are you are not.
  • Please bookmark or favourite this page. In case you need it as reference.
  • Please remember that all the staff here are volunteers and help in our free time and you will sometimes have to wait for a reply.

    Important
  • Please do not attempt to remove anything or fix anything unless i ask,This includes running any sort of anti-virus/spyware programs as they may make thing's harder to remove.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: Speed

Unread postby mz30 » June 17th, 2008, 1:51 pm

You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user
3) AVG Anti-Virus Free Edition
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

LIST OF PROGRAMS USING HIJACKTHIS
  • Open HijackThis.
  • Click on Open the Misc Tools section.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg


Run Kaspersky Online AV Scanner

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and the uninstall list.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: Speed

Unread postby Jason Scott » June 21st, 2008, 11:53 am

Mz30,

I am not ignoring you. I have attempted both suggestions several times and programs run for hours and hours with seemingly little progress. It appears I am finally making some progress with the Antivirus and I will forward log when it is finished. Thank you
Jason Scott
Active Member
 
Posts: 7
Joined: June 15th, 2008, 6:05 pm

Re: Speed

Unread postby Jason Scott » June 22nd, 2008, 11:17 am

Here is Antivar log:


Avira AntiVir Personal
Report file date: Thursday, June 19, 2008 18:33

Scanning for 1348510 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HERB-BJBY2NN485

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 18:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 17:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 17:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 17:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 22:08:58
ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 6/14/2008 01:26:36
ANTIVIR3.VDF : 7.0.4.225 226816 Bytes 6/19/2008 01:26:38
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 18:58:21
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 6/20/2008 01:26:52
AESCN.DLL : 8.1.0.21 119156 Bytes 6/20/2008 01:26:51
AERDL.DLL : 8.1.0.20 418165 Bytes 6/20/2008 01:26:49
AEPACK.DLL : 8.1.1.5 364918 Bytes 6/20/2008 01:26:48
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 6/20/2008 01:26:46
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 6/20/2008 01:26:45
AEHELP.DLL : 8.1.0.15 115063 Bytes 6/20/2008 01:26:42
AEGEN.DLL : 8.1.0.28 307572 Bytes 6/20/2008 01:26:41
AEEMU.DLL : 8.1.0.6 430451 Bytes 6/20/2008 01:26:40
AECORE.DLL : 8.1.0.31 168310 Bytes 6/20/2008 01:26:39
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 02:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 19:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 02:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 17:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 02:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 23:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 21:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, June 19, 2008 18:33

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ScanningProcess.exe' - '1' Module(s) have been scanned
Scan process 'ScanningProcess.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'HijackThis.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'WRSSSDK.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '39' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004266-0000-0000-8C95-15C7C99283A3}\DATA.CAB
[0] Archive type: CAB (Microsoft)
--> RESOURCE1
[1] Archive type: HIDDEN
--> MEM\AV000001c2.AV$
[DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\Bridge.exe
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\DeviceCentral.exe
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\Herb\My Documents\Azureus Downloads\Photoshop-CS3 v10.0 Extended-Portable-Edition[Inc Activation]\Bridge.exe
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\Herb\My Documents\Azureus Downloads\Photoshop-CS3 v10.0 Extended-Portable-Edition[Inc Activation]\DeviceCentral.exe
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\bjhmmowc.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\bslsapyd.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\bsximsaq.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.108544.2
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\bxoyohfy.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\cdfqybiq.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\codrsxiq.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.133120
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\crtgjudw.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.PT
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\eanfavko.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\edvkfeet.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\fvtjbusm.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.133120
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ggekmcou.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.133120
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\hlafjrge.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\hmtpbodm.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.ESY
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\igunbxdj.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.133120
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\irspxhey.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.108544.1
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ixdllkbj.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.133120.1
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\kfelbxnn.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.133120
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\lgiswesv.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\lnkvkinu.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\lweotlmv.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.133120.1
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\mfmfntlx.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.ESF.1
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\qmcslggj.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\qyqqeodo.dll.vir
[DETECTION] Is the Trojan horse TR/Proxy.100864
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\sbntaojc.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\sygdbtsm.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.apjl
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\tgcfglqk.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\uwqckkpk.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\vbdakvym.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\wchgmbtn.exe.vir
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\wmicwafq.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\wuguxxtl.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.EUD
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\wylxobdb.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\xathpsco.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.rep
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ybvyrarc.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.126976.1
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ycelrcpx.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.reo
[NOTE] The file was deleted!
C:\System Volume Information\_restore{A6C76524-2A31-42C1-BAB5-4052E8090486}\RP8\A0005483.exe
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{A6C76524-2A31-42C1-BAB5-4052E8090486}\RP8\A0005484.exe
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
Begin scan in 'D:\'


End of the scan: Friday, June 20, 2008 08:01
Used time: 13:28:12 min

The scan has been done completely.

9943 Scanning directories
904984 Files were scanned
42 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
42 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
904942 Files not concerned
1939 Archives were scanned
1 Warnings
42 Notes
Jason Scott
Active Member
 
Posts: 7
Joined: June 15th, 2008, 6:05 pm

Re: Speed

Unread postby mz30 » June 26th, 2008, 12:01 pm

Hi jason,
I apologise for the dely in replying,i have been really busy over the last few days.

Jason, i really need for you to follow my instruction's exactly,i understand that kaspersky may take hour's to run,but i really need the log,if it's taking so long ,leave it to run overnight and then it should be finished by morning,if you have any problem following the instruction's please let me know immediately so i can explore other avenue's for you.

LIST OF PROGRAMS USING HIJACKTHIS
  • Open HijackThis.
  • Click on Open the Misc Tools section.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg


Run Kaspersky Online AV Scanner

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and the uninstall list.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: Speed

Unread postby Jason Scott » June 27th, 2008, 8:25 pm

Your computer is infected Information Update Scan Critical Areas My Computer Folder... File... Scan Report Support Help Settings Update New viruses and other threats appear frequently. Updating the database keeps your scans up-to-date. Database information Database published Thursday, June 26, 2008 23:58:43 Records in database 886174 Downloading and installing the program(100%) Update size: 1 KB Transferred size: 1 KB The program components have been downloaded and installed, and the program has started. Updating the database(100%) Update size: 1118 KB Transferred size: 268 KB Last start: 26/06/2008 17:27:04 Status: complete Program is starting. Please wait... Update source selected: http://www.kaspersky.com Downloading file: packages/kos-extras.jar Program has started. Program database is being updated. Please wait... Update source selected: http://dnl-us4.kaspersky-labs.com/ Downloading file: index/master.xml.klz Downloading file: diffs/bases/five/avc/kavset.xml.8xu Downloading file: diffs/bases/five/avc/kavset.xml.dhz Downloading file: diffs/bases/five/avc/kavset.xml.bot Downloading file: diffs/bases/five/avc/kavset.xml.tjw Downloading file: diffs/bases/five/avc/kavset.xml.et1 Downloading file: diffs/bases/five/avc/kavset.xml.pce Downloading file: diffs/bases/five/avc/kavset.xml.ij7 Downloading file: bases/five/avc/kavset.xml.klz Downloading file: diffs/bases/five/avc/black.lst.vsx Downloading file: diffs/bases/five/avc/fa001.avc.8kb Downloading file: diffs/bases/five/avc/fa001.avc.zwu Downloading file: diffs/bases/five/avc/base197c.avc.2h8 Downloading file: diffs/bases/five/avc/base232c.avc.zxf Downloading file: bases/five/avc/base233c.avc Downloading file: bases/five/avc/base234c.avc Starting Java applet has failed! Please go online to use this program. Downloading file: bases/five/avc/base235c.avc Downloading file: diffs/bases/five/avc/dailyc.avc.5k_ Downloading file: bases/five/avc/dailyc.avc Downloading file: diffs/bases/five/avc/ext040c.avc.xoq Downloading file: diffs/bases/five/avc/daily-ec.avc.ld5 Downloading file: bases/five/avc/daily-ec.avc Downloading file: diffs/bases/five/avc/base079.avc.fak Downloading file: diffs/bases/five/avc/base164.avc.cst Downloading file: diffs/bases/five/avc/unp026.avc.2ug Downloading file: diffs/bases/five/avc/unp027.avc.t-0 Downloading file: diffs/bases/five/avc/unp030.avc.6el Downloading file: diffs/bases/five/avc/unp037.avc.v8e Downloading file: diffs/bases/five/avc/unp040.avc.po0 Downloading file: diffs/bases/five/avc/unp041.avc.2de Downloading file: diffs/bases/five/avc/daily.avc.ueq Downloading file: diffs/bases/five/avc/gen005.avc.zkx Downloading file: diffs/bases/five/avc/fa.avc.0-o Downloading file: diffs/bases/five/avc/avp.set.gib Downloading file: diffs/bases/five/avc/avp_ext.set.5ji Downloading file: diffs/bases/five/avc/avp_x.set.k0g Downloading file: diffs/bases/five/avc/avp.vnd.5qy Downloading file: diffs/bases/five/avc/avp.klb.e5n Downloading file: diffs/bases/five/avc/avp.klb.-5m Downloading file: diffs/bases/five/avc/avp.klb.fpq Downloading file: diffs/bases/five/avc/avp.klb.izx Downloading file: diffs/bases/five/avc/avp.klb.sgx Downloading file: diffs/bases/five/avc/avp.klb._s4 Downloading file: bases/five/avc/avp.klb Database is updated. Ready to scan. Scan My Computer Scan statistics Files scanned 672686 Threat names 5 Infected objects 13 Suspicious objects 0 Duration of the scan 19:14:22 Start scan Scan is running (95%) Click the area that you want to scan in left part of the window. The scan will start automatically as soon as you select a scan area. Last start: 6/26/2008 17:28:53 Status: complete Please wait, the scan may take a long time depending on the size of the selected scan area. You can continue browsing in a new Web browser window. Now scanning: Location: Settings | View scan report | Stop scan *Attention:* Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have another antivirus program installed, please turn off its antivirus protection before running Kaspersky Online Scanner 7.0. Scan Report The scan report displays information about threats detected on your computer. - Infected object - Suspicious object Information Welcome to Kaspersky Online Scanner 7.0! Use the program to check your computer for viruses and other malware for free. *Benefits:* # Kaspersky Lab exceptional detection rates and thorough scan # Hourly database updates available # Heuristic analysis to detect unknown malware # One-click installation *Requirements and limitations:* * *In Microsoft Windows Vista*, you must open the Web browser using the *Run as Administrator* command. * *To begin using the program, you need to download and install the program files and the database of malware definitions*. (The size of the program files depends on your operating system.) Later, Kaspersky Online Scanner 7.0 checks for the program and database updates every time you open or update the program window and, if available, downloads and installs them automatically. * *In Linux, Kaspersky Online Scanner 7.0 does not scan RAM, boot sectors and MBRs*, so it cannot detect malicious programs located in these areas. * *In Microsoft Windows Vista, if the language you use has a character set and fonts different from English*, make sure that the language selected for your default system locale and the language to display dates, times, currency, and measurements (Current format) are the same as the language you use. * *Kaspersky Online Scanner 7.0 only detects malicious code that have already penetrated into your computer*, so that you can delete them manually. It neither protects your computer against malicious code, nor prevents future infections. We recommend that you install a full-featured antivirus solution <#> to protect your computer. Support If you have questions, comments, or suggestions related to Kaspersky Online Scanner 7.0, please contact us. About Kaspersky Online Scanner 7.0 Version 7.0.25.0 Database published Thursday, June 26, 2008 23:58:43 Operating system Microsoft Windows XP Home Edition Service Pack 3 (build 2600) User Forum Go to the Kaspersky Lab Forum. Malware information Find news and information about viruses and other threats at Viruslist.com. View information Warning * Kaspersky Online Scanner 7.0 is already running in another window. * Settings *Detect malicious programs of the following categories:* Viruses, Worms, Trojan Horses, Rootkits Spyware, Adware, Dialers, and other potentially dangerous programs *Scan compound files (doesn't apply to the File scan area):* Archives Mail databases
Jason Scott
Active Member
 
Posts: 7
Joined: June 15th, 2008, 6:05 pm

Re: Speed

Unread postby mz30 » June 28th, 2008, 1:27 pm

Hi jason,
The log you have posted is not the log that i was looking for.
Lets try something else :)


  1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Checked (ticked) all items and click on Remove Selected.
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: Speed

Unread postby Jason Scott » June 29th, 2008, 11:53 am

Malwarebytes' Anti-Malware 1.18
Database version: 898

8:51:06 AM 6/29/2008
mbam-log-6-29-2008 (08-51-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 714749
Time elapsed: 11 hour(s), 31 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 22
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Unloaded module successfully.
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Unloaded module successfully.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4a2c9def-83eb-4575-ad6c-2377fefc5122} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{56943d7c-2283-4d73-b2b1-46173b4844b4} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71c9109d-eb8d-49b9-9211-1cbe8a25a9aa} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{75f32b07-d45f-4d5b-9266-3863c65d5b29} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{84037416-6a70-46e5-9216-cdcc7e2513e7} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{94e14c33-2473-4185-9fa0-3d881bdb5c0b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{95d963d7-86e3-434e-bff6-fcddea5f9f24} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9dc10de5-5104-4554-aca0-d9f2d146cd4c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a140fe51-3136-4e0d-afda-1313b30adfef} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b41df4f9-0191-46e6-8107-16634fbc7f3c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{be1c526e-cccc-449c-a9cb-691b8c5e2769} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{be465556-f79d-476f-9457-74e49f8f400a} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8dfa789-47d3-4197-b187-23ae2d7dcf6a} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0277d0d-43c7-4eca-b8c4-545a2e71485b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea166dbf-eac4-4d33-b48d-a40b8c8fdec1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0ed2f90-de03-46ad-97c1-709e5a49422c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40331b9f-75e5-4e1e-b511-5aa6638b9ade} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\feyuabdt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ljJDsrQi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pmcybagq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvVLEwt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\uroeiyoc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Herb\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
Jason Scott
Active Member
 
Posts: 7
Joined: June 15th, 2008, 6:05 pm

Re: Speed

Unread postby mz30 » June 30th, 2008, 1:32 pm

Hi jason how is the p.c running now ?
Could you please post a fresh hjt log. :)
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: Speed

Unread postby Jason Scott » July 1st, 2008, 8:52 pm

Running slightly better thanks, but still slow and cpu seems to be working a lot. I have attached the report but I don't know where to find the log you asked for.
You do not have the required permissions to view the files attached to this post.
Jason Scott
Active Member
 
Posts: 7
Joined: June 15th, 2008, 6:05 pm

Re: Speed

Unread postby mz30 » July 2nd, 2008, 5:59 pm

Hi jason

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

If you decide to continue please follow the instructions below.



Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Image

Image

Double click on Combo-Fix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
***Warning: Run this tool only once.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: Speed

Unread postby Simon V. » July 8th, 2008, 11:55 am

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware