Hello,
Did you reinstall or repair on June 14 th ?
Log doesn't show much, couple of nasty files and a flash drive infector.
Let's try this, but if no Safe Mode, it's gonna be very difficult to get rid of a bot.
Copy/paste the following text into a new Notepad document. Make sure that you have one blank line at the end of the document as shown in the quoted text.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smss"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"smss"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
Save it to your desktop as
Fixme.reg. Save it as :
File Type: All Files (not as a text document or it wont work).
Name: Fixme.reg
Do not use yet
______________________________
Download
http://www.techsupportforum.com/sectool ... fector.exe
Follow instructions on screen.
______________________________
Locate
Fixme.reg on your desktop and double-click it. When asked if you want to merge with the registry, click
YES. Wait for the
merged successfully prompt.
______________________________
Download
SDFix and save it to your Desktop.
Double click
SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in
Safe Mode by doing the following :
- Restart your computer
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account..
______________________________
Note : If you can't run Safe Mode, download Download SafeBootKeyRepair
http://download.bleepingcomputer.com/sU ... Repair.exeSave it to your desktop. Double Click to run it, and follow instruction.
______________________________
If Safeboot works, perform below :
Using
Windows Explorer,
Navigate to
C:\Windows\TempClick
Edit, click
Select All, press the DELETE key, and then click
Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to
C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\TempClick
Edit, click
Select All, press the DELETE key, and then click
Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your
Temporary Internet files. Proceed like this:
Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.For Internet Explorer 7- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete... under Browsing History.
- Next to Temporary Internet Files, click Delete files, and then click OK.
- Next to Cookies, click Delete cookies, and then click OK.
- Next to History, click Delete history, and then click OK.
- Click the Close button.
- Click OK.
For Internet Explorer 4.x - 6.x- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK.
- On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
- Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
- Click OK.
For Netscape 4.x and Up - Click Edit from the Netscape menubar.
- Click Preferences... from the Edit menu.
- Expand the Advanced menu by clicking the triangle sign.
- Click Cache.
- Click both the Clear Memory Cache and the Clear Disk Cache buttons.
For Mozilla 1.x and Up - Click Edit from the Mozilla menubar.
- Click Preferences... from the Edit menu.
- Expand the Advanced menu by clicking the plus sign.
- Click Cache.
- Click the Clear Cache button.
For Opera - Click File from the Opera menubar.
- Click Preferences... from the File menu.
- Click the History and Cache menu.
- Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
- Click Ok to close the Preferences menu.
Empty the Recycle Bin by right-clicking the
Recycle Bin icon on your Desktop, and then click
Empty Recycle Bin.
______________________________
Using
Windows Explorer,
Search and
Delete these
Folders if listed:
C:\WINDOWS\system32\idjaajfgh
Using
Windows Explorer,
Search and
Delete these
Files if listed:
C:\WINDOWS\system32\RVHIOST.exe
C:\WINDOWS\system32\nhatquanglan5.exe
C:\WINDOWS\system32\ff_vfw.dll
______________________________
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons loaded, the SDFix report will open on screen and will also be saved into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). - Finally paste the contents of the Report.txt back on the forum with a new HijackThis log.
Reboot in Normal Mode.
Try Hijackthis and give me a new SystemScan report too please. Let me know how everything went, especially if you could boot into Safe Mode. If not, we will have to delete the files differently.
Kim