Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Some advice need please,

Options
  • 11-07-2009 11:09pm
    #1
    Donkathon
    Registered Users Posts: 932 ✭✭✭


    Ok i have another post about this that was moved here but i wanted to tidy it up before i posted here asking for help so here it is,


    Over the past few weeks i've had this popup keep popping up every 29 seconds,

    http://img14.imageshack.us/img14/30/screenshotofpopup.png

    My computer lagged which gave me time to screen capture it but havint been able to before and today is really the first day i've seen what is actually wrote on it.

    After using that Malwarebytes Anti-Malware on step 2 of this post I restarted me pc and it lagged again starting up,

    The popup appeared as usual but there was a little extra lag starting which gave me time to click the "Proxy settings" on it when this appeared

    http://img17.imageshack.us/img17/7090/screenshotofpopup2.png

    I had clicked the "No Proxy" option but had not clicked ok yet as i wanted to post it to ask advice about it cause i've never gotten that far with it before, but then as i was posting I minimized the boards window and it was gone.

    So now i've here again and so is the pop up, i've noticed that i mainly only pops up when my pc is not connected to the internet but now and again it does when i am,

    So now i'm gonig to go through the virus removal post again and follow the steps over and post results to see if anyone can help,

    Step 1: Almost complete except when i click on the TFC link it doesnt finish, when i hit run i get one of those boxes at the bottom of the screen titled TFC but it does nothing, thoght it might take time so left it for 20 minutes but still nothing.

    Step 2: Preformed scan with the Malwarebytes Anti-Malware

    Malwarebytes' Anti-Malware 1.38
    Database version: 2411
    Windows 5.1.2600 Service Pack 3
    11/07/2009 22:59:24
    mbam-log-2009-07-11 (22-59-24).txt
    Scan type: Quick Scan
    Objects scanned: 107135
    Time elapsed: 6 minute(s), 53 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)

    It didnt find anything this time but when i first ran it it found 4 infected items and removed them but they mustnt be connected to this pop up as it still appears,

    I'm going into the second part of step 2 now downloading
    IMGProVersion.gif

    Not finshed yet just have to close for the scan,

    Ok have just finshed the scan which took forever
    there were 39 tracking cookies found and 3 other adware items from casino's, (It removed my boylepoker and other ipoker downlaods)

    So step 2 is now complete

    Step 3: I'm going to skit this because i have updates turned on and i know it only updated last night.

    Step 4: I'm gonig to also skip this as I know the pop up is still here,

    Step 5:

    here is the log,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:09:37, on 12/07/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\VIAudioi\HDADeck\HDeck.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\windows\system\microsoft\updates\services.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system\microsoft\services.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.iqon.ie/
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [windows] C:\windows\system\microsoft\updates\services.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P4 /q C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\9GW2Q37H\ZPU_1_~1.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\ALLYI6AC\IFRAME~2.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\9GW2Q37H\FF2_1_~1.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\B6X8Q0G2\FF2_1_~1.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\9GW2Q37H\CONTRO~3.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\ALLYI6AC\FF2_1_~1.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\ZGIR5JPK\FF2_1_~1.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\ZGIR5JPK\ABVQS5~1.SH!
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Update Service (gupdate1c9c7dce8088181) (gupdate1c9c7dce8088181) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9697 bytes


    And this is the log from Rooter.exe

    Rooter.exe (v1.0.2) by Eric_71
    .
    SeDebugPrivilege granted successfully ...
    .
    Windows XP . (5.1.2600) Service Pack 3
    [32_bits] - x86 Family 6 Model 15 Stepping 6, GenuineIntel
    .
    [wscsvc] (Security Center) RUNNING (state:4)
    [SharedAccess] RUNNING (state:4)
    Windows Firewall -> Enabled
    .
    Internet Explorer 8.0.6001.18702
    .
    C:\ [Fixed-NTFS] .. ( Total:227 Go - Free:207 Go )
    D:\ [CD_Rom]
    E:\ [Removable]
    F:\ [Removable]
    G:\ [Removable]
    H:\ [Removable]
    I:\ [Removable]
    .
    Scan : 00:11.44
    Path : C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\H1Z3I7VT\Rooter[1].exe
    User : Home ( Administrator -> YES )
    .
    \\ Processes
    .
    Locked [System Process] (0)
    ______ System (4)
    ______ \SystemRoot\System32\smss.exe (568)
    ______ \??\C:\WINDOWS\system32\csrss.exe (616)
    ______ \??\C:\WINDOWS\system32\winlogon.exe (656)
    ______ C:\WINDOWS\system32\services.exe (700)
    ______ C:\WINDOWS\system32\lsass.exe (712)
    ______ C:\WINDOWS\system32\svchost.exe (888)
    ______ C:\WINDOWS\system32\svchost.exe (956)
    ______ C:\WINDOWS\System32\svchost.exe (1052)
    ______ C:\WINDOWS\system32\svchost.exe (1168)
    ______ C:\WINDOWS\system32\svchost.exe (1248)
    ______ C:\WINDOWS\system32\spoolsv.exe (1376)
    ______ C:\WINDOWS\system32\svchost.exe (1552)
    ______ C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe (1608)
    ______ C:\WINDOWS\eHome\ehRecvr.exe (1620)
    ______ C:\WINDOWS\eHome\ehSched.exe (1632)
    ______ C:\Program Files\Java\jre6\bin\jqs.exe (1840)
    ______ C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (1908)
    ______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (1980)
    ______ c:\program files\common files\mcafee\mna\mcnasvc.exe (280)
    ______ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (408)
    ______ C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (484)
    ______ C:\Program Files\McAfee\MPF\MPFSrv.exe (604)
    ______ C:\WINDOWS\system32\nvsvc32.exe (1072)
    ______ C:\WINDOWS\system32\svchost.exe (1136)
    ______ C:\WINDOWS\system32\svchost.exe (1216)
    ______ C:\WINDOWS\ehome\mcrdsvc.exe (2152)
    ______ C:\WINDOWS\Explorer.EXE (2692)
    ______ c:\PROGRA~1\mcafee.com\agent\mcagent.exe (3120)
    ______ C:\WINDOWS\ehome\ehtray.exe (3216)
    ______ C:\WINDOWS\sm56hlpr.exe (3224)
    ______ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (3296)
    ______ C:\Program Files\iTunes\iTunesHelper.exe (3304)
    ______ C:\WINDOWS\system32\VTTimer.exe (3316)
    ______ C:\Program Files\VIAudioi\HDADeck\HDeck.exe (3360)
    ______ C:\WINDOWS\system32\RunDLL32.exe (3384)
    ______ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (3408)
    ______ C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (3432)
    ______ C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (3520)
    ______ C:\Program Files\Java\jre6\bin\jusched.exe (3528)
    ______ C:\windows\system\microsoft\updates\services.exe (3536)
    ______ C:\WINDOWS\system32\ctfmon.exe (3552)
    ______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3600)
    ______ C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (3712)
    ______ C:\WINDOWS\system32\dllhost.exe (3944)
    ______ C:\WINDOWS\eHome\ehmsas.exe (1192)
    ______ C:\Program Files\iPod\bin\iPodService.exe (2312)
    ______ C:\WINDOWS\System32\alg.exe (2464)
    ______ C:\windows\system\microsoft\services.exe (2860)
    ______ C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (1964)
    ______ C:\WINDOWS\System32\svchost.exe (3416)
    ______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3476)
    ______ C:\Program Files\Internet Explorer\iexplore.exe (1720)
    ______ C:\Program Files\Internet Explorer\iexplore.exe (3336)
    ______ C:\Program Files\Internet Explorer\iexplore.exe (2184)
    ______ C:\Program Files\Internet Explorer\iexplore.exe (3004)
    ______ C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\H1Z3I7VT\Rooter[1].exe (3864)
    .
    \\ Device\Harddisk0\
    .
    \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
    .
    \Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:5881042944)
    \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:5881075200 | Length:244175662080)
    .
    \\ Scheduled Tasks
    .
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\Tasks\desktop.ini
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    C:\WINDOWS\Tasks\McDefragTask.job
    C:\WINDOWS\Tasks\McQcTask.job
    C:\WINDOWS\Tasks\SA.DAT
    .
    \\ Registry
    .
    .
    \\ Files & Folders
    .
    \\ Scan completed at 00:11.50
    .
    C:\Rooter$\Rooter_1.txt - (12/07/2009 | 00:11.50)








    So now I still havint gotten rid of it and i realy dont have a clue about computers so if someone has some advice its much appreciated,

    I still dont know if the pop up is from a legitimate program trying to get access to the internet or a virus, how can i find that out?

    Here is a screen shot of the processes in my task manager aslso just incase anyone here can seen anything there that shouldnt be or something


    http://img26.imageshack.us/img26/3770/screenshotoftaskmanager.png


    Any help much appreciated. cheers


Comments

  • Options
    #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Advertisement