Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Your system is infected message
Options
-
14-08-2009 11:06amHi i'll give a little background:
I use Avira Antivirus software for virus protection when online.
Recently someone at home clicked some link and the antivirus program started detecting loads of trojan viruses and askin to either delete or quarantine these etc. So I clicked delete on all of those - but I think it was too late as a big red x was appearing in the corner of the screen and a message came up saying windows is infected click here to install something that will help it - so clicking there was doing nothing (possibly the message was the virus itself) and i ran a full system scan which found nothing.
Then I installed the latest version of antivirus but as computer froze i just turned it off.
When i turned it on windows failed to start and a message asked do you want to go back to the last time it was all working fine? I clicked that and windows loaded and a message in the corner said malicious software has been removed?
Also a warning that the firewall is turned off - so i turned it on.
Then i started another full system scan and decided to turn on the internet, 30 seconds later that message came up again that your computer is infected and the firewall is turned off! so I shut off the internet connection and the system scan found 7 viruses all of which were moved to quarantine and then i deleted them.
Any good antivirus software that you guys know of that I could run to catch this thing? I don't think the virus is gone yet0
Comments
-
Install malwarebytes and run that.
Also never click on any popups. Ever. No matter what they say.0 -
oh i know that - but i also think i know who the culprit is who clicked on something ugh. many thanks i'll try that.0
-
Hi again,
I've tried malwarebytes - it is very good for the detections now i have to say. It solved the problem temporarily - until i turned on the internet and the can of worms opened up again.
There is some executable virus in the system folder which i cannot remove.
Everytime i do it appears again
The trojan horses that get in once i turn on the internet disable any security features - firewall etc and kill the antivirus program
I guess there isnt anything left but to get the backup disk and reboot the whole thing?0 -
hi
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
- During the download, rename Combofix to Combo-Fix as follows:
- It is important you rename Combofix during the download, but not after.
- Please do not rename Combofix to other names, but only to the one indicated.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combo-Fix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\Combo-Fix.txt" for further review.
0 - If you are using Firefox, make sure that your download settings are as follows:
-
Hi ASJ - here's the report:
ComboFix 09-08-19.0C - Catherine 20/08/2009 19:25.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.447.234 [GMT 1:00]
Running from: c:\documents and settings\Catherine\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090820-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Desktop\avast! Antivirus.lnk
c:\documents and settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010
c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk
c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk
c:\recycler\S-1-5-21-3302864472-1465077461-2199518539-1003
C:\smp.bat
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\braviax.exe
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\dzgtactx.dll
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP746\A0254057.sys
Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP756\A0259314.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_IPRIP
\Service_Iprip
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.
2009-08-20 17:53 . 2009-08-20 18:49 3141664 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-15 07:26 . 2009-08-20 17:55 29184 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-15 07:12 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-15 07:12 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-15 07:12 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-15 07:12 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-15 07:12 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-15 07:12 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-15 07:12 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-15 07:12 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-15 07:12 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-15 07:12 . 2009-08-15 07:12
d
w- c:\program files\Alwil Software
2009-08-15 06:58 . 2009-08-15 06:58
d
w- c:\program files\Avira
2009-08-15 06:21 . 2009-08-15 06:22
d
w- c:\windows\system32\XPSViewer
2009-08-15 06:21 . 2009-08-15 06:21
d
w- c:\program files\MSBuild
2009-08-15 06:21 . 2009-08-15 06:21
d
w- c:\program files\Reference Assemblies
2009-08-15 06:06 . 2008-07-06 12:06 89088
w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 06:06 . 2008-07-06 12:06 575488
w- c:\windows\system32\xpsshhdr.dll
2009-08-15 06:06 . 2008-07-06 12:06 575488
w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 06:06 . 2008-07-06 12:06 1676288
w- c:\windows\system32\xpssvcs.dll
2009-08-15 06:06 . 2008-07-06 12:06 1676288
w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 06:06 . 2008-07-06 12:06 117760
w- c:\windows\system32\prntvpt.dll
2009-08-15 06:06 . 2008-07-06 10:50 597504
w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 06:06 . 2009-08-15 06:21
d
w- C:\99c166ac603671a1763a
2009-08-15 06:05 . 2009-08-15 06:40
d
w- c:\windows\SxsCaPendDel
2009-08-14 18:52 . 2009-08-14 18:52
d
w- c:\documents and settings\Catherine\Application Data\Malwarebytes
2009-08-14 18:52 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 18:51 . 2009-08-14 18:51
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-14 18:51 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-14 18:51 . 2009-08-14 18:52
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 22:11 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-12 20:28 . 2009-08-12 20:28 619584 ----a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-12 17:53 . 2009-07-10 13:27 1315328
w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800
w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 18:22 . 2008-06-17 07:37 176128 ----a-w- c:\documents and settings\Makar\Application Data\Mozilla\Firefox\Profiles\rfmzsl91.default\extensions\LGBExec@liveglobalbid.com\components\nplgbexc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 18:55 . 2007-05-06 18:26
d
w- c:\documents and settings\Catherine\Application Data\Skype
2009-08-20 18:49 . 2009-08-20 17:53 37892 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-15 07:00 . 2005-10-14 19:11 80640 ----a-w- c:\documents and settings\Catherine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 22:22 . 2007-07-28 18:44
d
w- c:\documents and settings\Catherine\Application Data\vmntoolbar
2009-08-05 09:01 . 2004-08-10 16:38 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2009-07-17 19:01 58880 ----a-w- c:\windows\system32\SET46.tmp
2009-07-17 19:01 . 2004-08-10 16:37 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2004-08-10 16:38 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-10 16:38 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-10 16:37 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-10 16:37 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-26 21:55 . 2007-08-16 21:48
d
w- c:\program files\Quickpay
2009-06-25 08:25 . 2009-06-25 08:25 56832 ----a-w- c:\windows\system32\SET14.tmp
2009-06-25 08:25 . 2009-06-25 08:25 54272 ----a-w- c:\windows\system32\SET13.tmp
2009-06-25 08:25 . 2009-06-25 08:25 301568 ----a-w- c:\windows\system32\SET17.tmp
2009-06-25 08:25 . 2009-06-25 08:25 147456 ----a-w- c:\windows\system32\SET15.tmp
2009-06-25 08:25 . 2009-06-25 08:25 136192 ----a-w- c:\windows\system32\SET16.tmp
2009-06-25 08:25 . 2004-08-10 16:38 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 16:38 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 16:38 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 16:38 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-10 16:37 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 16:37 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-10 16:37 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-10 16:38 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:37 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 20:58 . 2009-06-15 20:58 10459688 ----a-w- c:\documents and settings\All Users\Application Data\Sage\SBD Software Updates\Installed\Quickpayv9_2bUpdate.exe
2009-06-12 12:31 . 2004-08-10 16:38 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 16:37 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2004-08-10 16:54 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 16:38 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 16:38 1291264 ----a-w- c:\windows\system32\quartz.dll
2008-04-08 09:10 . 2008-04-08 09:02 24 --sh--w- c:\windows\S766F619A.tmp
.
Sigcheck
[-] 2009-08-20 17:55 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\system32\dllcache\beep.sys
c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-07-23 57344]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-03-10 180269]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshearts.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/08/2009 08:12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/08/2009 08:12 20560]
R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10/03/2005 11:36 671104]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\CATHER~1\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\CATHER~1\LOCALS~1\Temp\bDMusicb.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17/11/2007 16:11 10976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
2009-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
Notify-st3d - c:\windows\system32\st3d.dll
SafeBoot-Wdf01000.sys
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: &Search
FF - ProfilePath - c:\documents and settings\Catherine\Application Data\Mozilla\Firefox\Profiles\b61as866.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 19:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(788)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Norton GoBack\GBPoll.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\slserv.exe
c:\windows\system32\snmp.exe
c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2009-08-20 20:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 19:05
Pre-Run: 64,084,611,072 bytes free
Post-Run: 75,425,181,696 bytes free
232 --- E O F --- 2009-08-20 18:170 -
Advertisement
-
minxie make your own topic please
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:File::
FCopy::
c:\windows\system32\dllcache\beep.sys | c:\windows\system32\drivers\beep.sys
KillAll::
Folder::
Registry::
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Please download OTM- Save it to your desktop.
- Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes :Services :Reg :Files c:\windows\system32\SET*.tmp :Commands [purity] [emptytemp] [Reboot]
- Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM and reboot your PC.
0 -
OTM log file: (I have since rebooted the computer)
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\system32\SET13.tmp moved successfully.
c:\windows\system32\SET14.tmp moved successfully.
c:\windows\system32\SET15.tmp moved successfully.
c:\windows\system32\SET16.tmp moved successfully.
c:\windows\system32\SET17.tmp moved successfully.
c:\windows\system32\SET46.tmp moved successfully.
c:\windows\system32\SET50.tmp moved successfully.
c:\windows\system32\SET62.tmp moved successfully.
c:\windows\system32\SET7E.tmp moved successfully.
c:\windows\system32\SET84.tmp moved successfully.
c:\windows\system32\SET87.tmp moved successfully.
c:\windows\system32\SET8A.tmp moved successfully.
c:\windows\system32\SET9A.tmp moved successfully.
c:\windows\system32\SETA0.tmp moved successfully.
c:\windows\system32\SETAF.tmp moved successfully.
c:\windows\system32\SETB2.tmp moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: C
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1025062 bytes
->Java cache emptied: 9550827 bytes
->FireFox cache emptied: 77542322 bytes
User: D
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: M
File delete failed. C:\Documents and Settings\M\Local Settings\Temp\hsperfdata_M\2512 scheduled to be deleted on reboot.
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 13526274 bytes
->Java cache emptied: 8716519 bytes
->FireFox cache emptied: 67050402 bytes
User: N
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 65603 bytes
User: Owner
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 19593 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5a0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 169.52 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08222009_125913
Files moved on Reboot...
File move failed. C:\Documents and Settings\M\Local Settings\Temp\hsperfdata_M\2512 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_5a0.dat moved successfully.
Registry entries deleted on Reboot...
AND ComboFix output:
ComboFix 09-08-19.0C - Catherine 22/08/2009 12:27.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.447.184 [GMT 1:00]
Running from: c:\documents and settings\Catherine\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Catherine\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090821-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
FCopy
c:\windows\system32\dllcache\beep.sys --> c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.
2009-08-22 11:27 . 2004-08-04 14:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-22 11:27 . 2004-08-04 14:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-20 17:53 . 2009-08-20 18:49 3141664 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-15 07:12 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-15 07:12 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-15 07:12 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-15 07:12 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-15 07:12 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-15 07:12 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-15 07:12 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-15 07:12 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-15 07:12 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-15 07:12 . 2009-08-15 07:12
d
w- c:\program files\Alwil Software
2009-08-15 06:58 . 2009-08-15 06:58
d
w- c:\program files\Avira
2009-08-15 06:21 . 2009-08-15 06:22
d
w- c:\windows\system32\XPSViewer
2009-08-15 06:21 . 2009-08-15 06:21
d
w- c:\program files\MSBuild
2009-08-15 06:21 . 2009-08-15 06:21
d
w- c:\program files\Reference Assemblies
2009-08-15 06:06 . 2008-07-06 12:06 89088
w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 06:06 . 2008-07-06 12:06 575488
w- c:\windows\system32\xpsshhdr.dll
2009-08-15 06:06 . 2008-07-06 12:06 575488
w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 06:06 . 2008-07-06 12:06 1676288
w- c:\windows\system32\xpssvcs.dll
2009-08-15 06:06 . 2008-07-06 12:06 1676288
w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 06:06 . 2008-07-06 12:06 117760
w- c:\windows\system32\prntvpt.dll
2009-08-15 06:06 . 2008-07-06 10:50 597504
w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 06:06 . 2009-08-15 06:21
d
w- C:\99c166ac603671a1763a
2009-08-15 06:05 . 2009-08-15 06:40
d
w- c:\windows\SxsCaPendDel
2009-08-14 18:52 . 2009-08-14 18:52
d
w- c:\documents and settings\Catherine\Application Data\Malwarebytes
2009-08-14 18:52 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 18:51 . 2009-08-14 18:51
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-14 18:51 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-14 18:51 . 2009-08-14 18:52
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 22:11 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-12 20:28 . 2009-08-12 20:28 619584 ----a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-12 17:53 . 2009-07-10 13:27 1315328
w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800
w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 18:22 . 2008-06-17 07:37 176128 ----a-w- c:\documents and settings\Makar\Application Data\Mozilla\Firefox\Profiles\rfmzsl91.default\extensions\LGBExec@liveglobalbid.com\components\nplgbexc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 11:40 . 2007-05-06 18:26
d
w- c:\documents and settings\Catherine\Application Data\Skype
2009-08-20 18:49 . 2009-08-20 17:53 37892 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-15 07:00 . 2005-10-14 19:11 80640 ----a-w- c:\documents and settings\Catherine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 22:22 . 2007-07-28 18:44
d
w- c:\documents and settings\Catherine\Application Data\vmntoolbar
2009-08-05 09:01 . 2004-08-10 16:38 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2009-07-17 19:01 58880 ----a-w- c:\windows\system32\SET46.tmp
2009-07-17 19:01 . 2004-08-10 16:37 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2004-08-10 16:38 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-10 16:38 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-10 16:37 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-10 16:37 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-26 21:55 . 2007-08-16 21:48
d
w- c:\program files\Quickpay
2009-06-25 08:25 . 2009-06-25 08:25 56832 ----a-w- c:\windows\system32\SET14.tmp
2009-06-25 08:25 . 2009-06-25 08:25 54272 ----a-w- c:\windows\system32\SET13.tmp
2009-06-25 08:25 . 2009-06-25 08:25 301568 ----a-w- c:\windows\system32\SET17.tmp
2009-06-25 08:25 . 2009-06-25 08:25 147456 ----a-w- c:\windows\system32\SET15.tmp
2009-06-25 08:25 . 2009-06-25 08:25 136192 ----a-w- c:\windows\system32\SET16.tmp
2009-06-25 08:25 . 2004-08-10 16:38 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 16:38 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 16:38 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 16:38 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-10 16:37 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 16:37 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-10 16:37 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-10 16:38 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:37 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 20:58 . 2009-06-15 20:58 10459688 ----a-w- c:\documents and settings\All Users\Application Data\Sage\SBD Software Updates\Installed\Quickpayv9_2bUpdate.exe
2009-06-12 12:31 . 2004-08-10 16:38 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 16:37 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2004-08-10 16:54 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 16:38 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 16:38 1291264 ----a-w- c:\windows\system32\quartz.dll
2008-04-08 09:10 . 2008-04-08 09:02 24 --sh--w- c:\windows\S766F619A.tmp
.
((((((((((((((((((((((((((((( SnapShot@2009-08-20_18.54.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 11:09 . 2009-08-22 11:09 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat
+ 2009-08-22 11:39 . 2009-08-22 11:39 16384 c:\windows\Temp\Perflib_Perfdata_1e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-07-23 57344]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-03-10 180269]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshearts.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/08/2009 08:12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/08/2009 08:12 20560]
R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10/03/2005 11:36 671104]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\CATHER~1\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\CATHER~1\LOCALS~1\Temp\bDMusicb.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17/11/2007 16:11 10976]
S3 ntportio;ntportio;\??\c:\documents and settings\Makar\Desktop\New Folder\semc\ntportio.sys --> c:\documents and settings\Makar\Desktop\New Folder\semc\ntportio.sys [?]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [16/10/2006 18:10 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [16/10/2006 18:10 85696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
2009-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: &Search
FF - ProfilePath - c:\documents and settings\Catherine\Application Data\Mozilla\Firefox\Profiles\b61as866.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 12:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(1492)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Norton GoBack\GBPoll.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2009-08-22 12:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-22 11:53
ComboFix2.txt 2009-08-20 19:05
Pre-Run: 75,428,114,432 bytes free
Post-Run: 75,376,263,168 bytes free
214 --- E O F --- 2009-08-20 18:17
I turned off all the anti virus processes, but combo fix reboots the computer automatically, and once it switches on AVASt starts up automatically.
The only way to make sure that they are all switched off is to uninstall any antivirus programs I have - is it safe to do that though?0 -
I think you should ignore all the marketing replies you have been receiving from antivirus program dealers.
If you really want to get rid of little nasties, then U need to do it by hand or get a decent non-windows scanner.
I recommend backup all your files, then either buy a new hardrive and start all over again with all original os and driver discs, or else run a serious multi-sweep wiper/randomiser over your old hard drive. Also flush the bios and pull out the battery for a good 24 hours, and/or pin the bios memory eraser just to be sure.
good luck ! Would like to know how it turns out if u email me?0 -
hi pete
thanks for that
i actually think its all working fine now those programs seem to have cleaned the computer up
i also installed a thing called system mechanic and it fixed few other problems i was having and everything seems to be working fine i'm not getting any virus warnings or icons
thanks anyway0 -
hi
Download TFC to your desktop- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Archives
Mail databases
[*]Once the scan is complete, it will display the results. Click on View Scan Report.
[*]You will see a list of infected items there. Click on Save Report As....
[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.0 -
Advertisement
Advertisement