BleepingComputer.com: Please help with Malware infection - tried everything!

Hello
This is my first time on a forum like this. Yesterday morning I was infected with a malware programme 'internet something' (can't quite remember) which I removed following a scan but was then infected with the 'Windows repair' virus on reboot.

Since then I have scanned with malwarebytes, mcafee, supervirusscan and mcafee stinger. I also manually removed the suggested files from the registry and unhid files. I thought all was back to normal this evening but now no internet browsers will open, the internet connection is undetected again and malwarebytes will only open with a name change so it is obviously still badly infected. Not sure what to do now? Have just run combofix and here is the log. I am at a loss now, help!


ComboFix 11-04-02.03 - Deb 02/04/2011 23:02:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.521 [GMT 1:00]
Running from: c:\documents and settings\Deb\Desktop\ComboFit.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Deb\Application Data\Adobe\plugs
c:\documents and settings\Deb\Application Data\Adobe\shed
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\10541.dll
c:\windows\system32\encapi32.dll
c:\windows\system32\rnaph.dll
c:\windows\ukuvigulusefub.dll
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 20:41 . 2011-04-02 20:41 -------- d-----w- C:\lspfix
2011-04-02 18:50 . 2011-04-02 18:51 -------- d-----w- C:\ERDNT
2011-04-02 13:13 . 2011-04-02 13:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-02 12:09 . 2011-04-02 12:09 -------- d-----w- c:\documents and settings\Administrator
2011-04-01 14:44 . 2011-04-01 14:45 -------- d-----w- c:\program files\Spyware Cease 2011
2011-04-01 12:01 . 2011-04-01 12:01 -------- d-----w- c:\documents and settings\Deb\Application Data\SUPERAntiSpyware.com
2011-04-01 12:01 . 2011-04-01 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-01 09:37 . 2011-04-01 09:37 -------- d-----w- c:\documents and settings\Deb\Application Data\Malwarebytes
2011-04-01 09:19 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-01 09:19 . 2011-04-01 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-01 09:19 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-01 09:19 . 2011-04-02 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-01 07:54 . 2011-04-02 06:09 0 ----a-w- c:\windows\Pxulaku.bin
2011-04-01 07:54 . 2011-04-01 07:54 -------- d-----w- c:\documents and settings\Deb\Local Settings\Application Data\{30E1ECC3-5E71-4C99-8F36-64924188E606}
2011-03-29 16:35 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{F9C3E3D8-534B-4574-BD09-93BB328475DD}\mpengine.dll
2011-03-05 01:36 . 2011-03-05 01:36 -------- d-----w- c:\documents and settings\Deb\Local Settings\Application Data\PCHealth
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:05 . 2007-04-11 08:55 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2004-08-10 11:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-10 11:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 18:11 . 2009-10-03 18:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2004-08-10 12:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-10 12:01 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-10 11:51 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 23:30 . 2011-01-12 23:30 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-01-07 14:09 . 2004-08-10 11:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-13 22:28 . 2010-05-22 07:07 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a2dade19-b17a-4e43-b6ed-a7177c98303c}"= "c:\program files\Physiobase_Physio_Forum\tbPhy1.dll" [2010-07-31 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{a2dade19-b17a-4e43-b6ed-a7177c98303c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a2dade19-b17a-4e43-b6ed-a7177c98303c}"= "c:\program files\Physiobase_Physio_Forum\tbPhy1.dll" [2010-07-31 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{a2dade19-b17a-4e43-b6ed-a7177c98303c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A2DADE19-B17A-4E43-B6ED-A7177C98303C}"= "c:\program files\Physiobase_Physio_Forum\tbPhy1.dll" [2010-07-31 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{a2dade19-b17a-4e43-b6ed-a7177c98303c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\program files\Microsoft Money\System\reminder.exe" [1998-07-24 36864]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-08 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-01 26112]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SpywareCease2011.exe"="c:\program files\Spyware Cease 2011\SpywareCease2011.exe" [2011-04-01 3615744]
"SCHelper.exe"="c:\program files\Spyware Cease 2011\SCHelper.exe" [2011-02-16 403456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Deb\Start Menu\Programs\Startup\
Workrave.lnk - c:\program files\Workrave\lib\Workrave.exe [2006-5-13 2943488]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-1 24576]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-7 180224]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [13/01/2011 00:30 53816]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [22/05/2010 08:07 84072]
R1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys [04/03/2011 08:50 55224]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [13/01/2011 00:30 63160]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [13/01/2011 00:30 156344]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [22/05/2010 08:07 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [22/05/2010 08:07 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [22/05/2010 08:07 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [22/05/2010 08:07 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [22/05/2010 08:07 141792]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24/10/2009 03:18 360224]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [13/01/2011 00:30 821048]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [22/05/2010 08:07 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [22/05/2010 08:07 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [22/05/2010 08:07 88544]
S3 cel90xbe;cel90xbe;\??\c:\docume~1\Deb\LOCALS~1\Temp\cel90xbe.sys --> c:\docume~1\Deb\LOCALS~1\Temp\cel90xbe.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [22/05/2010 08:07 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [22/05/2010 08:07 84264]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
*Deregistered* - RapportIaso
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
2011-04-02 c:\windows\Tasks\User_Feed_Synchronization-{518F1DE7-D91E-48C6-80C1-E597F195A57E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
2011-03-25 c:\windows\Tasks\{00CC9C6A-10A9-4D58-A68B-571215F89098}_PC_Deb.job
- c:\windows\system32\mobsync.exe [2004-08-10 00:12]
.
2011-04-01 c:\windows\Tasks\{7A959752-471D-441C-AA0C-41B05FDD22B9}_PC_Deb.job
- c:\windows\system32\mobsync.exe [2004-08-10 00:12]
.
2011-03-25 c:\windows\Tasks\{D5337661-9AD0-4FCE-BB07-D006AD3879E6}_PC_Deb.job
- c:\windows\system32\mobsync.exe [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: autoregister.net\tesco
Trusted Zone: bbc.co.uk\iplayersupport.external
Trusted Zone: ntl.com\memberservices.tesco
Trusted Zone: ntl.com\register-tesco.qa.business
Trusted Zone: tesco.net\memberservices
DPF: NTLSignup - hxxps://tesco.autoregister.net/tesco/NTLSignup.cab
FF - ProfilePath - c:\documents and settings\Deb\Application Data\Mozilla\Firefox\Profiles\u55gj3ar.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {30E1ECC3-5E71-4C99-8F36-64924188E606} - c:\documents and settings\Deb\Local Settings\Application Data\{30E1ECC3-5E71-4C99-8F36-64924188E606}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Mobipocket Reader Notifications - c:\documents and settings\Deb\My Documents\Pocket_PC My Documents\readernotify.exe
HKCU-Run-kBwGFkVoRULCX - c:\documents and settings\All Users\Application Data\kBwGFkVoRULCX.exe
HKLM-Run-Fjisopogi - c:\windows\ukuvigulusefub.dll
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 23:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(984)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(7240)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Workrave\lib\harpoon.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\stsystra.exe
c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
.
**************************************************************************
.
Completion time: 2011-04-02 23:31:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-02 22:31
.
Pre-Run: 123,544,657,920 bytes free
Post-Run: 126,510,018,560 bytes free
.
- - End Of File - - E379CDD70DA123A50E987018E12761C3

Thank you, sorry realise I broke the rules by running combofix before asked but had already started before decided to post on here.

This post has been edited by Common2: 02 April 2011 - 05:36 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
  
  
• Save it to your desktop.
  
• Double click on the icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• In the custom scan box paste the following:
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  wininit.exe
  hlp.dat
  /md5stop

  
  
• Push the button.
  
• Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
    
  • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.