Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen


  • Please log in to reply
13 replies to this topic

#1 peteg40

peteg40

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 01 May 2009 - 04:37 PM

Hi,

My desktop is running slowly on occasions and at other times it runs ok...... then i get the blue screen up.... i also get a lot of screen freezing.....

Sorry can't give you anything more technical :thumbup2:

Attached Files



BC AdBot (Login to Remove)

 


#2 peteg40

peteg40
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 06 May 2009 - 01:31 PM

Just bumping to the top....struggling big time here

===============
Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 06 May 2009 - 10:47 PM.


#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:35 PM

Posted 16 May 2009 - 05:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 peteg40

peteg40
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 18 May 2009 - 04:23 PM

Thank you Koan Yorel..... i will do what you asked me to do tomorrow 19th May....Very busy at the moment....

#5 peteg40

peteg40
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 19 May 2009 - 04:24 PM

Tried to run Checks done as was asked but could not save files to desktop for some reason tried this a number of times and got no joy!!!!!

#6 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:35 PM

Posted 19 May 2009 - 04:26 PM

OK, then try an HJT log?
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#7 peteg40

peteg40
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 20 May 2009 - 04:28 PM

Sorry but don't understand what is a OK, then try an HJT log?

#8 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:35 PM

Posted 20 May 2009 - 04:33 PM

OK = American term = okay

Here are instructions for doing an HJT logl

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#9 peteg40

peteg40
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 22 May 2009 - 09:15 AM

Ok Done...

<Edited to place DDS.txt in-line ~ Maurice>


DDS (Ver_09-05-14.01) - NTFSx86
Run by pete at 15:11:25.43 on 22/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05

============== Pseudo HJT Report ===============

uSEARCH PAGE = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [????r]
uRun: [?????????] ??????????????e
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [eRecoveryService]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [LXDICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDItime.dll,_RunDLLEntry@16
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [btbb_wcm_McciTrayApp] "c:\program files\bt broadband desktop help\btbb_wcm\McciTrayApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SoftwareStation] "c:\program files\eacceleration\station\station.exe" /b Startup
mRun: [webscan] "c:\program files\acceleration software\anti-virus\stopsignav.exe" -k
mRun: [OnAccess] "c:\program files\eacceleration\onaccess\onaccess.exe" -erk
uPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - c:\microgaming\poker\stanjamesgibmpp\MPPoker.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: motive.com\pbttbc.bt
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SEH: ExecuteMonitorShellHook Class: {42dd0873-5fa9-465d-90de-0826020416a5} - c:\program files\eacceleration\onaccess\onaccess_hk32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\pete\appdata\roaming\mozilla\firefox\profiles\itmkjner.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-05-09 13:57 <DIR> --d----- c:\users\pete\appdata\roaming\Malwarebytes
2009-05-09 13:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-09 13:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 13:57 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-09 13:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-09 13:57 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-04 18:28 154,818,809 a------- c:\windows\MEMORY.DMP
2009-05-02 23:27 <DIR> --d----- c:\program files\CCleaner
2009-04-24 18:39 34 a------- c:\users\pete\jagex_runescape_preferences.dat

==================== Find3M ====================

2009-03-17 04:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 04:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 04:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-08 12:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 12:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 12:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 12:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 12:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 12:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 12:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 12:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 12:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 12:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 12:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 12:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 12:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 12:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 12:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 12:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 12:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 12:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-03 05:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 05:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 05:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 05:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 05:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 05:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 05:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 05:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 04:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 03:38 17,408 a------- c:\windows\system32\iashost.exe
2009-02-22 17:24 51,200 a------- c:\windows\inf\infpub.dat
2009-02-22 17:23 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-22 17:23 86,016 a------- c:\windows\inf\infstor.dat
2008-07-03 19:20 174 a--sh--- c:\program files\desktop.ini
2008-07-03 19:06 665,600 a------- c:\windows\inf\drvindex.dat
2007-07-25 20:10 60,968 a------- c:\users\pete\GoToAssistDownloadHelper.exe
2007-06-01 20:46 0 a------- c:\users\pete\appdata\roaming\wklnhst.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:12:02.39 ===============

Edited by Maurice Naggar, 22 May 2009 - 11:06 AM.


#10 peteg40

peteg40
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 22 May 2009 - 09:21 AM

This is the second

#11 peteg40

peteg40
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 22 May 2009 - 09:22 AM

Sorry now you should have :thumbup2:

<Edited to place Attach.txt in-line ~ Maurice>


==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Empowering Technology
Acer ePerformance Management
Acer Picture Slide DVD
Acer Plug and Record
Acer ScreenSaver
Acer Zone Main Page
Acer Zone MakeDisk
Acer Zone SoftDMA
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.1
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center Ex
ATI Catalyst Install Manager
Betfair Poker
BT Broadband Desktop Help
BT Email Configuration Tool
BT Wireless Connection Manager
BT Yahoo! Applications
BTHomeHub
CCleaner (remove only)
DivX Content Uploader
DivX Web Player
FinePixViewer Ver.4.3
Football Manager 2008
GameColony Gin Rummy for Windows
ieSpell
iTunes
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Learn2 Player (Uninstall Only)
Lexmark 3500-4500 Series
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Zoo Tycoon
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
Paddy Power Poker
Poker at bet365
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Roxio Media Manager
Rummy Royal
Security Update for Excel 2007 (KB934670)
Security Update for Office 2007 (KB934062)
Spelling Dictionaries Support For Adobe Reader 9
Stan James Poker.com
Stan James Poker.com Poker
StopSign Internet Security
Symantec Technical Support Web Controls
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB933688)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Word 2007 (KB934173)
Update Service
Viewpoint Media Player5
WG111v2 Configuration Utility
William Hill Poker
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Media Player Firefox Plugin
Yahoo! Toolbar

==== End Of File ===========================

Edited by Maurice Naggar, 22 May 2009 - 11:08 AM.


#12 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:35 PM

Posted 22 May 2009 - 11:33 AM

Hello peteg40,

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!
These steps are for this member only. If you are a casual observer & not this OP, do NOT try this on your system!


If at any point, if you have a question or problem, STOP & make a post to the forum.
Also, do not run or start any other programs while these utilities and tools are in use!

Please do NOT run any other tools on your own or do any fixes other than what is listed here.

Close all browsers and all other programs that you have started.


1. Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image


* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on Combo-Fix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on NO, and exit Combofix.

Next, Open Notepad and copy/paste the text in the quotebox below into it:

KillAll::

DDS::
uRun: [????r]
uRun: [?????????] ??????????????e
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

=
Start your MBAM.
Click the Settings Tab. Make sure all option lines have a checkmark.
Click the Update tab. Press the "Check for Updates" button.
At this time, the current definitions are # 2159 or later. The latest program version is 1.36 (released April 6)

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

=

Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

=

reply with copy of C:\Combofix.txt
the MBAM scan log
checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar, 22 May 2009 - 11:41 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#13 peteg40

peteg40
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 26 May 2009 - 04:23 PM

Hi Maurice,

Sorry for delay in getting back to you, but been busy with work.

Anyway started to do as you asked and got this message and didn't know what to do thought i would ask first.....

Message i got was...... You have choosen to display protected operating system files (files labelled system and hidden) in Windows explorer.

These files are required to start and run windows Deleting or editing them can make your computer inoperable.

Are you sure you want to display these files.

I await your reply.

Pete

#14 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:35 PM

Posted 30 May 2009 - 06:04 AM

Hello Pete,

We definitely want to show all files while we hunt and look for malwares. Please reply Yes to the "Are you sure" prompt and do proceed forward with the steps I outlined before.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users