Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected with Boot.TidServ.B on Windows Vista


  • This topic is locked This topic is locked
2 replies to this topic

#1 sweetiepie88448844

sweetiepie88448844

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 06 March 2011 - 04:41 PM

Good evening!

First of all I really appreciate that the on people on this website give there time and effort, unpaid, to help others who do not have the expertise to fix frustrating computer issues, so a big thanks in advance.

I have a Toshiba Satellite A300-1MC, 3gb Ram, Windows Vista Home premium with service pack 2, 32 bit operating system, intel core 2 duo processor. If you needed to know that!

2 weeks ago I began experiencing significantly slower speed on my computer when working and when on the internet. When I've previously had a virus there have been pop ups with fake adverttisment to buy fake anti virus etc but all I'm experiencing is random advertising window popping up on internet explorer, however these simply close when requested. I'm also getting pop ups saying the host process services for windows has stopped working regularly. Most worrying is y computer will often cut out and a blue screen appear, the blue screen doesnt stay on long enough for me to write down error code.

Norton anti virus, pc tools malware doctor and malwarebytes do not detect the virus. So i decided to boot norton from disk and do a full system scan. Boot.TidServ.B was detected but norton couldnt fix or remove it. On a norton community website this tool was recommended... norton.com/npe which i installed and scanned my computer. It came up with some risks and i deleted them (i didnt write these down sorry!) However since then my computer seems unable to boot into cormal mode- everytime the bluey green windows screen starts loading (the one before the login screen appears) the blue error screen pops up. But works in safe mode fine. Also i noticed there seems to be a problem with my system restore and back up facility, like it wont let me open it, and also my pc tools malware doctor has been popping up a message about being un able to create a restore point for the last couple of weeks.

I think I've rambled and probably havent told you stuff you needed to know, but here are the logs as requested...


.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Jessica at 20:25:05.92 on 06/03/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.2355 [GMT 0:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Users\Jessica\Documents\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [<NO NAME>]
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [PCTools FGuard] c:\program files\spyware doctor\bdt\FGuard.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jessica\appdata\roaming\mozilla\firefox\profiles\gwzlnrw5.default\
FF - component: c:\program files\spyware doctor\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\jessica\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\spyware doctor\bdt\Firefox
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coFFPlgn
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-27 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-1 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-1 656320]
R0 SMR161;Symantec SMR Utility Service 1.6.1;c:\windows\system32\drivers\SMR161.SYS [2011-3-6 76920]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\symds.sys [2011-3-1 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\symefa.sys [2011-3-1 652336]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-7-1 7168]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110225.002\BHDrvx86.sys [2011-2-25 800376]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110303.001\IDSvix86.sys [2011-3-4 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys [2011-3-1 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys [2011-3-1 330360]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2011-3-1 247760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.5.0.125\ccsvchst.exe [2011-3-1 130000]
S2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2008-1-21 21504]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-2 102448]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-4 112128]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-23 27192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-27 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-27 1150936]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-06 20:14:23 76920 ----a-w- c:\windows\system32\drivers\SMR161.SYS
2011-03-06 20:14:23 20 ----a-w- c:\windows\system32\drivers\SMR161.dat
2011-03-06 19:41:48 54016 ----a-w- c:\windows\system32\drivers\nnqegqr.sys
2011-03-06 18:26:00 -------- d-----w- c:\users\jessica\appdata\local\NPE
2011-03-06 18:19:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 18:19:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-05 07:00:16 -------- d-----w- C:\NBRT
2011-03-01 19:36:36 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-01 19:36:36 -------- d-----w- c:\program files\Symantec
2011-03-01 19:36:36 -------- d-----w- c:\program files\common files\Symantec Shared
2011-03-01 19:36:23 652336 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symefa.sys
2011-03-01 19:36:23 509560 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\srtsp.sys
2011-03-01 19:36:23 50168 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\srtspx.sys
2011-03-01 19:36:23 340016 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symds.sys
2011-03-01 19:36:23 330360 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys
2011-03-01 19:36:23 295032 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symnets.sys
2011-03-01 19:36:23 136312 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys
2011-03-01 19:36:06 -------- d-----w- c:\windows\system32\drivers\nis\1205000.07D
2011-03-01 19:35:50 -------- d-----w- c:\windows\system32\drivers\NIS
2011-03-01 19:35:48 -------- d-----w- c:\program files\Norton Internet Security
2011-03-01 19:06:39 -------- d-----w- c:\program files\NortonInstaller
2011-03-01 18:17:10 767952 ----a-w- c:\windows\BDTSupport.dll
2011-03-01 18:17:09 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-03-01 18:17:09 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-03-01 18:17:09 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-03-01 18:16:42 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-03-01 18:16:42 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-02-23 13:51:23 -------- d-----w- c:\users\jessica\appdata\local\VS Revo Group
2011-02-23 13:51:02 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-02-23 13:50:55 -------- d-----w- c:\program files\VS Revo Group
2011-02-22 21:18:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-21 17:17:16 -------- d-----w- c:\windows\system32\eu-ES
2011-02-21 17:17:16 -------- d-----w- c:\windows\system32\ca-ES
2011-02-21 17:17:15 -------- d-----w- c:\windows\system32\vi-VN
.
==================== Find3M ====================
.
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
============= FINISH: 20:26:26.55 ===============

Attached Files


Edited by sweetiepie88448844, 06 March 2011 - 04:44 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:49 PM

Posted 13 March 2011 - 06:53 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:49 PM

Posted 03 April 2011 - 07:32 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users