Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Posting My Log And Praying For Help


  • This topic is locked This topic is locked
16 replies to this topic

#1 passerotto

passerotto

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 05 October 2006 - 07:57 AM

Hello all and hope you can be of some help.

I have a laptop with a critical virus problem and am really worried I have lost all my data as a result of a virus.

Yesterday my machine started acting strangely. randomly closing applications, browsers etc. thinking I had somehow stalled some system file, I thought to reboot. wen I did, it put me in a repeat cycle where all I would get is the do you want to start in safe mode etc., screens. this went on for two hours when i finally thought to reinstall Windows XP Home *I had been running the XP Professional but I have those disks back in the states, not here in Italy where I am working.

Got that up and running but could not see any of my old applications *MSOffice 2003( iTunes, Skype, Photoshop, everything gone.

Went to the office and reinstalled XP professional and still no sign of my missing files, photos, music or applications.

Also my system resources now tell me I have 55.8 gigs when this is a 30 gig laptop.

Thinking something was afoot, I tried to access all the standard antivirus sites *blocked*, Microsoft support *blocked* and then managed to download AVG which keeps blinking the same virus warnings over and over again and Kamisky which found 2 things and says it is clean, but all virus sites are still blocked and still no sign of my missing files.

Hoping you can help as I really have a lot of important work that I was midstream on and losing all the data will kill me.

Free dinner in Rome for anyone that can help!

Hijack log posted below....ps. i installed the second version of windows into windows 2....didnt want to delet anything as i was afraid i would lose my my documents folder in the overwrite.

Logfile of HijackThis v1.99.1
Scan saved at 14.32.19, on 06/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Hcontrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS2\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS2\ATKOSD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fastweb.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS2\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS2\Hcontrol.exe
O4 - HKLM\..\Run: [WINTASK] taskgmr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareBot] C:\Programmi\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [kis] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\RunServices: [WINTASK] taskgmr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS2\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WINTASK] taskgmr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Aggiungi a Kaspersky Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS2\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS2\web\related.htm
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS2\System32\klogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 05 October 2006 - 11:02 AM

Hello passerotto, and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Please take note of the following:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 06 October 2006 - 04:55 AM

Hello passerotto, sorry for the delay in getting back to you.

======

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#4 passerotto

passerotto
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 06 October 2006 - 06:10 AM

Charles:

Thanks for your help and I am awaiting your advice. I will gladly reformat if that will solve everything, even if at first I would like to kow if there are any of my doc files still on my machine (I am a writer and losing 3 years of work is heartbreaking even if I should have known better and saved everything to back-up.

If you think you can clean my machine remotely I am all for it. The strange thing is it seems to think the hard drive is bigger than it really is. That is what leads me to think there may be some hope that my files are still there, that I just cannot see them.

Hoping wishing and praying.

--lynda

#5 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 06 October 2006 - 06:58 AM

Have you tried searching for these files? Maybe you saved them in a different place or something...
Although I can get rid of the infections I can see on your computer, like I said, this is not a guaranteed way to get rid of these viruses/trojans. The infection you have enables the trojan to do the following:
-Allows others to access the computer
-Forges the sender's email address
-Uses its own emailing engine
-Installs itself in the Registry
-Exploits system or software vulnerabilities
This could mean that someone has remotely deleted these files, if you can't find them.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#6 passerotto

passerotto
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 06 October 2006 - 07:42 AM

Yes, I have searched.....they were there immeditely before the circle loop black screen reboot so I don't think anyone had time to remove them......perhaps when i reistalled the OS this caused this, but I didn't say reformat so I am skepticle that this is the problem. Especially since all these other programs disappeared too, skype, MS Office, Photoshop etc? but maybe if they are gone, I did reformat accidently. anyway, its just strange that it seems to be reading a bigger hard drive than what i actually have.

ok how do you suggest we start? most of the antivirus sites are blocked though i am running a Panda scan now and seem to have a wobbly AVG and Kaspersky trying to dig out a few things.

ready for suggestions...

#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 06 October 2006 - 10:44 AM

Hello passerotto, sorry for the delay in getting back to you.

======

Before we start with the fix, I see that you are using an unpatched version of Windows. We can help you, but first you need to help us.
Any reason why your windows isn't up to date? You don't have even ServicePack1 installed!
Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems.
Please visit http://www.download.com/Windows-XP-Service...ml?tag=lst-0-19 and update to Service Pack 1. Without this update, you're wide open to re-infection, and we're both just wasting our time.
When your system is clean afterwards, then update to SP2, because updating to SP2 CAN cause problems as long as you are infected.

======

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both software products attempting to access the same file at the same time.
Therefore please go to Add/Remove in the Control Panel and remove either AVG or Kaspersky.

The choice on which one to remove is, of course, completely up to you, but I will give you some help as to which one to choose. If you are using the paid version of Kaspersky, I'd recommend keeping this one, and getting rid of AVG, as, in my opinion, Kaspersky is much better. However, if you are only using the trial-version of Kaspersky, this will run out soon, so I'd keep AVG. This is just my advice; the decision is up to you.

======

Post back with a new HijackThis log, and let me know how the update to SP1 went.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#8 passerotto

passerotto
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 06 October 2006 - 11:20 AM

OK...first things first. The reason I haven't updated is that the virus seems to be blocking all Microsoft sites and I used only the original disks which are already a bit outdated. I tried to access the service pack you recommended but the site tells me there is a language conflict. (My OS is in Italian). Do you know a non MS site where I can find the service pack in Italian?

Will go remove AVG now and report back with the hijack log

#9 passerotto

passerotto
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 06 October 2006 - 11:47 AM

OK found SP1a in italian...completing now.

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 06 October 2006 - 11:49 AM

Hello,

Please download Hoster from here
Unzip Hoster.zip
Open Hoster.exe
Then click on "Restore Original Hosts"
Close program when complete.

======

I've been talking to others about this, and apparently if you have an Italian localised Operating System, it will go to the Italian Windows Update installation if you go to Windows Updates via the Start Menu. You will then be able to select what updates to install while you're there, please make sure you only download SP1, as installing Service Pack 2 on an infected system can cause some problems.

======

Let me know if this makes it any better, and post back with the new HJT log,
Thanks,
Charles

Edited by rookie147, 06 October 2006 - 11:49 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 passerotto

passerotto
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 06 October 2006 - 12:25 PM

Tried the method your colleagues mentioned but it directs to MS sites that are blocked. Found the SP1a on another tech site and downloaded and installed.

Here is my new Hijack log and many thanks for all your efforts. If I do not respond right away to your next suggestion please forgive me. I have a meeting outside the city and it may be as late as monday before I return, (though I will try to work on this in between the conference).

Grazie!

Logfile of HijackThis v1.99.1
Scan saved at 19.20.10, on 07/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Explorer.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\System32\msiexec.exe
C:\WINDOWS2\Hcontrol.exe
C:\WINDOWS2\ATKOSD.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS2\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Hijack This\HijackThis.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fastweb.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS2\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS2\Hcontrol.exe
O4 - HKLM\..\Run: [WINTASK] taskgmr.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Programmi\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [kis] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunServices: [WINTASK] taskgmr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS2\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WINTASK] taskgmr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Aggiungi a Kaspersky Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS2\System32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS2\System32\HPZipm12.exe

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 07 October 2006 - 11:44 AM

Hey passerotto, great job in finding the SP1 update!

======

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible, especially whilst in Safe Mode (you can't use the Internet)

======

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

SpywareBot
This is a rogue anti-spyware program. Instead of removing spyware like it claims to do, it adds more to your system.

Remember that these may require you to reboot your computer to complete the uninstallation- just let them.

======

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O4 - HKLM\..\Run: [WINTASK] taskgmr.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Programmi\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\RunServices: [WINTASK] taskgmr.exe
O4 - HKCU\..\Run: [WINTASK] taskgmr.exe


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

======

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

======

Now, please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list.

======

Next, please find and delete the following files/folders (if present):

C:\Programmi\SpywareBot <--This folder

======

We need to do a search for some files. Navigate to:
Start | Search | For Files and Folders.
Expand Search Options, check Advanced Options, check Search system folders, Search hidden files and folders, and Search Subfolders.
Paste this into the Search for files and folders named box:

taskgmr.exe <--Please make sure you copy and paste this correctly!

If you find any examples of this file, please remove it.

======

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
======

Reboot into Normal Mode.

======

Please post back with the following:
-AVG log
-New HijackThis log

Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 passerotto

passerotto
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 10 October 2006 - 04:23 AM

Charles:

Sorry for the slow reply....using this machine is really difficult. I have started your process but hit several brick walls along the way. Need some advice from you before continuing as I am afraid what I cannot do will only creat more damage.

I am going through the steps you posted and responding with details to each one below.

======

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible, especially whilst in Safe Mode (you can't use the Internet)


Done

======

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

SpywareBot


Not listed


This is a rogue anti-spyware program. Instead of removing spyware like it claims to do, it adds more to your system.

Remember that these may require you to reboot your computer to complete the uninstallation- just let them.

======

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O4 - HKLM\..\Run: [WINTASK] taskgmr.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Programmi\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\RunServices: [WINTASK] taskgmr.exe
O4 - HKCU\..\Run: [WINTASK] taskgmr.exe


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.


Did this, removed all four entries.
======

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

I did this, even if earlier you asked me to remove this application.


http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.

    Done
  • On the main screen under Your Computer's security. [list]
  • Click on Change state next to Resident shield. It should now change to inactive.

    This field is not changeable on this version and is marked n/a
  • Click on Change state next to Automatic updates. It should now change to inactive.

    This field is not changeable on this version and is marked n/a
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)

    Done
  • Wait until you see the Update succesfull message.
[*]Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.

This field isn't highlighted and at this point I stopped process to await further instructions from you......not sure if going to the next steps with all these previous steps undone is what I should be doing. will await your advice.

Thanks--

Lynda

Edited by passerotto, 10 October 2006 - 04:29 AM.


#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 10 October 2006 - 12:05 PM

Hey Lynda,
Don't worry about any of the problems you've had, they're not major ones...

SpywareBot


Not listed

This doesn't really matter, I was just wondering if we could remove it the easy way, as opposed to deleting it's folder. :thumbsup:

Did this, removed all four entries.

Good.

I did this, even if earlier you asked me to remove this application.

I think you're getting confused here. What I asked you to get rid of before was an antivirus, and now I'm having you download an antispyware program. Basically, the latter is just a scanner and remover of malware, whereas an antivirus constantly monitors what you do to keep you safe. They are different programs altogether. :flowers:

This field isn't highlighted and at this point I stopped process to await further instructions from you......not sure if going to the next steps with all these previous steps undone is what I should be doing. will await your advice.

Okay, just carry on with the next steps and post me back the logs I requested,
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 passerotto

passerotto
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 16 October 2006 - 07:10 AM

ok...i am really scared to follow all the old instructions all at one time as it is many steps and several of them seem to be complex and I do not know if I can manage them. I am going to try and get my brother to help me go through your steps as he is better at this than i am. please be patient with me and i will post a log back as soon as i can.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users