-
Here's the combofix log...
"HP_Owner" - 2007-05-08 15:18:44 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\HP_Owner\Desktop\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\hthqbymg.dll
C:\WINDOWS\system32\iopsaybc.dll
C:\WINDOWS\system32\lmimfpse.dll
C:\WINDOWS\system32\newyafvi.dll
C:\WINDOWS\system32\vkpngrdp.dll
C:\WINDOWS\system32\vskwqatj.dll
C:\WINDOWS\system32\vsuuuvvm.dll
C:\WINDOWS\system32\wtqcruyg.dll
C:\WINDOWS\system32\ylswsgtq.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\install.log
C:\install.log
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))
2007-05-08 08:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-08 00:38 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-05-08 00:13 <DIR> d-------- C:\VundoFix Backups
2007-05-03 16:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-03 11:58 <DIR> d-------- C:\hijackthis
2007-05-03 09:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-02 19:45 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-02 19:41 <DIR> d-------- C:\DOCUME~1\HP_Owner\.housecall6.6
2007-04-25 23:11 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\IMVU
2007-04-25 23:10 <DIR> d-------- C:\Program Files\IMVU
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2093-07-27 04:55:01 60,728 ----a-w C:\WINDOWS\hpwins03.dat
2093-07-27 04:54:27 -------- d-----w C:\Program Files\HP
2007-05-08 12:47:49 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-07 23:59:22 15,502 ----a-w C:\DOCUME~1\HP_Owner\APPLIC~1\wklnhst.dat
2007-05-02 03:50:57 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\FUJIFILM
2007-04-24 05:10:08 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Canon
2007-04-17 17:50:55 -------- d-----w C:\Program Files\GetRight
2007-04-03 03:11:22 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Azureus
2007-04-02 22:59:26 -------- d-----w C:\Program Files\SystemRequirementsLab
2007-04-02 22:59:26 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\SystemRequirementsLab
2007-04-02 16:25:33 -------- d-----w C:\Program Files\KONAMI
2007-04-02 16:25:32 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-02 06:07:40 -------- d-----w C:\Program Files\Rockstar Games
2007-04-02 05:58:02 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-02 04:23:00 -------- d-----w C:\Program Files\PowerISO
2007-04-01 17:41:31 -------- d-----w C:\Program Files\Metal Gear Solid
2007-03-29 13:56:50 -------- d-----w C:\Program Files\Funcom
2007-03-29 13:17:40 -------- d-----w C:\Program Files\TLJ
2007-03-28 20:37:22 -------- d-----w C:\Program Files\MagicISO
2007-03-28 17:53:50 -------- d-----w C:\Program Files\DAEMON Tools
2007-03-28 17:45:00 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-03-28 17:05:33 -------- d-----w C:\Program Files\Alcohol Soft
2007-03-28 16:39:34 -------- d-----w C:\Program Files\Smart Projects
2007-03-26 20:24:14 -------- d-----w C:\Program Files\Azureus
2007-03-21 11:20:02 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\BitTorrent
2007-03-20 18:28:05 -------- d-----w C:\Program Files\ScummVM
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-12 20:34:23 -------- d-----w C:\Program Files\XBCD
2007-03-12 20:03:00 -------- d-----w C:\Program Files\Microsoft Xbox 360 Accessories
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-20 21:43:54 68,888 ----a-w C:\WINDOWS\system32\xinput1_3.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
"{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}"="C:\Program Files\Norton AntiVirus\NavShExt.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"My Web Search Bar Search Scope Monitor"="\"C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\m3SrchMn.exe\" /m=0"
"XboxStat"="\"c:\\Program Files\\Microsoft Xbox 360 Accessories\\XboxStat.exe\" silentrun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"igndlm.exe"="C:\\Program Files\\IGN\\Download Manager\\DLM.exe /windowsstart /startifwork"
"Pinnacle Game Profiler"="\"C:\\Program Files\\KALiNKOsoft\\Pinnacle Game Profiler\\pinnacle.exe\" -atboottime"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe gamma loader.lnk
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe reader speed launch.lnk
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^autostart ir.lnk
C:\PROGRA~1\WinTV\Ir.exe /QUIET
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^hp digital imaging monitor.lnk
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^logitech desktop messenger.lnk
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^netassistant.lnk
C:\PROGRA~1\NETASS~1\bin\matcli.exe -boot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^spysubtract.lnk
C:\PROGRA~1\INTERM~1\SPYSUB~1\sslaunch.exe -autostart
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^hp_owner^start menu^programs^startup^bittorrent.lnk
C:\PROGRA~1\BITTOR~1\BITTOR~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\agrsmmsg
AGRSMMSG.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim
C:\Program Files\AIM\aim.exe -cnetwait.odl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcxmonitor
ALCXMNTR.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccapp
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotkeyscmds
C:\WINDOWS\system32\hkcmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hphmon06
C:\WINDOWS\system32\hphmon06.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hphupd06
c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv
c:\windows\system\hpsysdrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpwutoolbox
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray
C:\WINDOWS\system32\igfxtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
"C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kbd
C:\HP\KBD\KBD.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldm
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechsoftwareupdate
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechvideorepair
C:\Program Files\Logitech\Video\ISStart.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechvideotray
C:\Program Files\Logitech\Video\LogiTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsbwatcher
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lvcomsx
C:\WINDOWS\system32\LVCOMSX.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\motive smartbridge
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerocheck
C:\WINDOWS\system32\NeroCheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter
RunDLL32.exe NvMCTray.dll,NvTaskbarInit
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
nwiz.exe /install
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\opwarese2
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ps2
C:\WINDOWS\system32\ps2.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\recguard
C:\WINDOWS\SMINST\RECGUARD.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regshave
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\urllstck.exe
c:\Program Files\Norton Internet Security\UrlLstCk.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viewmgr
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viewpointphotosdeviceconnect
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yahoo! pager
"C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
Shell\AutoRun\command L:\MGS2SSetup.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
Shell\AutoRun\command D:\setup.exe
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070508-090006-648
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.169
backup-20070508-090006-569
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zang...e46115b5703919
backup-20070508-090006-497
O17 - HKLM\System\CCS\Services\Tcpip\..\{D080EB38-E298-4FB6-8DE4-E98BF3E3DA02}: NameServer = 85.255.113.122,85.255.112.169
backup-20070508-090006-256
O17 - HKLM\System\CCS\Services\Tcpip\..\{964229AD-5E57-4501-B4D8-BFE698190100}: NameServer = 85.255.113.122,85.255.112.169
backup-20070508-090006-826
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B41F12B-ADE9-454C-93F7-23CC545BA979}: NameServer = 85.255.113.122,85.255.112.169
backup-20070508-090005-794
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
backup-20070508-090005-912
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20070508-090005-179
O15 - Trusted Zone: http://locator.cdn.imageservr.com
backup-20070508-090005-378
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
backup-20070508-090005-399
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\ilnsxety.dll",realset
backup-20070508-090005-557
O2 - BHO: (no name) - {0805E331-F6AF-454C-B679-15974247B531} - C:\WINDOWS\system\bdsa.dll (file missing)
backup-20070508-090005-225
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20070506-103003-350
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
backup-20070506-102747-883
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
backup-20070506-102655-919
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
backup-20070506-102626-888
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
backup-20070506-102429-157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
backup-20070506-102429-999
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
backup-20070506-102428-593
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 15:30:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-08 15:36:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-08 15:36
-
You asked how the computer was doing... Well, the sites that I had noticed were previously blocked by porn ads and stuff are working now so that's a big plus. Let me try out IE and I'll post back if it works because even after the Vundofix, ATFCleaner, and AVG scans it was still messed up. Now that I ran the combofix scan I'll check. Also, Combofix also gave me back log of quaratined files... Did you want me to post those as well?
-
Nope IE is still messed up. It opens and stays minimized. No matter how I open it. I have IE6 on right now, but I tried upgrading to IE7 because I thought it was just a corrupt file in the IE files. But installing, re-installing, and going back to lower versions hasn't fixed the problem. Is this a possible virus too? I use Firefox, so normally I wouldn't too worried but this same thing happens to notepad and MSN Messenger. Pretty much any programs depending on IE will do that.
-
Hello :)
Ok no need for that other combo log...
We'll do some more scanning...
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Archives
Scan Mail Bases
- Click OK
- Now under select a target to scan:
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
:bigthumb:
-
I can do the scan. I'm using Firefox. I can't use IE and says it only works with IE 5+. When I agree to the agreement and click OK, it doesn't do a thing.
-
That should say I CAN'T do the scan, sorry.
-
OK please try this scan instead:
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
- Restart your computer
- Start tapping the F8 key when the computer restarts.
- When the start menu opens, choose Safe mode
- Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt - Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, you should now mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/m...ages/check.gif
- If so, click it and then click the next icon right below and select Move incurable
- After the scan, in the menu, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot the computer in Normal Mode,
- Post the Cure-it report and a fresh HijackThis log
:bigthumb:
-
This topic has been moved to archives to prevent others with similar issues posting to it.
If you need the thread re-opened, please send me a private message (pm) and provide a link.
Applies only to the original poster, anyone else with similar problems please start your own topic.