-
Browsers deny access or send to wrong sites
(DDS Log at end of this post - and I've attached a zipped Attach.txt file)
My PC is infected! Aaaaargh. Its running slowly, takes long time to boot up and both Internet Explorer and Firefox take me to weird search pages when I use Google. They also block me from accessing this site, and others that seem to be associated with those good people who try and solve these problems (So, I'm sending this from a non-infected PC).
AVG first detected a problem. The Scan found about 41 problems, but couldn't deal with 4 of them (named alureon I think). I used curealureon.exe to try and deal with that. But it only seemed to find one alureon problem (plus quite a few "worms" that were apparently sitting in my external drive). Spybot didn't find anything, except cookie and adware type things - which it got rid of (unless they are back again!)
I've managed to disable TeaTimer and have backed up my registry (using ERUNT)
Hope someone can help as I'm really stuck. I'm far from being an expert, so be gentle!
Thanks
DDS (Ver_10-03-17.01) - NTFSx86
Run by John at 18:12:57.04 on 01/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3318.2716 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Malware May 10\dds.scr
============== Pseudo HJT Report ===============
uStart Page = https://login.yahoo.com/config/login....yahoo.com/%3f
uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by Redten
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: WebCGMHlprObj Class: {56b38f40-4e70-11d4-a076-0080ad86ba2f} - c:\windows\system32\cgmopenbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: EyeOnIE Class: {f081d70d-477f-11d9-95ec-004095356f63} - c:\progra~1\availa~1\asanti~1\AhBho.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [PowerBar]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} - hxxp://www.couponreport.net/ftp/v3123/csauie1.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103587301578
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178104577323
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222563451466&h=ab142d0f223045041e6febda072d1ee7/&filename=jinstall-6u7-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - file:///C:/Program%20Files/InterCAP/ActiveCGM/ActiveX/Acgm.cab
TCP: NameServer = 93.188.163.43,93.188.166.178
TCP: {965A2A8F-8291-4DB6-91B5-A4D1CBB65D9A} = 93.188.163.43,93.188.166.178
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: fnpipe - fnpipe.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\m3c04twn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quidco.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2008-10-4 40464]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2007-12-7 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-16 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-3-24 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-16 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
S2 gupdate1c9a8cd569b7d04;Google Update Service (gupdate1c9a8cd569b7d04);c:\program files\google\update\GoogleUpdate.exe [2009-3-19 133104]
S2 MSWU-a23c7763;MSWU-a23c7763;c:\windows\system32\a23c7763.exe --> c:\windows\system32\a23c7763.exe [?]
S2 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe --> c:\windows\system32\f36decbb.exe [?]
S2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\slingagentservice.exe --> c:\program files\sling media\slingagent\SlingAgentService.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 asfm;asfm;\??\c:\program files\availasoft\as anti-hacker\asfm.sys --> c:\program files\availasoft\as anti-hacker\asfm.sys [?]
S3 bfastfao;bfastfao;c:\docume~1\family\locals~1\temp\bfastfao.sys [2004-5-17 29696]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-12-21 17149]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
S3 Sling_Audio;SlingProjector Audio Device;c:\windows\system32\drivers\SlingAudio.sys [2009-4-30 19072]
S3 SlingAudioBusenum;Sling Audio Bus Enumerator;c:\windows\system32\drivers\SlingAudioBus.sys [2009-4-30 23168]
S3 STVqx5;Digital Blue QX5(tm) Microscope;c:\windows\system32\drivers\STVqx5.sys [2009-10-13 64512]
S3 STVqx5m;Digital Blue QX5(tm) Microscopem;c:\windows\system32\drivers\STVqx5m.sys [2009-10-13 6144]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2006-12-21 362944]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2005-7-28 88080]
=============== Created Last 30 ================
2010-06-01 17:06:20 0 dc----w- C:\Malware May 10
2010-05-31 19:49:11 25088 ----a-w- c:\windows\system32\fnpipe.dll
2010-05-27 15:04:16 823808 ----a-w- c:\windows\system32\drivers\djwsgvto.sys
2010-05-27 15:02:10 36532 ----a-w- c:\windows\system32\net.net
==================== Find3M ====================
2010-04-21 07:53:46 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-14 18:43:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 20:44:14 71220 ---ha-w- c:\windows\system32\mlfcache.dat
2007-12-07 02:48:20 604 ---ha-w- c:\program files\STLL Notifier
2004-10-01 21:00:16 40960 ------w- c:\program files\Uninstall_CDS.exe
2008-05-09 01:42:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050920080510\index.dat
============= FINISH: 18:20:34.79 ===============
-
Security Expert-Emeritus
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi wingreen and welcome to Safer Networking.
I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
- I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for this issue on this machine!
- The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Refrain from running self fixes as this will hinder the malware removal process.
- It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
- Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
SUPERAntiSpyware Advice:
CAUTION: SuperAntiSpyware comes with a programme called Bootsafe, do not for any reason use this programme, if used on an infected computer it could render it UNBOOTABLE.
Next:
What did you use to transfer the logs, a USB drive for example. If so can we format this prior to it being used again to transfer some tools or not?
Also what operating system is in use on the machine you used to post your topic please.
Last edited by Dakeyras; 2010-06-04 at 17:25.
Reason: Added further question.
Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
-
Thanks for your reply.
I was aware that using USBs etc. might be a problem - so I burnt the logs onto a CD, then put the CD in my (work) laptop and posted them from there. Using a USB would be easier I'm sure so, if there's a (safe) way to use an USB, I'm all for it (but you may have to advise me on any [re]formatting I'd need to do)
The machine I used to actually post the topic uses Windows Vista Enterprise.
The (work) laptop that I'm currently using to "communicate" over the internet is subject to certain security controls and its likely not to allow me to download any executable programs. If these might be needed, I can, if you prefer, communicate through another (non-infected) PC which I can arrange to connect to the internet.
Hope the above helps.
-
Security Expert-Emeritus
Hi.
You're welcome!
OK, actually using a CD is safer, in spite of the the precautions I could advise with regard to a USB drive. So use a CD for the following please.
Please download Rkill from one of the following links:-
One, Two, Three or Four.
Please download GMER Rootkit Scanner from here.
Next:
Transfer both applications to the desktop of your infected machine.
Scan with Rkill:
Note: If your security software warns about Rkill, please ignore and allow to continue.
- Double click on Rkill.
- A command window will open then disappear upon completion, this is normal.
- Please leave Rkill on the Desktop until otherwise advised.
Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt.
Scan with GMER:
- Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
- Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.
When completed the above, please post back the following in the order asked for:
- How is your computer performing now, any further symptoms and or problems encountered?
- Rkill Log.
- GMER Log.
Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
-
Damn - I think I messed it up!
Did as you said and put RKill and GMER on desktop.
Ran Rkill. (Haven't got the log - see later for why!) but it was a very short one - from memory it "came up" with nothing.
Then ran GMER and did as instructed and it started running. Then I noticed that Notepad (left over from Rkill) was running in background and, having seen your note saying "Do not run any programs while Gmer running", I thought I better close it, stop Gmer and start again. Trouble is everything seemed so slow - couldn't get it to respond. Tried Ctrl+Alt+Del - still nothing. So I waited even longer. Finally managed to close notepad and, after another long wait, got "access" to Gmer - which I closed down using the X box in the window.
Double clicked on GMer again to start it - but just got the eggtimer - this went on for ages - so I shut down computer (!?), using power button.
Started computer again and its just stuck! Hard drive light has been on for couple hours but it won't start in Windows or even Safe Mode. Its just stuck!
Aaaaargh! What have I done?!
-
UPDATE!
Just managed to get keyboard to select the Safe Mode - it started doing the safe mode "boot" but now its just stuck with a screen listing load of path names (to system ,drivers etc.) - the sort you get when Safe Mode starts up. But that's it. Stuck again. Hard disk light still glowing like mad. Scared to power it off again - but not sure its right to leave it like that for hours
-
Not sure if this is helpful or not - but the last line (where Safe Mode has stuck) ends in windows\system32\DRIVERS\isapnp.sys
(Apologies if adding info before you've had chance to reply is messing things up)
(PS: Still stuck!)
-
Security Expert-Emeritus
Hi.
No problem what you mentioned these things happen............If I do mange to remove the malware from your machine some serious system maintenance will be in order but we can address such in due course.
OK you are going to have to perform a cold shut down with your machine, not good but the only viable option in this scenario. Hold down your computers power on/switch on button until the machine is powered down completely.
If the need merely disconnect from the mains.
Reboot into Safe Mode:
How to boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.
If any problems refer to this tutorial.
Next:
In Safe Mode when the Windows Advanced Options menu appears use the Arrow(On the number pad part of the keyboard)keys to select Last Known Good Configuration (your most recent settings that worked), and then press the Enter/Return key.
Also do you have a Genuine Windows XP CD-ROM or can borrow one from a family member/friend at all if the need arises?
Let myself know the outcome before we proceed further please.
Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
-
Phew.
OK, did that (chose Last known.....) - and its taken me to a screen where I have to choose between
Windows XP Media Center Edition
or
Safe Mode
(it has Last Known Good Configuration in ble at bottom of screen)
-
Security Expert-Emeritus
Hi.
Choose Last Known Good Configuration and let your machine boot up as normal.
Have you got a Genuine Windows XP CD-ROM or not if we need it? This you can inform myself about in your next reply when you post the logs requested.
Once booted up run Rkill, do not worry about the log, close down the notepad file for it. So you can post the log for myself to review it can be found here:-
C:\rkill.txt.
Next:
Re-run GMER again as outlined here.
When completed the above post the logs requested and or let myself know if any further problems encountered, thank you.
Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules