Have run twice now & still getting the same text file.
Did have virtumonde and used combofix then. Also directed from this forum
Have run twice now & still getting the same text file.
Did have virtumonde and used combofix then. Also directed from this forum
Hi,
I still can't believe that result was generated after running my fixes.bat. Let's create another one.
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
dir /s/a c:\boot.ini >Log.txt
START Log.txt
DEL %0
Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
OK
This is the new file
Volume in drive C has no label.
Volume Serial Number is 78F1-6AAC
Directory of c:\
25/02/2006 14:58 209 boot.ini
1 File(s) 209 bytes
Total Files Listed:
1 File(s) 209 bytes
0 Dir(s) 100,091,961,344 bytes free
Good. That went as planned. Let's see if we can now get the results I expected to see earlier
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
type c:\boot.ini >Log.txt
START Log.txt
DEL %0
Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
hi again
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
hope this is what you expected
Yes, that's correct one
Now, please copy Inherit.exe file to c:\windows\system32 folder. Then goto that folder and drag'n'drop attrib.exe file there to Inherit file. After that, run ComboFix again and allow it to install recovery console. Post back the resultant log after ComboFix has finished.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
had to run combofix twice.
First time hung at preparing log file - left for 20mins nothing so forced a re-boot & ran again. 2nd time noticed AOL scan loading cancelled program and log file created.
ComboFix 09-11-22.02 - Shirley King 22/11/2009 23:15.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.604 [GMT 0:00]
Running from: c:\documents and settings\Shirley King\Desktop\ComboFix.exe
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\SHIRLE~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Shirley King\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
.
---- Previous Run -------
.
c:\docume~1\SHIRLE~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Shirley King\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
.
((((((((((((((((((((((((( Files Created from 2009-10-22 to 2009-11-22 )))))))))))))))))))))))))))))))
.
2009-11-22 23:14 . 2009-11-22 23:14 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2009-11-22 22:11 . 2009-11-22 15:34 85504 ----a-w- c:\windows\system32\Inherit.exe
2009-11-22 15:37 . 2009-11-22 15:34 85504 ----a-w- c:\program files\Inherit.exe
2009-11-22 13:05 . 2009-11-22 13:15 -------- d-----w- c:\documents and settings\Shirley King\Application Data\Virgin Broadband
2009-11-21 13:07 . 2009-11-21 13:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-05 23:15 . 2008-11-26 15:19 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2009-11-05 23:15 . 2008-08-06 21:20 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2009-11-05 23:15 . 2008-08-28 13:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\program files\Raxco
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-11-05 23:12 . 2009-11-22 15:38 -------- d-----w- c:\program files\Virgin Broadband
2009-11-05 20:04 . 2009-11-22 22:50 4592928 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-05 19:46 . 2009-11-22 22:50 120096 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-05 19:14 . 2009-11-05 23:17 -------- d-----w- c:\documents and settings\Nick Parker\Application Data\Virgin Broadband
2009-11-05 19:14 . 2009-11-05 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-11-03 17:17 . 2009-11-03 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-03 17:16 . 2009-11-03 17:16 -------- d-----w- c:\program files\Common Files\iS3
2009-11-03 17:16 . 2009-11-03 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-03 15:31 . 2009-11-03 15:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-11-03 13:03 . 2009-11-21 18:03 0 ----a-w- c:\windows\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 16:58 . 2009-11-05 20:04 60992 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-22 16:58 . 2009-11-05 19:46 12632 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-22 16:24 . 2008-11-22 22:01 -------- d-----w- c:\program files\World of Warcraft Trial
2009-11-22 16:22 . 2009-09-12 17:23 -------- d-----w- c:\program files\QuickTime
2009-11-22 16:22 . 2006-02-26 18:49 -------- d-----w- c:\program files\Palm
2009-11-22 16:22 . 2006-02-20 23:24 -------- d-----w- c:\program files\Modem Helper
2009-11-22 16:22 . 2006-02-20 23:24 -------- d-----w- c:\program files\Dell
2009-11-22 16:21 . 2006-02-20 23:31 -------- d-----w- c:\program files\Common Files\aolshare
2009-11-22 16:21 . 2006-02-20 23:30 -------- d-----w- c:\program files\Common Files\AOL
2009-11-22 16:21 . 2006-02-20 23:31 -------- d-----w- c:\program files\AOL 9.0
2009-11-05 23:13 . 2006-02-20 23:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-05 20:11 . 2006-02-20 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-05 20:11 . 2006-02-20 23:33 -------- d-----w- c:\program files\McAfee
2009-11-05 20:10 . 2006-02-20 23:32 -------- d-----w- c:\program files\McAfee.com
2009-11-04 19:47 . 2007-06-30 19:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 19:43 . 2007-06-30 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-03 17:18 . 2009-11-03 17:18 384 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-03 15:43 . 2008-08-03 09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 20:43 . 2008-10-05 13:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-03 16:36 . 2009-10-03 16:34 -------- d-----w- c:\program files\iTunes
2009-10-03 16:34 . 2009-10-03 16:34 -------- d-----w- c:\program files\iPod
2009-10-03 16:34 . 2009-06-20 18:19 -------- d-----w- c:\program files\Common Files\Apple
2009-10-03 16:27 . 2009-10-03 16:27 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-11 14:18 . 2005-08-16 04:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 . 2008-08-03 09:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 . 2008-08-03 09:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 16:11 . 2006-02-25 16:32 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-04 21:03 . 2005-08-16 04:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2005-08-16 04:18 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2005-08-16 04:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2005-08-16 04:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 18:42 . 2009-06-20 18:19 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-06-20 18:19 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2005-08-16 04:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2006-10-10 21:13 . 2006-10-10 21:13 100448 ----a-w- c:\program files\MC
2007-12-22 15:43 . 2006-02-25 16:53 56 --sh--r- c:\windows\system32\8731209D39.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-22_13.40.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-22 23:11 . 2009-11-22 23:11 16384 c:\windows\Temp\Perflib_Perfdata_9d0.dat
- 2007-03-04 13:04 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2007-03-04 13:04 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2005-08-16 04:27 . 2009-11-22 17:46 201736 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 04:27 . 2009-06-10 15:54 201736 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 04:18 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2008-10-18 07:42 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"V Stuff Backup"="c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2009-08-14 9102608]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
"RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-11-07 172032]
"HostManager"="c:\program files\Common Files\AOL\1183232413\ee\AOLSoftware.exe" [2006-11-17 50736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2005-05-19 1345520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Nick Parker\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\Palm\register.exe [2006-2-26 2367488]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-2-20 156784]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2007-10-20 303104]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-3-2 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-3-2 106496]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Documents and Settings\\Shirley King\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire Demo\\base\\bin\\Settlers6Demo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [22/09/2008 16:58 693512]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\Virgin Broadband\PCguard\SafeConnect\bin\SanaAgent.exe [14/11/2008 18:28 4937752]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [14/11/2008 18:28 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [14/11/2008 18:28 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [14/11/2008 18:28 27376]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [22/09/2008 16:58 910600]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [27/05/2009 13:10 170736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
2009-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate Page into English
FF - ProfilePath - c:\documents and settings\Shirley King\Application Data\Mozilla\Firefox\Profiles\8rr57ers.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
AddRemove-MAGIX Movie Edit Pro 2005 - c:\magix\Movie_Edit_Pro_2005\instslct.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 23:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-11-22 23:35
ComboFix-quarantined-files.txt 2009-11-22 23:34
ComboFix2.txt 2009-11-22 13:49
ComboFix3.txt 2008-08-03 12:37
Pre-Run: 100,058,783,744 bytes free
Post-Run: 100,012,449,792 bytes free
- - End Of File - - E453E897F1A75B84DD4E917A1C3323DE
I still have a problem with Spybot not running. It stoped at the same time as the first issue with the "cannot access" error message. I have tried to re-install and the install process has a problem with the spybot.exe marked as read only. Ignoring the file allow set-up to complete but fails at the ens with a Code 5 Create Process failed.
I do have anti spy ware with PC guard but have always used and liked spybot.
this appears to be the only item still not working
Thanks
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
Code:Rootkit:: c:\windows\win32k.sys
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.
Uninstall Macromedia Flash Player.
Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6 Update 17.
- Click the
Download
button to the right.- Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Drag'n'drop c:\program files\Spybot - Search & Destroy folder on Inherit file, please. See if that helps.I still have a problem with Spybot not running. It stoped at the same time as the first issue with the "cannot access" error message. I have tried to re-install and the install process has a problem with the spybot.exe marked as read only. Ignoring the file allow set-up to complete but fails at the ens with a Code 5 Create Process failed.
Last edited by Blade81; 2009-11-23 at 06:57.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.