21 replies to this topic

[sapna_chavda]

Hello,

As you so kindly helped me out previously, i am again seeking your help. (by the way, i've been telling everyone about this site and MalwareBytes - you guys are amazing and deserve recognition!)

Anyways, having problems with my laptop, have run MalwareBytes and have attached the log (i couldn't post the log because it was too big!)

Please please can someone have a look, and help me out - I would really really appreciate it

Many many thanks
Sapna

Attached Files

•  mbam_log_2009_09_06__15_25_56_.txt   202.91K   11 downloads

[AdvancedSetup]

Please restart your computer and check for MBAM updates and run a NEW Quick Scan and post back that log.

[sapna_chavda]

Hi,

Could prove difficult, as at the moment can't get on internet with the laptop!

Would it work if i used another laptop, updated malwarebytes, then burned on disc and loaded onto the infected laptop, and re-ran the scan?

Thanks.

[AdvancedSetup]

Yes you can do that.
Update MBAM from another computer and copy this file to the infected computer.

The location of the file for updates is:
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
You just need to copy the rules.ref file to the infected computer and run a new Quick Scan.

You may want to try the following to see if you can correct the network not working.

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH FIREWALL RESET

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH int ip reset c:\resetlog.txt

[AdvancedSetup]

Please post a status update.

Thanks.

[AdvancedSetup]

Are you still with us?

[sapna_chavda]

Hi there, sorry been away from home - gonna try the above and come back to you!! thank so much! )

[sapna_chavda]

OK, so this is not going very well...

I first tried to do the resets in RUN so that I am able to just update MB from the infected laptop, but it doesn't work. I have a connection but no pages load up.

So i updated MB on clean laptop, copied onto disc and tried to run it on infected, but for some reason it won't let me run it.

Also, i'm unsure what you mean by copying the rules.ref?? I can't find it in the MB file?

I don't know if i'm being really stupid!?!?!?!
Thanks again for your time and help.

[AdvancedSetup]

Please see option 4 here: http://www.malwareby...showtopic=10138
That should show you where to get the rules.ref file. You might have to unhide folders to see it though.


Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:

* Close all programs so that you are at your desktop.
* Double-click on the My Computer icon.
* Select the Tools menu and click Folder Options.
* After the new window appears select the View tab.
* Put a checkmark in the checkbox labeled Display the contents of system folders.
* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
* Remove the checkmark from the checkbox labeled Hide protected operating system files.
* Press the Apply button and then the OK button and exit My Computer.
* Now your computer is configured to show all hidden files.



There are some other ideas and methods to help you get the scanner running in that FAQ.
You might need to try to rename MBAM.EXE to MBAM.COM or something like that. Try that and let me know how it goes and what issues or errors you run into and we'll go from there.

[sapna_chavda]

Hi there,

Ok, so i tried to unhide files on my uninfected laptop (which runs on Vista) and it still won't show me the rules.ref file that i need.
(I tried it on the infected laptop [which runs on XP] and it shows the rules.ref file - but obviously it's not the updated version!!)

I tried point 8, just to make sure, and the infected laptop still does not load up any pages.

Is there any other way I can get the rules.ref to show on the uninfected laptop, so I can burn it on CD and run it on the other laptop? The scan works but obviously its running on an older version of MB and I need to update it to post you the correct log!

Thanks.

[AdvancedSetup]

Please try to burn this to a CD and then copy it to the infected computer and run it.


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
    
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
  
• Please do not rename Combofix to other names, but only to the one indicated.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
    
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
  
• When finished, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

If you still cannot get this to run, try booting into Safe Mode, and run it there.

To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."

If this doesn't work either, try the same method (above method), but name Combofix.exe to iexplore.exe instead, or winlogon.exe..
This because It also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe...

[AdvancedSetup]

Please post a status update on this.

Thanks.

[sapna_chavda]

Hi,

Started to try this yesterday - came across a few problems.
Am going to attempt again tonight, and will come back to you a little later this evening.

Thanks and kind regards
Sapna

[sapna_chavda]

hello,

I burnt MB on to disc, placed it in the infected laptop, and tried to run it. But it won't let me!

Can I/Should I run ComboFix without having run MB?

Thanks.

[sapna_chavda]

Oh no...scrap the above!!

I removed AVG from the infected laptop, and am able to now get on the internet with it...yay!!!
SO, I am currently running a scan, once complete i will post the log.

Should I also run ComboFix?

Thanks!!

[sapna_chavda]

sorry, another question...I've re-read above, and understand to run ComboFix too.

can you please clarify if i by a new hijackthis log", you mean i should start a new thread or just carry on here??

Many thanks!

[sapna_chavda]

Ok...i've run the scans and both are attached.

many thanks for your help!!

MalwareBytes Log:

Malwarebytes' Anti-Malware 1.41
Database version: 2796
Windows 5.1.2600 Service Pack 2

14/09/2009 19:17:07
mbam-log-2009-09-14 (19-17-07).txt

Scan type: Quick Scan
Objects scanned: 108386
Time elapsed: 9 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ComboFix Log:

ComboFix 09-09-14.01 - Martina Kane 14/09/2009 19:29.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.159 [GMT 1:00]
Running from: c:\documents and settings\Martina Kane\Desktop\Combo-Fix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Martina Kane\Application Data\WeatherDPA
c:\documents and settings\Martina Kane\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\documents and settings\Martina Kane\Desktop\Download programs.url
c:\documents and settings\Martina Kane\Desktop\Games.url
c:\documents and settings\Martina Kane\Desktop\Translator.url
c:\documents and settings\Martina Kane\Desktop\Videos.url
c:\documents and settings\Martina Kane\Favorites\Download programs.url
c:\documents and settings\Martina Kane\Favorites\Games.url
c:\documents and settings\Martina Kane\Favorites\Translator.url
c:\documents and settings\Martina Kane\Favorites\Videos.url
c:\documents and settings\Martina Kane\Start Menu\Programs\Download programs.url
c:\documents and settings\Martina Kane\Start Menu\Programs\Games.url
c:\documents and settings\Martina Kane\Start Menu\Programs\Translator.url
c:\documents and settings\Martina Kane\Start Menu\Programs\Videos.url
c:\windows\Installer\1e4d6.msi
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 )))))))))))))))))))))))))))))))
.

2009-09-14 17:25 . 2009-09-14 17:25 -------- d-----w- c:\documents and settings\Martina Kane\Application Data\AVG8
2009-09-06 15:27 . 2009-09-06 15:30 -------- d-----w- c:\documents and settings\Martina Kane\Local Settings\Application Data\MigWiz
2009-09-06 15:21 . 2006-11-02 07:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2009-09-06 15:21 . 2006-11-02 06:07 581192 ----a-w- c:\windows\system32\WinusbCoInstaller.dll
2009-09-06 15:20 . 2009-09-06 15:20 -------- d-----w- c:\program files\Microsoft
2009-09-06 11:40 . 2009-09-06 11:40 -------- d-----w- c:\documents and settings\Martina Kane\Application Data\Malwarebytes
2009-09-06 11:40 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-06 11:39 . 2009-09-06 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-06 11:39 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 11:39 . 2009-09-14 18:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-06 11:14 . 2009-09-06 11:21 -------- d-----w- C:\$AVG8.VAULT$
2009-08-15 19:54 . 2009-09-14 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-14 18:37 . 2008-04-13 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-09-14 17:21 . 2006-05-23 10:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-14 17:21 . 2006-05-23 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-14 17:21 . 2006-05-23 10:57 -------- d-----w- c:\program files\Symantec
2009-09-14 16:47 . 2008-04-21 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-13 07:16 . 2008-02-25 17:24 -------- d-----w- c:\program files\Lx_cats
2009-09-06 15:29 . 2009-09-06 15:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-05 09:11 . 2006-05-23 06:26 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2006-05-23 06:25 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2006-05-23 06:26 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 15:59 . 2006-05-23 06:26 668160 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 15:59 . 2006-05-23 06:26 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:17 . 2006-05-23 06:26 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:17 . 2006-05-23 06:26 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:17 . 2006-05-23 06:26 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:17 . 2006-05-23 06:26 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:17 . 2006-05-23 06:26 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:17 . 2006-05-23 06:26 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:35 . 2006-05-23 06:26 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"ares"="c:\program files\Ares\Ares.exe" [2008-02-20 963072]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-21 1077330]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 262144]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-17 16143872]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-11 266240]
"Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2006-01-03 28672]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-18 89541]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2008-8-30 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcecoms.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [18/04/2006 15:12 98816]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [07/10/2007 10:57 17149]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [30/08/2008 12:14 194304]
.
Contents of the 'Scheduled Tasks' folder

2009-09-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-17 15:39]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-avgrsstarter - avgrsstx.dll
Notify-WgaLogon - (no file)
AddRemove-Power Saver - c:\windows\IsUninst.exe -fc:\program files\TOSHIBA\Power Saver\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-14 19:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-356527333-3197801718-3462220319-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:57,02,99,a7,75,58,17,9d,5d,16,86,04,2e,25,ab,13,7d,34,4d,32,9e,b3,eb,
33,a2,1d,20,6d,54,64,72,34,14,d6,95,b6,44,8f,c3,0a,e5,ba,9c,4e,0f,f5,97,8c,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\RtlGina2.dll
.
Completion time: 2009-09-14 19:41
ComboFix-quarantined-files.txt 2009-09-14 18:40

Pre-Run: 15,456,034,816 bytes free
Post-Run: 16,034,762,752 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

178 --- E O F --- 2009-09-13 07:26

[AdvancedSetup]

Looks pretty good now.

Yes it appears that AVG had a false positive and was actually deleting MBAM

Please run the following to remove any tools that might have been used during the scaning and cleaning of your system.

STEP A
[indent]Uninstall ComboFix.exe

• Click START then RUN
  
• Now type Combofix /u (if you renamed Combofix.exe use that name instead) in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  
• [indent][/indent]
  
• When shown the disclaimer, Select "2"

Remove this folder C:\QooBox if the uninstall instructions don't work and delete Combofix.exe AND check your system time and reset if needed[/indent]


Then run the following.

Please temporarily disable your current Anti-Virus in order to run this Online AV scanner.
Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  
• Click Start
  
• Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  
• Click Scan
  
• Wait for the scan to finish
  
• Re-enable your Anvirisus software.
  
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

[AdvancedSetup]

Please post a status update on this.

Thanks.

[sapna_chavda]

Hi there,

It's amazing the laptop boots up quicker - already notice the difference!
Please find below the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=5b28c1614648674bbd7d8fa1b6eb4a1c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-15 06:37:44
# local_time=2009-09-15 07:37:44 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# scanned=66618
# found=0
# cleaned=0
# scan_time=2347

Looks good?

Thanks.