Jump to content

Pls help me remove XP Antivirus 2012


Recommended Posts

It appears that it completed the disk cleanup once, then it cycled through again, giving that same message above. I canceled and closed. It did not reboot.

I perform a Disk Cleanup and Defrag monthly through Start>All Programs>Accessories>System Tools. Would you like me to complete this now?

Link to post
Share on other sites

  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

I have completed all steps in post #49 (CCleaner, Disk Check, Cleanup & Defrag). Still the internet cuts out about 20 minutes after rebooting.

Sometimes the IE message says Cannot display webpage; sometimes it says Cannot connect to server; other times it just says Connecting... and never goes away.

Chrome says No data received Unable to load the webpage because the server sent no data. Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.

Link to post
Share on other sites

Very important: First disconnect your computer from the Internet.

1. Reset the IP/DNS settings of your Internet connection. If theses settings are in place move on to the next step:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

2. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

4. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet. Let me know if this solves the problem?

Link to post
Share on other sites

No, this also did not resolve the problem.

I also fully uninstalled Avira and ZoneAlarm, rebooted and reinstalled them, thinking maybe they were blocking something from when the virus was originally detected. ...it didn't help.

Another screen I sometimes get on IE after the connection has dropped says: The page cannot be displayed. To attempt fixing network connectivity problems, click Tools, and then click "Diagnose Connection Problems...

(then it gives other instructions to try) Lastly, it says Cannot find server or DNS Error Internet Explorer

Any other suggestions please? I appreciate your help. /I lost my job today for being out of work for 2 weeks because of this issue. :(

Link to post
Share on other sites

It's possible that an update of your network card drivers may help. Please do the following so I can locate the latest version for your system:

Provide System Specifications:

  • Please download Speccy from here and save the installer to your desktop or another location where you can easily find it.
  • Double-click the file to begin installation and follow the onscreen steps to complete the installation and make sure that the checkbox next to Run Speccy is checked before you click on Finish at the end.
  • Once the program starts it will analyze your system, please be patient as it may take a few moments to complete.
  • Once it finishes and none of the areas say Analyzing click on the File button at the top and select Save Snapshot...
  • Save the file to your desktop and click Ok to confirm
  • Go to your desktop and right click on the file you just created and hover over Send to and select Compressed (zipped) Folder
  • Please attach the zip file you just created to your next post

Link to post
Share on other sites

The message at your link said: Sorry, the page you're looking for can't be found :(

It referred me to http://www.piriform.com/speccy for Speccy, which is charging $24.95. From there you could also link to http://www.piriform.com/speccy/download/standard which provided the free download.

Attached is the snapshot.

How should I proceed now? Thank you.

ANUDAI-50673BAD.zip

Link to post
Share on other sites

Here's a new finding:

The hangup appears to happen when I'm on any one particular site and I try to go to another (after the first 10min). I was just on Constant Contact's website for over 10mins then I tried to go to Chartway's and it said page could not be displayed. I also tried yahoo's and this forum's site, same thing. It would allow me to hit the back button and roam any part Constanct Contact, even links I hadn't clicked before, but I couldn't go to another site.

Link to post
Share on other sites

Hi,

Okay I'm back now. I can't open up your attach so, let's open up Speccy and look for network on the left side. Click on it. Then scoll down to "Adapters List" and copy and paste this information. What I need is the name of your network card.

Link to post
Share on other sites

Hello. Welcome back. Here is the copy and paste:

Adapters List

Citrix Virtual Adapter - Packet Scheduler Miniport

IP Address 0.0.0.0

Subnet mask 0.0.0.0

Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport

IP Address 192.168.1.15

Subnet mask 255.255.255.0

Gateway server 192.168.1.1

What should I do now?

Link to post
Share on other sites

I did some research on PRO/100 VE and were fine on that end. I want you to run ComboFix again, but we need to remove it first.

Follow these steps to uninstall Combofix and all of its files and components.

Go to Start ---> Run ---> Type ComboFix /uninstall and press Enter.

Make sure there's a space between Combofix and /

Then hit enter.

Next

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log (C:\ComboFix.txt) in your next reply.
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

ComboFix log:

ComboFix 11-07-07.05 - School 07/07/2011 19:03:46.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.908 [GMT -4:00]

Running from: c:\documents and settings\School\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\School\GoToAssistDownloadHelper.exe

c:\windows\system32\agpbrdg0.dll

c:\windows\system32\itlpfw32.dll

c:\windows\system32\rxx5ot.dll

c:\windows\system32\sebdpx.sys

c:\windows\system32\winm64.sys

.

.

((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 )))))))))))))))))))))))))))))))

.

.

2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\vmdesched.sys

2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\se500mdm.dll

2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\satau325.sys

2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\ramvxt.sys

2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\mmxeroxk.dll

2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\logon16x.dll

2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\cdscsix3.dll

2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\asusrx20.dll

2011-07-07 22:50 . 2011-07-07 23:19 -------- d-----w- C:\ComboFix

2011-07-07 21:03 . 2011-07-07 21:03 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-07-07 21:02 . 2011-07-07 21:02 -------- d-----w- c:\documents and settings\School\Local Settings\Application Data\Learn.com

2011-07-01 23:39 . 2011-07-01 23:40 -------- d-----w- c:\program files\Speccy

2011-07-01 16:51 . 2011-07-01 16:51 -------- d-----w- c:\documents and settings\School\Application Data\Avira

2011-07-01 16:48 . 2011-07-01 16:46 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-07-01 16:48 . 2011-07-01 16:46 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-01 16:48 . 2011-07-01 16:46 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-07-01 16:48 . 2011-07-01 16:46 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-07-01 16:48 . 2011-07-01 16:48 -------- d-----w- c:\program files\Avira

2011-07-01 16:27 . 2011-07-01 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles

2011-06-28 14:25 . 2011-06-28 14:25 -------- d-----w- C:\_OTM

2011-06-23 23:37 . 2011-06-24 01:13 -------- d-----w- c:\documents and settings\School\DoctorWeb

2011-06-23 18:05 . 2011-06-23 18:05 -------- d-----w- c:\documents and settings\School\Application Data\IObit

2011-06-23 18:02 . 2011-06-23 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-06-23 18:02 . 2011-06-23 18:05 -------- d-----w- c:\program files\IObit

2011-06-19 19:25 . 2011-06-19 19:25 -------- d-sh--w- c:\windows\CSC

2011-06-18 14:56 . 2011-07-05 14:55 -------- d-----w- c:\documents and settings\School\Local Settings\Application Data\ZoneAlarm_Security

2011-06-18 14:56 . 2011-06-23 15:49 -------- d-----w- c:\program files\ZoneAlarm_Security

2011-06-18 14:56 . 2011-03-18 05:24 69120 ----a-w- c:\windows\system32\zlcomm.dll

2011-06-18 14:56 . 2011-03-18 05:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll

2011-06-18 14:55 . 2011-03-18 05:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2011-06-15 07:06 . 2011-06-27 13:38 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-15 06:18 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-08 21:31 . 2011-05-18 21:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-29 13:11 . 2009-06-18 20:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2009-06-18 20:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31 . 2009-05-29 18:28 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-04 10:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 14:11 . 2007-08-13 22:54 11081728 ----a-w- c:\windows\system32\ieframe.dll

2011-04-25 16:11 . 2006-03-18 11:09 1211904 ----a-w- c:\windows\system32\urlmon.dll

2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-06-16 04:17 . 2011-06-26 21:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-23_19.02.11 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-07 22:31 . 2011-07-07 22:31 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat

+ 2011-07-07 22:30 . 2011-07-07 22:30 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat

+ 2004-08-04 10:00 . 2011-07-07 22:34 76522 c:\windows\system32\perfc009.dat

- 2004-08-04 10:00 . 2011-06-23 18:42 76522 c:\windows\system32\perfc009.dat

+ 2011-07-01 16:48 . 2011-07-01 16:46 28520 c:\windows\system32\drivers\ssmdrv.sys

- 2010-09-24 15:55 . 2010-09-24 15:53 28520 c:\windows\system32\drivers\ssmdrv.sys

+ 2011-06-29 18:56 . 2011-06-29 18:56 19968 c:\windows\Installer\aba99.msi

+ 2011-07-07 21:03 . 2011-07-07 21:03 2560 c:\windows\_MSRSTRT.EXE

- 2004-08-04 10:00 . 2011-06-23 18:42 457776 c:\windows\system32\perfh009.dat

+ 2004-08-04 10:00 . 2011-07-07 22:34 457776 c:\windows\system32\perfh009.dat

+ 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZone.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix Access Gateway.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrix Access Gateway.lnk

backup=c:\windows\pss\Citrix Access Gateway.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SeaPort"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"nsverctl"=2 (0x2)

"McciCMService"=2 (0x2)

"Interactive Update Client"=2 (0x2)

"ININ Tracing"=2 (0x2)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"fsssvc"=3 (0x3)

"CVPND"=2 (0x2)

"Brother XP spl Service"=2 (0x2)

"B-Service"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\PdaNet 4.12\\PdaNet.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Interactive Intelligence\\ICUserApps\\InteractionClient.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1033:TCP"= 1033:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 NEOFLTR_540_11529;Juniper Networks TDI Filter Driver (NEOFLTR_540_11529);c:\windows\system32\drivers\NEOFLTR_540_11529.sys [1/29/2007 9:33 PM 57591]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 6:00 AM 14336]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/1/2011 12:48 PM 340136]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/1/2011 12:48 PM 136360]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/1/2011 12:48 PM 428200]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [6/10/2009 12:49 PM 8576]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [3/27/2009 12:08 PM 33920]

S3 B-Service;B-Service;c:\documents and settings\AA_MBoone\Local Settings\Temporary Internet Files\Content.IE5\R7THQ64E\B-Service.exe --> c:\documents and settings\AA_MBoone\Local Settings\Temporary Internet Files\Content.IE5\R7THQ64E\B-Service.exe [?]

S3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\drivers\ctxva51.sys [5/10/2010 12:40 PM 41624]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [9/1/2009 11:31 PM 10752]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/18/2009 4:29 PM 39984]

S3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [1/30/2006 1:42 PM 9728]

S4 ININ Tracing;ININ Tracing Initialization;c:\program files\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe [3/19/2010 2:15 PM 36352]

S4 Interactive Update Client;Interactive Update Client;c:\program files\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe [1/25/2010 2:17 PM 298152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-839522115-1005Core.job

- c:\documents and settings\School\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-05 20:58]

.

2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-839522115-1005UA.job

- c:\documents and settings\School\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-05 20:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.wet-llc.org/

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxps://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=3d896b1f06236caf624493c8cb1c2a53&url=http%3A%2F%2Fd.66.155.171.174.downloads.estara.com.%2Fas%2FOneCCDM.php&template=386083&sessionid=413316141_66.155.171.174_41116&=&req=1250287932365OneCC.cab

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab

FF - ProfilePath - c:\documents and settings\School\Application Data\Mozilla\Firefox\Profiles\61det6mv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.wet-llc.org/

FF - prefs.js: network.proxy.ftp -

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.http -

FF - prefs.js: network.proxy.socks -

FF - prefs.js: network.proxy.ssl -

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-07 19:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(700)

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'lsass.exe'(756)

c:\program files\Avira\AntiVir Desktop\avsda.dll

.

Completion time: 2011-07-07 19:22:21

ComboFix-quarantined-files.txt 2011-07-07 23:22

ComboFix2.txt 2011-06-23 19:08

.

Pre-Run: 39,506,960,384 bytes free

Post-Run: 39,557,767,168 bytes free

.

- - End Of File - - 1E17736FD139E28275A188CE2EBF9BD7

Link to post
Share on other sites

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

Collect::
c:\windows\system32\asusrx20.dll
c:\windows\system32\cdscsix3.dll
c:\windows\system32\logon16x.dll
c:\windows\system32\se500mdm.dll
c:\windows\system32\ramvxt.sys
c:\windows\system32\se500mdm.dll

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1033:TCP"=-
"5000:UDP"=-

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Link to post
Share on other sites

ComboFix log 2 with CFScript:

ComboFix 11-07-07.05 - School 07/08/2011 10:41:53.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.833 [GMT -4:00]

Running from: c:\documents and settings\School\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\School\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

file zipped: c:\windows\system32\asusrx20.dll

file zipped: c:\windows\system32\cdscsix3.dll

file zipped: c:\windows\system32\logon16x.dll

file zipped: c:\windows\system32\ramvxt.sys

file zipped: c:\windows\system32\se500mdm.dll

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\asusrx20.dll

c:\windows\system32\cdscsix3.dll

c:\windows\system32\logon16x.dll

c:\windows\system32\mmxeroxk.dll

c:\windows\system32\ntos.exe

c:\windows\system32\ramvxt.sys

c:\windows\system32\satau325.sys

c:\windows\system32\se500mdm.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))

.

.

2011-07-07 21:03 . 2011-07-07 21:03 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-07-07 21:02 . 2011-07-07 21:02 -------- d-----w- c:\documents and settings\School\Local Settings\Application Data\Learn.com

2011-07-01 23:39 . 2011-07-01 23:40 -------- d-----w- c:\program files\Speccy

2011-07-01 16:51 . 2011-07-01 16:51 -------- d-----w- c:\documents and settings\School\Application Data\Avira

2011-07-01 16:48 . 2011-07-01 16:46 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-07-01 16:48 . 2011-07-01 16:46 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-01 16:48 . 2011-07-01 16:46 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-07-01 16:48 . 2011-07-01 16:46 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-07-01 16:48 . 2011-07-01 16:48 -------- d-----w- c:\program files\Avira

2011-07-01 16:27 . 2011-07-01 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles

2011-06-28 14:25 . 2011-06-28 14:25 -------- d-----w- C:\_OTM

2011-06-23 23:37 . 2011-06-24 01:13 -------- d-----w- c:\documents and settings\School\DoctorWeb

2011-06-23 18:05 . 2011-06-23 18:05 -------- d-----w- c:\documents and settings\School\Application Data\IObit

2011-06-23 18:02 . 2011-06-23 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-06-23 18:02 . 2011-06-23 18:05 -------- d-----w- c:\program files\IObit

2011-06-18 14:56 . 2011-07-05 14:55 -------- d-----w- c:\documents and settings\School\Local Settings\Application Data\ZoneAlarm_Security

2011-06-18 14:56 . 2011-06-23 15:49 -------- d-----w- c:\program files\ZoneAlarm_Security

2011-06-18 14:56 . 2011-03-18 05:24 69120 ----a-w- c:\windows\system32\zlcomm.dll

2011-06-18 14:56 . 2011-03-18 05:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll

2011-06-18 14:55 . 2011-03-18 05:24 43008 ----a-w- c:\windows\system32\vswmi.dll

2011-06-18 14:55 . 2011-03-18 05:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2011-06-15 07:06 . 2011-06-27 13:38 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-15 06:18 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-08 21:31 . 2011-05-18 21:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-29 13:11 . 2009-06-18 20:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2009-06-18 20:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31 . 2009-05-29 18:28 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-04 10:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 14:11 . 2007-08-13 22:54 11081728 ----a-w- c:\windows\system32\ieframe.dll

2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 10:00 173568 ------w- c:\windows\system32\ie4uinit.exe

2011-04-25 12:01 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-06-16 04:17 . 2011-06-26 21:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-23_19.02.11 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-08 19:06 . 2011-07-08 19:06 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat

+ 2011-07-08 19:06 . 2011-07-08 19:06 16384 c:\windows\Temp\Perflib_Perfdata_6ac.dat

+ 2004-08-04 10:00 . 2011-07-08 19:11 76522 c:\windows\system32\perfc009.dat

- 2004-08-04 10:00 . 2011-06-23 18:42 76522 c:\windows\system32\perfc009.dat

+ 2011-07-01 16:48 . 2011-07-01 16:46 28520 c:\windows\system32\drivers\ssmdrv.sys

- 2010-09-24 15:55 . 2010-09-24 15:53 28520 c:\windows\system32\drivers\ssmdrv.sys

+ 2011-06-29 18:56 . 2011-06-29 18:56 19968 c:\windows\Installer\aba99.msi

+ 2011-07-07 21:03 . 2011-07-07 21:03 2560 c:\windows\_MSRSTRT.EXE

- 2004-08-04 10:00 . 2011-06-23 18:42 457776 c:\windows\system32\perfh009.dat

+ 2004-08-04 10:00 . 2011-07-08 19:11 457776 c:\windows\system32\perfh009.dat

+ 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZone.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-07-01 281768]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix Access Gateway.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrix Access Gateway.lnk

backup=c:\windows\pss\Citrix Access Gateway.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 13:32 77824 -c--a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 13:36 114688 -c--a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-09-20 13:35 94208 -c--a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2008-10-24 13:14 206112 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-14 18:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]

2007-05-11 19:20 2061816 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]

2007-09-28 18:30 936960 -c--a-w- c:\program files\Verizon\McciTrayApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

2010-04-01 03:34 243000 ----a-w- c:\program files\Yahoo!\Search Protection\YspService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SeaPort"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"nsverctl"=2 (0x2)

"McciCMService"=2 (0x2)

"Interactive Update Client"=2 (0x2)

"ININ Tracing"=2 (0x2)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"fsssvc"=3 (0x3)

"CVPND"=2 (0x2)

"Brother XP spl Service"=2 (0x2)

"B-Service"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\PdaNet 4.12\\PdaNet.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Interactive Intelligence\\ICUserApps\\InteractionClient.exe"=

.

R1 NEOFLTR_540_11529;Juniper Networks TDI Filter Driver (NEOFLTR_540_11529);c:\windows\system32\drivers\NEOFLTR_540_11529.sys [1/29/2007 9:33 PM 57591]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 6:00 AM 14336]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/1/2011 12:48 PM 340136]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/1/2011 12:48 PM 136360]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/1/2011 12:48 PM 428200]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [6/10/2009 12:49 PM 8576]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [3/27/2009 12:08 PM 33920]

S3 B-Service;B-Service;c:\documents and settings\AA_MBoone\Local Settings\Temporary Internet Files\Content.IE5\R7THQ64E\B-Service.exe --> c:\documents and settings\AA_MBoone\Local Settings\Temporary Internet Files\Content.IE5\R7THQ64E\B-Service.exe [?]

S3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\drivers\ctxva51.sys [5/10/2010 12:40 PM 41624]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [9/1/2009 11:31 PM 10752]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/18/2009 4:29 PM 39984]

S3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [1/30/2006 1:42 PM 9728]

S4 ININ Tracing;ININ Tracing Initialization;c:\program files\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe [3/19/2010 2:15 PM 36352]

S4 Interactive Update Client;Interactive Update Client;c:\program files\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe [1/25/2010 2:17 PM 298152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-839522115-1005Core.job

- c:\documents and settings\School\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-05 20:58]

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-839522115-1005UA.job

- c:\documents and settings\School\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-05 20:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.wet-llc.org/

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxps://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=3d896b1f06236caf624493c8cb1c2a53&url=http%3A%2F%2Fd.66.155.171.174.downloads.estara.com.%2Fas%2FOneCCDM.php&template=386083&sessionid=413316141_66.155.171.174_41116&=&req=1250287932365OneCC.cab

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab

FF - ProfilePath - c:\documents and settings\School\Application Data\Mozilla\Firefox\Profiles\61det6mv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.wet-llc.org/

FF - prefs.js: network.proxy.ftp -

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.http -

FF - prefs.js: network.proxy.socks -

FF - prefs.js: network.proxy.ssl -

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

AddRemove-ZoneAlarm - c:\program files\Zone Labs\ZoneAlarm\zauninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-08 15:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(756)

c:\program files\Avira\AntiVir Desktop\avsda.dll

.

- - - - - - - > 'explorer.exe'(3496)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\wwSecure.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

.

**************************************************************************

.

Completion time: 2011-07-08 15:16:36 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-08 19:16

ComboFix2.txt 2011-07-07 23:22

ComboFix3.txt 2011-06-23 19:08

.

Pre-Run: 39,567,417,344 bytes free

Post-Run: 29,321,003,008 bytes free

.

- - End Of File - - A73FF6026CDF6BBBB7F038D0DED1A2EB

Link to post
Share on other sites

I've notice some new malware in your ComboFix log. Is anyone else using your PC?

Please click here to download Kaspersky Virus Removal Tool.

  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  5. Then click on Start Scan.
  6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  7. When the scan is done no log will be produced.
  8. Click on the bottom where it says Report to open the report.
  9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  11. You can save this on the desktop.
  12. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

  • 2 weeks later...

I am going through hell trying to get this log to post and I don't think it's going to happen. From notepad, if I try to save it to a disk and open it again, it won't open. If I try to copy and paste it, the computer freezes. When I pasted it into Word, Word said it was over 22,000 pages. So...I don't think you're going to be able to get that log. I even tried to zip it, but it wouldn't attach. I'll try to save the zip file to a disk and open it on my netbook.

Right now I'm about ready to just reformat the whole thing and start anew. I can't believe it's been a whole month and no one knows what is making my browser access stop 10 minutes after a reboot. It's def a setting on my PC. I turned off my modem, and used my Palm cell for phone as modem and the browser stopped working still, after 10 minutes of a reboot.

No one else is using my computer but me since the infection. The Internet light on the modem shouldn't flash unless the internet is being accessed, but is has been randomly flashing since the infection. Maybe the virus is updating or downloading more malware.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.