1000s od Pos fules, makeing computer slow and freezing [RESOLVED]
Started by
Taco130
, Feb 16 2008 09:20 AM
#31
Posted 17 February 2008 - 06:25 PM
#32
Posted 17 February 2008 - 06:34 PM
Do you mean it didn't produce a log?
#33
Posted 17 February 2008 - 06:37 PM
yes
#34
Posted 17 February 2008 - 06:46 PM
Can you retry it with the same cf scrpt please it seems that combofix was interrupted.
Thanks.
Thanks.
#35
Posted 17 February 2008 - 06:58 PM
i get a compress folder name catchme on the desktop after combo fix?
#36
Posted 17 February 2008 - 07:01 PM
Did you retry the cf script?
#37
Posted 17 February 2008 - 07:03 PM
yes
#38
Posted 17 February 2008 - 07:04 PM
should i restall combofix?
#39
Posted 17 February 2008 - 07:16 PM
No just do the following:
Please download the OTMoveIt2 by OldTimer.
Please download the OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\WINDOWS\Downloaded Program Files\gsda.dll C:\WINDOWS\SYSTEM32\edcA01 C:\VundoFix Backups C:\Program Files\QuickTime C:\Program Files\McAfee.com
- Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
- Click the red Moveit! button.
- OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt2
#40
Posted 17 February 2008 - 08:06 PM
here it is
File/Folder C:\WINDOWS\Downloaded Program Files\gsda.dll not found.
File/Folder C:\WINDOWS\SYSTEM32\edcA01 not found.
File/Folder C:\VundoFix Backups not found.
File/Folder C:\Program Files\QuickTime not found.
File/Folder C:\Program Files\McAfee.com not found.
OTMoveIt2 v1.0.20 log created on 02172008_180328
File/Folder C:\WINDOWS\Downloaded Program Files\gsda.dll not found.
File/Folder C:\WINDOWS\SYSTEM32\edcA01 not found.
File/Folder C:\VundoFix Backups not found.
File/Folder C:\Program Files\QuickTime not found.
File/Folder C:\Program Files\McAfee.com not found.
OTMoveIt2 v1.0.20 log created on 02172008_180328
#41
Posted 17 February 2008 - 08:22 PM
Ok great.
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below: (If present)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm027YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx
Now click on Fix Checked and then close Hijackthis.
====================================
Now do the following:
Time for some housekeeping
Also delete anything that we used that is left over.
===================================
Then I suggest Downloading AVG free and install it as you have no antivirus protection.
=============================
After that Your log is clean.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below: (If present)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm027YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx
Now click on Fix Checked and then close Hijackthis.
====================================
Now do the following:
Time for some housekeeping
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
The above procedure will delete the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Clean System Restore points.
Also delete anything that we used that is left over.
===================================
Then I suggest Downloading AVG free and install it as you have no antivirus protection.
=============================
After that Your log is clean.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
#42
Posted 17 February 2008 - 08:29 PM
ok thanks for every
bye
bye
#43
Posted 17 February 2008 - 08:51 PM
You are welcome
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
#44
Posted 17 February 2008 - 08:51 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users