Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

wlctrl32.dll and winlogon.exe

Started by jogyboi , Mar 22 2008 09:39 AM

  • Please log in to reply

#1
jogyboi
Posted 22 March 2008 - 09:39 AM

jogyboi

    New Member

  • Member
  • Pip
  • 6 posts
how can i remove wlctrl32.dll, i have used a lot of spyware removers such as combofix, spyware terminator, kaspersky, spyware doctor, hijack this, malware bytes, undll and spybot.. but none of those programs worked..

here is the log file from hijack this..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31, on 2008-03-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Documents and Settings\Nonoy\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...a...&tbid=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB48D3A2-B9CB-4B28-998F-A813371A73A6}: NameServer = 58.69.254.44 58.69.254.46
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4882 bytes
  • 0

Advertisements

#2
loophole
Posted 22 March 2008 - 10:36 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :)

Please delete your current copy of Combofix and follow the below directions. We will get rid of that file after I see the report

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
jogyboi
Posted 22 March 2008 - 08:04 PM

jogyboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Combofix log.. here is the combo fix log


ComboFix 08-03-22.1 - Nonoy 2008-03-23 9:48:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.314 [GMT 8:00]
Running from: C:\Documents and Settings\Nonoy\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-22 23:16 . 2008-03-23 09:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-22 22:58 . 2008-03-22 22:58 <DIR> d-------- C:\Documents and Settings\Nonoy\Application Data\Yahoo!
2008-03-22 22:58 . 2008-03-22 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-22 22:53 . 2008-03-22 22:53 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-22 22:24 . 2008-03-22 22:30 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-03-22 22:08 . 2008-03-23 09:43 <DIR> d-------- C:\Program Files\Crawler
2008-03-22 22:07 . 2008-03-22 22:24 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-22 22:07 . 2008-03-23 09:41 <DIR> d-------- C:\Documents and Settings\Nonoy\Application Data\Spyware Terminator
2008-03-22 22:07 . 2008-03-22 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-22 22:07 . 2008-03-22 22:07 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-22 20:39 . 2004-08-04 06:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-22 20:33 . 2008-03-22 20:43 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-22 20:25 . 2008-03-22 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 18:56 . 2005-01-14 11:41 11,254 --a------ C:\WINDOWS\system32\locate.com
2008-03-22 18:54 . 2008-03-22 19:45 <DIR> d-------- C:\MGtools
2008-03-22 18:42 . 2008-03-22 18:42 <DIR> d-------- C:\Program Files\IObit
2008-03-22 18:42 . 2008-03-22 18:42 <DIR> d-------- C:\Documents and Settings\Nonoy\Application Data\IObit
2008-03-22 17:52 . 2008-03-22 17:52 <DIR> d-------- C:\Documents and Settings\Nonoy\Application Data\Malwarebytes
2008-03-22 17:52 . 2008-03-22 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-22 17:26 . 2008-03-22 20:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-22 17:26 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-22 15:37 . 2000-04-30 12:14 643,072 --a------ C:\WINDOWS\system32\DolbyHph.dll
2008-03-22 15:37 . 2003-05-07 13:11 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-03-22 15:37 . 2003-01-29 17:39 53,248 --a------ C:\WINDOWS\system32\dcfft2.dll
2008-03-22 15:37 . 2000-03-09 03:30 40,960 --a------ C:\WINDOWS\system32\DolbyHphMM.dll
2008-03-22 15:36 . 2008-03-22 15:36 <DIR> d-------- C:\Program Files\Mediamatics
2008-03-22 15:36 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-22 15:35 . 2008-03-23 08:02 <DIR> d-------- C:\Program Files\Orion Studios HD
2008-03-22 12:28 . 2008-03-22 12:28 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-22 12:28 . 2008-03-22 12:28 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-22 12:27 . 2008-03-22 12:27 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-22 12:27 . 2008-03-23 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 12:27 . 2008-03-23 09:50 2,972,960 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-22 12:27 . 2008-03-23 09:50 94,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-22 12:27 . 2008-03-23 09:15 44,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-22 12:27 . 2008-03-23 09:15 10,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-22 12:04 . 2008-03-22 12:50 <DIR> d-------- C:\Program Files\Kaspersky Anti-Virus
2008-03-22 09:03 . 2008-03-22 21:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-22 07:07 . 2007-12-04 21:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-22 07:07 . 2004-01-09 17:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-22 07:07 . 2007-12-04 20:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-22 07:07 . 2007-12-04 22:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-22 00:15 . 2004-03-09 01:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-03-21 23:54 . 2008-03-21 23:54 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-03-21 23:29 . 2003-03-19 04:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-21 23:13 . 2008-03-21 23:13 983 --a------ C:\WINDOWS\mozver.dat
2008-03-21 21:29 . 2008-03-23 09:56 <DIR> d-------- C:\Documents and Settings\Nonoy\Shared
2008-03-21 21:28 . 2008-03-23 09:57 <DIR> d-------- C:\Documents and Settings\Nonoy\Incomplete
2008-03-21 21:28 . 2008-03-23 09:56 <DIR> d-------- C:\Documents and Settings\Nonoy\Application Data\LimeWire
2008-03-21 21:27 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-03-21 21:26 . 2008-03-21 21:27 <DIR> d-------- C:\Program Files\Java
2008-03-21 21:24 . 2008-03-21 21:32 <DIR> d-------- C:\Program Files\LimeWire
2008-03-21 21:24 . 2008-03-21 21:24 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-21 21:12 . 2008-03-21 21:12 <DIR> d-------- C:\Program Files\installers
2008-03-21 19:38 . 2008-03-22 09:29 <DIR> d-------- C:\Downloads
2008-03-21 19:38 . 2008-03-22 09:28 <DIR> d-------- C:\Documents and Settings\Nonoy\Application Data\Orbit
2008-03-21 19:29 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-21 18:19 . 2008-03-21 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-21 18:18 . 2008-03-21 18:19 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-21 17:14 . 2008-03-21 17:14 <DIR> d-------- C:\WINDOWS\VirtualEar
2008-03-21 17:14 . 2008-03-21 17:14 <DIR> d-------- C:\Program Files\Analog Devices
2008-03-21 17:06 . 2008-03-22 09:45 <DIR> d-------- C:\Program Files\Winamp
2008-03-21 17:06 . 2004-12-21 02:37 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-03-21 17:06 . 2008-03-23 08:49 1,125 --a------ C:\WINDOWS\winamp.ini
2008-03-21 17:00 . 2004-03-03 12:00 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 09:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 09:00 --------- d-----w C:\Program Files\ATI Technologies
2008-03-21 08:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-21 08:47 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-08 10:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 10:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 12:00 335872]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"RegistryMechanic"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

C:\Documents and Settings\Nonoy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-09 05:32:57 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S0 Djo27;Djo27;C:\WINDOWS\system32\Drivers\Djo27.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 10:44:09 C:\WINDOWS\Tasks\AWC AutoCare.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoCare.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
"2008-03-23 01:56:40 C:\WINDOWS\Tasks\AWC AutoSweep.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoSweep.exe
"2008-03-22 12:00:00 C:\WINDOWS\Tasks\AWC Update.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\IObitUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 09:57:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2008-03-23 10:00:03 - machine was rebooted [Nonoy]
ComboFix-quarantined-files.txt 2008-03-23 01:59:59
.
2008-03-22 23:48:29 --- E O F ---



here is the new HJT log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:22 AM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nonoy\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB48D3A2-B9CB-4B28-998F-A813371A73A6}: NameServer = 58.69.254.44 58.69.254.46
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 3868 bytes
  • 0

#4
jogyboi
Posted 23 March 2008 - 03:02 AM

jogyboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Combofix log.. here is the combo fix log


ComboFix 08-03-22.1 - Nonoy 2008-03-23 9:48:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.314 [GMT 8:00]
Running from: C:\Documents and Settings\Nonoy\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-22 23:16 . 2008-03-23 09:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-22 22:58 . 2008-03-22 22:58 <DIR> d-------- C:\Documents and Settings\Nonoy\Application Data\Yahoo!
2008-03-22 22:58 . 2008-03-22 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-22 22:53 . 2008-03-22 22:53 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-22 22:24 . 2008-03-22 22:30 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-03-22 22:08 . 2008-03-23 09:43 <DIR> d-------- C:\Program Files\Crawler
2008-03-22 22:07 . 2008-03-22 22:24 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-22 22:07 . 2008-03-23 09:41 <DIR> d-------- C:\Documents and Settings\Nonoy\Application Data\Spyware Terminator
2008-03-22 22:07 . 2008-03-22 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-22 22:07 . 2008-03-22 22:07 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-22 20:39 . 2004-08-04 06:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-22 20:33 . 2008-03-22 20:43 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-22 20:25 . 2008-03-22 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 18:56 . 2005-01-14 11:41 11,254 --a------ C:\WINDOWS\system32\locate.com
2008-03-22 18:54 . 2008-03-22 19:45 <DIR> d-------- C:\MGtools
2008-03-22 18:42 . 2008-03-22 18:42 <DIR> d-------- C:\Program Files\IObit
2008-03-22 18:42 . 2008-03-22 18:42 <DIR> d-------- C:\Documents and Settings\Nonoy\Application Data\IObit
2008-03-22 17:52 . 2008-03-22 17:52 <DIR> d-------- C:\Documents and Settings\Nonoy\Application Data\Malwarebytes
2008-03-22 17:52 . 2008-03-22 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-22 17:26 . 2008-03-22 20:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-22 17:26 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-22 15:37 . 2000-04-30 12:14 643,072 --a------ C:\WINDOWS\system32\DolbyHph.dll
2008-03-22 15:37 . 2003-05-07 13:11 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-03-22 15:37 . 2003-01-29 17:39 53,248 --a------ C:\WINDOWS\system32\dcfft2.dll
2008-03-22 15:37 . 2000-03-09 03:30 40,960 --a------ C:\WINDOWS\system32\DolbyHphMM.dll
2008-03-22 15:36 . 2008-03-22 15:36 <DIR> d-------- C:\Program Files\Mediamatics
2008-03-22 15:36 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-22 15:35 . 2008-03-23 08:02 <DIR> d-------- C:\Program Files\Orion Studios HD
2008-03-22 12:28 . 2008-03-22 12:28 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-22 12:28 . 2008-03-22 12:28 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-22 12:27 . 2008-03-22 12:27 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-22 12:27 . 2008-03-23 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 12:27 . 2008-03-23 09:50 2,972,960 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-22 12:27 . 2008-03-23 09:50 94,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-22 12:27 . 2008-03-23 09:15 44,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-22 12:27 . 2008-03-23 09:15 10,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-22 12:04 . 2008-03-22 12:50 <DIR> d-------- C:\Program Files\Kaspersky Anti-Virus
2008-03-22 09:03 . 2008-03-22 21:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-22 07:07 . 2007-12-04 21:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-22 07:07 . 2004-01-09 17:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-22 07:07 . 2007-12-04 20:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-22 07:07 . 2007-12-04 22:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-22 00:15 . 2004-03-09 01:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-03-21 23:54 . 2008-03-21 23:54 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-03-21 23:29 . 2003-03-19 04:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-21 23:13 . 2008-03-21 23:13 983 --a------ C:\WINDOWS\mozver.dat
2008-03-21 21:29 . 2008-03-23 09:56 <DIR> d-------- C:\Documents and Settings\Nonoy\Shared
2008-03-21 21:28 . 2008-03-23 09:57 <DIR> d-------- C:\Documents and Settings\Nonoy\Incomplete
2008-03-21 21:28 . 2008-03-23 09:56 <DIR> d-------- C:\Documents and Settings\Nonoy\Application Data\LimeWire
2008-03-21 21:27 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-03-21 21:26 . 2008-03-21 21:27 <DIR> d-------- C:\Program Files\Java
2008-03-21 21:24 . 2008-03-21 21:32 <DIR> d-------- C:\Program Files\LimeWire
2008-03-21 21:24 . 2008-03-21 21:24 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-21 21:12 . 2008-03-21 21:12 <DIR> d-------- C:\Program Files\installers
2008-03-21 19:38 . 2008-03-22 09:29 <DIR> d-------- C:\Downloads
2008-03-21 19:38 . 2008-03-22 09:28 <DIR> d-------- C:\Documents and Settings\Nonoy\Application Data\Orbit
2008-03-21 19:29 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-21 18:19 . 2008-03-21 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-21 18:18 . 2008-03-21 18:19 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-21 17:14 . 2008-03-21 17:14 <DIR> d-------- C:\WINDOWS\VirtualEar
2008-03-21 17:14 . 2008-03-21 17:14 <DIR> d-------- C:\Program Files\Analog Devices
2008-03-21 17:06 . 2008-03-22 09:45 <DIR> d-------- C:\Program Files\Winamp
2008-03-21 17:06 . 2004-12-21 02:37 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-03-21 17:06 . 2008-03-23 08:49 1,125 --a------ C:\WINDOWS\winamp.ini
2008-03-21 17:00 . 2004-03-03 12:00 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 09:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 09:00 --------- d-----w C:\Program Files\ATI Technologies
2008-03-21 08:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-21 08:47 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-08 10:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 10:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 12:00 335872]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"RegistryMechanic"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

C:\Documents and Settings\Nonoy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-09 05:32:57 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S0 Djo27;Djo27;C:\WINDOWS\system32\Drivers\Djo27.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 10:44:09 C:\WINDOWS\Tasks\AWC AutoCare.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoCare.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
"2008-03-23 01:56:40 C:\WINDOWS\Tasks\AWC AutoSweep.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoSweep.exe
"2008-03-22 12:00:00 C:\WINDOWS\Tasks\AWC Update.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\IObitUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 09:57:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2008-03-23 10:00:03 - machine was rebooted [Nonoy]
ComboFix-quarantined-files.txt 2008-03-23 01:59:59
.
2008-03-22 23:48:29 --- E O F ---



here is the new HJT log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:22 AM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nonoy\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB48D3A2-B9CB-4B28-998F-A813371A73A6}: NameServer = 58.69.254.44 58.69.254.46
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 3868 bytes
  • 0

#5
loophole
Posted 23 March 2008 - 05:28 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
The offending file seems to be gone? Did you do some work? There are some other minor problem but lets do this first

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System. XP SP2



Download the file & save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP