Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win XP SP2 won't boot


  • This topic is locked This topic is locked

#31
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi iggyboy,

I think you drag the old CFscript to the combofix. Can you try it again, but use the CFscript from my last instruction.
  • 0

Advertisements


#32
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi iggyboy,

I think you drag the old CFscript to the combofix. Can you try it again, but use the CFscript from my latest instruction.
  • 0

#33
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I don't know what happened.Now I charged the following:
KillAll::

RenV::
c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM .exe
c:\programmi\Skype\Phone\Skype .exe

MBR::

File::

Folder::

Registry::

Driver::

Rootkit::

The answer is (translated) "orthographically incorrect"
  • 0

#34
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Can you try this one.

KillAll::

RenV::
c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM .exe
c:\programmi\Skype\Phone\Skype .exe

MBR::

File::

Folder::

Registry::

Driver::

  • 0

#35
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
ComboFix 11-01-08.05 - Iggy 14/01/2011 17.14.03.13.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2039.1666 [GMT 1:00]
Eseguito da: c:\documents and settings\Iggy\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Iggy\Desktop\CFScript2.txt
.
/wow section - STAGE 50
Impossibile trovare il percorso specificato.


((((((((((((((((((((((((( Files Creati Da 2010-12-14 al 2011-01-14 )))))))))))))))))))))))))))))))))))
.

2011-01-14 11:47 . 2011-01-14 11:47 -------- d-----w- C:\RecoveryCD
2011-01-12 14:56 . 2011-01-12 14:56 -------- d-----w- C:\TDSSKiller_Quarantine
2011-01-12 12:14 . 2004-08-03 22:14 359040 -c--a-w- c:\windows\system32\dllcache\tcpip.sys
2011-01-12 12:14 . 2004-08-03 22:14 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-01-10 12:23 . 2011-01-10 12:33 -------- d-----w- c:\documents and settings\Iggy\Impostazioni locali\Dati applicazioni\Promosoft Corporation
2011-01-10 11:47 . 2011-01-10 11:47 -------- d-----w- c:\programmi\Trend Micro
2011-01-08 20:42 . 2011-01-08 20:42 -------- d-----w- c:\programmi\Pc Optimizer 360
2011-01-05 17:42 . 2004-08-19 08:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2011-01-05 17:42 . 2004-08-19 08:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2011-01-05 15:58 . 2011-01-08 21:06 -------- d-----w- c:\programmi\CCleaner
2011-01-04 22:07 . 2004-08-19 14:39 1034752 ----a-w- c:\windows\explorer.exe
2011-01-03 18:10 . 2011-01-03 18:10 -------- d-----w- C:\Venus11
2011-01-01 18:26 . 2011-01-01 18:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-27 15:29 . 2010-12-27 15:29 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Identities
2010-12-27 11:06 . 2010-12-27 11:06 -------- d-----w- C:\sh4ldr
2010-12-27 11:06 . 2010-12-27 11:06 -------- d-----w- c:\programmi\Enigma Software Group
2010-12-25 19:45 . 2010-12-25 19:45 110080 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{3636C923-7AD6-4DE3-978A-09609AEE8ECF}\IconF7A21AF7.exe
2010-12-25 19:45 . 2010-12-25 19:45 110080 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{3636C923-7AD6-4DE3-978A-09609AEE8ECF}\IconD7F16134.exe
2010-12-25 17:41 . 2010-12-25 22:37 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
2010-12-25 16:47 . 2010-12-25 19:44 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2010-12-25 16:47 . 2010-12-25 17:38 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-12-24 15:48 . 2010-12-24 15:48 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2010-12-23 09:27 . 2010-12-23 09:27 -------- d-----w- c:\programmi\Admiresoft
2010-12-22 18:50 . 2010-12-22 18:51 -------- d-----w- C:\Bilan11
2010-12-17 11:29 . 2010-12-17 11:30 -------- d-----w- c:\programmi\Hide IP NG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-05 15:20 . 2009-07-26 10:49 1391104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-12-08 15:36 . 2010-12-08 15:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-08 15:36 . 2010-05-04 09:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-17 16:20 . 2010-10-17 16:20 40960 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{2DA701B1-5597-44BA-BA96-ED6A737CCA57}\NewShortcut1_9873BD74E565483399E18668472BEA7F.exe
1998-02-10 16:34 . 2009-07-29 14:11 128000 ----a-w- c:\programmi\UNWISE.EXE
.
<pre>
c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM .exe
c:\programmi\Skype\Phone\Skype .exe
</pre>

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((( [email protected]_16.16.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-31 12:00 . 2011-01-05 16:06 91988 c:\windows\system32\perfc010.dat
+ 2001-08-31 12:00 . 2011-01-10 22:12 91988 c:\windows\system32\perfc010.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 76978 c:\windows\system32\perfc009.dat
+ 2001-08-31 12:00 . 2011-01-10 22:12 76978 c:\windows\system32\perfc009.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 508156 c:\windows\system32\perfh010.dat
+ 2001-08-31 12:00 . 2011-01-10 22:12 508156 c:\windows\system32\perfh010.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 459256 c:\windows\system32\perfh009.dat
+ 2001-08-31 12:00 . 2011-01-10 22:12 459256 c:\windows\system32\perfh009.dat
+ 2004-08-19 13:39 . 2004-08-19 08:00 151552 c:\windows\system32\dllcache\regedit.exe
+ 2004-08-19 13:39 . 2004-08-19 08:00 151552 c:\windows\regedit.exe
- 2004-08-19 13:39 . 2004-08-19 13:39 151552 c:\windows\regedit.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ .exe" [N/A]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\programmi\real\realplayer\update\realsched.exe" [2010-11-18 274608]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"PTHOSTTR"="c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-09 150040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-09 150040]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-09 178712]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-5-12 581693]
LG SyncManager.lnk - c:\h7??\LGSyncManager.exe [N/A]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 04:03 74752 ----a-r- c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
c:\progra~1\ALWILS~1\Avast5\avastUI.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\RpcAgentSrv.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\FlashGet\\FlashGet.exe"=
"c:\\Programmi\\Motorola\\RSD Lite\\SDL.exe"=
"c:\\Programmi\\Motorola\\Software Update\\msu.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programmi\\Port Forwarding Wizard\\bin\\Port Forwarding Wizard.exe"=
"c:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [x]
R2 gupdate1ca0e044ffa000;Servizio di Google Update (gupdate1ca0e044ffa000);c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
R2 MotoConnect Service;MotoConnect Service;c:\programmi\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R2 SWIHPWMI;SWIHPWMI;c:\programmi\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
R3 esgiguard;esgiguard; [x]
R3 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\DRIVERS\HP24X.sys [2006-10-18 33024]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe [2008-11-03 98488]
R3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\DRIVERS\scrswi.sys [2008-01-10 44160]
R3 SWNC8U02;HP hs2300 MUX NDIS Driver (02);c:\windows\system32\DRIVERS\SWNC8U02.sys [2008-01-31 165248]
R3 SWUMX02;HP hs2300 USB MUX Driver (02);c:\windows\system32\DRIVERS\swumx02.sys [2008-01-31 142976]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 GhPciScan;GhostPciScanner;c:\programmi\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-05-28 5632]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-07-24 38816]
S1 RsvLock;RsvLock; [x]
S2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe [2004-08-19 14336]
S2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe [2004-08-19 14336]
S2 HpFkCryptService;Drive Encryption Service;c:\programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-09-06 221184]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2007-07-24 41216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contenuto della cartella 'Scheduled Tasks'

2011-01-14 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-26 16:12]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 15:16]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 15:16]

2011-01-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]

2010-12-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: &Scarica con FlashGet - c:\programmi\FlashGet\jc_link.htm
IE: &Scarica tutto con FlashGet - c:\programmi\FlashGet\jc_all.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
DPF: {2C546582-48CE-4890-9C88-B2665B125E15} - hxxp://www.registrywinner.com/RWOnline.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 17:26
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(428)
c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\SbHpNp.DLL
c:\windows\system32\DeviceNP.dll
c:\programmi\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programmi\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ItMsg.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ASChnl.dll

- - - - - - - > 'explorer.exe'(3208)
c:\windows\system32\APSHook.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\windows\System32\SCardSvr.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\agrsmsvc.exe
c:\programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\windows\system32\IFXTCS.exe
c:\programmi\Ahead\InCD\InCDsrv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\IfxPsdSv.exe
c:\programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\programmi\Motorola\MotoConnectService\MotoConnect.exe
c:\windows\system32\imapi.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTServs.exe
.
**************************************************************************
.
Ora fine scansione: 2011-01-14 17:27:14 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2011-01-14 16:27
ComboFix2.txt 2011-01-14 14:42
ComboFix3.txt 2011-01-13 11:56
ComboFix4.txt 2011-01-12 14:26
ComboFix5.txt 2011-01-14 15:22

Pre-Run: 182.398.976 byte disponibili
Post-Run: 147.025.920 byte disponibili

- - End Of File - - FD362C2C691445E1D7CAA558CB9A1BDD
  • 0

#36
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Run MBRCheck again and post the logs in your next reply.
  • 0

#37
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Salagubang! Finally I could restore the normal booting.Remembering the SATA drivers problems with XP,I disabled hative drivers and with the Recovery Console,the HDD was seen and I could fixmbr.Then enabled again native drivers and all OK!
But I spent a lot of time with the Error 1075 "The dependency service does not exist or has been marked for deletion" without results,so I cannot connect.The only way not experienced yet is Here .What can you suggest? I'm going away for the day,so I can't give you immediate feedbacks.
  • 0

#38
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Thats wonderful news. :D

Now all I need to do is rid that computer of Vundo and we're set fixing that internet.

Could you re-run Combofix again with the last CFScript.txt (it was named CFscript2 so you might need to rename it to CFscript)

Edited by Salagubang, 15 January 2011 - 02:21 AM.

  • 0

#39
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Salagubang!
Here is the log.

ComboFix 11-01-14.01 - Iggy 15/01/2011 18.57.52.17.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2039.1668 [GMT 1:00]
Eseguito da: c:\documents and settings\Iggy\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Iggy\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Dati applicazioni\download2

.
((((((((((((((((((((((((( Files Creati Da 2010-12-15 al 2011-01-15 )))))))))))))))))))))))))))))))))))
.

2011-01-14 11:47 . 2011-01-14 11:47 -------- d-----w- C:\RecoveryCD
2011-01-12 14:56 . 2011-01-12 14:56 -------- d-----w- C:\TDSSKiller_Quarantine
2011-01-12 12:14 . 2004-08-03 22:14 359040 -c--a-w- c:\windows\system32\dllcache\tcpip.sys
2011-01-12 12:14 . 2004-08-03 22:14 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-01-10 12:23 . 2011-01-10 12:33 -------- d-----w- c:\documents and settings\Iggy\Impostazioni locali\Dati applicazioni\Promosoft Corporation
2011-01-10 11:47 . 2011-01-10 11:47 -------- d-----w- c:\programmi\Trend Micro
2011-01-08 20:42 . 2011-01-08 20:42 -------- d-----w- c:\programmi\Pc Optimizer 360
2011-01-05 17:42 . 2004-08-19 08:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2011-01-05 17:42 . 2004-08-19 08:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2011-01-05 15:58 . 2011-01-08 21:06 -------- d-----w- c:\programmi\CCleaner
2011-01-04 22:07 . 2004-08-19 14:39 1034752 ----a-w- c:\windows\explorer.exe
2011-01-03 18:10 . 2011-01-03 18:10 -------- d-----w- C:\Venus11
2011-01-01 18:26 . 2011-01-01 18:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-27 15:29 . 2010-12-27 15:29 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Identities
2010-12-27 11:06 . 2010-12-27 11:06 -------- d-----w- C:\sh4ldr
2010-12-27 11:06 . 2010-12-27 11:06 -------- d-----w- c:\programmi\Enigma Software Group
2010-12-25 19:45 . 2010-12-25 19:45 110080 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{3636C923-7AD6-4DE3-978A-09609AEE8ECF}\IconF7A21AF7.exe
2010-12-25 19:45 . 2010-12-25 19:45 110080 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{3636C923-7AD6-4DE3-978A-09609AEE8ECF}\IconD7F16134.exe
2010-12-25 17:41 . 2010-12-25 22:37 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
2010-12-25 16:47 . 2010-12-25 19:44 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2010-12-25 16:47 . 2010-12-25 17:38 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-12-24 15:48 . 2010-12-24 15:48 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2010-12-23 09:27 . 2010-12-23 09:27 -------- d-----w- c:\programmi\Admiresoft
2010-12-22 18:50 . 2010-12-22 18:51 -------- d-----w- C:\Bilan11
2010-12-17 11:29 . 2010-12-17 11:30 -------- d-----w- c:\programmi\Hide IP NG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-05 15:20 . 2009-07-26 10:49 1391104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-12-08 15:36 . 2010-12-08 15:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-08 15:36 . 2010-05-04 09:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
1998-02-10 16:34 . 2009-07-29 14:11 128000 ----a-w- c:\programmi\UNWISE.EXE
.
<pre>
c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM .exe
c:\programmi\Skype\Phone\Skype .exe
</pre>

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((( [email protected]_16.16.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-31 12:00 . 2011-01-05 16:06 91988 c:\windows\system32\perfc010.dat
+ 2001-08-31 12:00 . 2011-01-10 22:12 91988 c:\windows\system32\perfc010.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 76978 c:\windows\system32\perfc009.dat
+ 2001-08-31 12:00 . 2011-01-10 22:12 76978 c:\windows\system32\perfc009.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 508156 c:\windows\system32\perfh010.dat
+ 2001-08-31 12:00 . 2011-01-10 22:12 508156 c:\windows\system32\perfh010.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 459256 c:\windows\system32\perfh009.dat
+ 2001-08-31 12:00 . 2011-01-10 22:12 459256 c:\windows\system32\perfh009.dat
+ 2004-08-19 13:39 . 2004-08-19 08:00 151552 c:\windows\system32\dllcache\regedit.exe
+ 2004-08-19 13:39 . 2004-08-19 08:00 151552 c:\windows\regedit.exe
- 2004-08-19 13:39 . 2004-08-19 13:39 151552 c:\windows\regedit.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ .exe" [N/A]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\programmi\real\realplayer\update\realsched.exe" [2010-11-18 274608]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"PTHOSTTR"="c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-09 150040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-09 150040]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-09 178712]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-5-12 581693]
LG SyncManager.lnk - c:\h7??\LGSyncManager.exe [N/A]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 04:03 74752 ----a-r- c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
c:\progra~1\ALWILS~1\Avast5\avastUI.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\RpcAgentSrv.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\FlashGet\\FlashGet.exe"=
"c:\\Programmi\\Motorola\\RSD Lite\\SDL.exe"=
"c:\\Programmi\\Motorola\\Software Update\\msu.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programmi\\Port Forwarding Wizard\\bin\\Port Forwarding Wizard.exe"=
"c:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [x]
R2 MotoConnect Service;MotoConnect Service;c:\programmi\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R2 SWIHPWMI;SWIHPWMI;c:\programmi\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
R3 esgiguard;esgiguard; [x]
R3 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\DRIVERS\HP24X.sys [2006-10-18 33024]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe [2008-11-03 98488]
R3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\DRIVERS\scrswi.sys [2008-01-10 44160]
R3 SWNC8U02;HP hs2300 MUX NDIS Driver (02);c:\windows\system32\DRIVERS\SWNC8U02.sys [2008-01-31 165248]
R3 SWUMX02;HP hs2300 USB MUX Driver (02);c:\windows\system32\DRIVERS\swumx02.sys [2008-01-31 142976]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 GhPciScan;GhostPciScanner;c:\programmi\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-05-28 5632]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-07-24 38816]
S1 RsvLock;RsvLock; [x]
S2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe [2004-08-19 14336]
S2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe [2004-08-19 14336]
S2 gupdate1ca0e044ffa000;Servizio di Google Update (gupdate1ca0e044ffa000);c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
S2 HpFkCryptService;Drive Encryption Service;c:\programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-09-06 221184]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2007-07-24 41216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contenuto della cartella 'Scheduled Tasks'

2011-01-15 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-26 16:12]

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 15:16]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 15:16]

2011-01-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]

2010-12-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: &Scarica con FlashGet - c:\programmi\FlashGet\jc_link.htm
IE: &Scarica tutto con FlashGet - c:\programmi\FlashGet\jc_all.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
DPF: {2C546582-48CE-4890-9C88-B2665B125E15} - hxxp://www.registrywinner.com/RWOnline.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-15 19:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(424)
c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\SbHpNp.DLL
c:\windows\system32\DeviceNP.dll
c:\programmi\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programmi\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ItMsg.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ASChnl.dll

- - - - - - - > 'explorer.exe'(3560)
c:\windows\system32\APSHook.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\windows\System32\SCardSvr.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\agrsmsvc.exe
c:\programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\windows\system32\IFXTCS.exe
c:\programmi\Ahead\InCD\InCDsrv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\IfxPsdSv.exe
c:\programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\programmi\Motorola\MotoConnectService\MotoConnect.exe
c:\windows\system32\imapi.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2011-01-15 19:08:49 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2011-01-15 18:08
ComboFix2.txt 2011-01-14 18:50
ComboFix3.txt 2011-01-14 16:27
ComboFix4.txt 2011-01-14 14:42
ComboFix5.txt 2011-01-15 17:19

Pre-Run: 315.625.472 byte disponibili
Post-Run: 281.006.080 byte disponibili

- - End Of File - - FCDDFAE2894BFA8BB34323F7C8EADDE4
  • 0

#40
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi iggyboy,

Step One

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Step Two

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step Three

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

Advertisements


#41
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi!

Vundo gave 0 found
-----------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 5363

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

16/01/2011 0.32.18
mbam-log-2011-01-16 (00-32-18).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 145730
Tempo trascorso: 2 minuti, 4 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

I'm going to bed,local time 00.55
Bye,Iggy

Attached Files


  • 0

#42
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi iggyboy,


Step One

After we're finished cleaning up your computer, you'need to reinstall Adobe and Skype programs.

  • Re-run AVPTool
  • Select the Manual Disinfection tab
  • Where it states Step 3 paste in the following disinfection script and press execute

    begin
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
     DeleteFileMask(‘c:\programmi\Skype’,'*.*',true);
     DeleteFileMask(‘c:\programmi\File comuni\Adobe’,'*.*',true);
     DeleteDirectory(‘c:\programmi\Skype’);
     DeleteDirectory(‘c:\programmi\File comuni\Adobe’);
    ExecuteSysClean;
    BC_Activate;
    end.
  • Your system will reboot on completion, if it does not please do so yourself

Posted Image


Step Two

Upgrading your windows to SP3 will replace any other missing files and correct borked settings.


Tell me if this solves the problem.
  • 0

#43
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Sorry my friend,it didn't solve the problem.I tried anything according to microsoft site,but it's no more virus problem.I think that registry keys concerning DHCP,TCPIP,WINSOCK are corrupted and no recovery is possible.I'm sure I have to be grateful to some [bleep]ed anti-malware and registry-cleaner.I repeat,I tried the impossible.I will try to post again in the OS forum section.It seems impossible that after more than 15 years Windows OS be so vulnerable.I thank you very much for your support.
  • 0

#44
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP