Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG Rescue hanging


  • This topic is locked This topic is locked

#46
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Lets try another tool:

  • Download NTBR_CD by noahdfear.
  • Extract its contents to the desktop.
  • Once extracted, open the NTBR_CD folder and click on the BurnItCD application.
  • Insert a blank CD when prompted. The .iso image will be burned to the CD.
  • Boot the computer with the CD you just burned and follow the prompts.
  • Press Enter for English.
  • At the menu type 1 to select MBRWORK then hit Enter

    This screen will show the hard drive configuration.
    Posted Image
  • Type 5 to Install standard MBR code then hit Enter
  • Type 1 to select Standard then hit Enter
  • Type Y then hit Enter to confirm
  • Type E then hit Enter to exit
  • Back at the menu, type 6 to Quit.
  • Press Ctrl+Alt+Del to restart the machine.
  • Eject the CD upon restart and boot normally.

  • 1

Advertisements


#47
CathyR

CathyR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
So I give up on this computer? Do you think it would help if I got the Compaq Mini recovery cds? They don't ship with the laptop and I think I have to order them.

Cathy
  • 0

#48
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Did you try the NTBR_CD by noahdfear?
  • 0

#49
CathyR

CathyR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I must have missed the NTBR_CD - where is this information please.

Cathy
  • 0

#50
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts

I must have missed the NTBR_CD - where is this information please.

Cathy

It is on Post #46 above.
  • 0

#51
CathyR

CathyR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Oh my god!!!! It worked the NTBR_CD allowed me to boot back up. I am so thankful! How did this work? Do I need to perform any special maintenance on the mini now so it does not get reinfected?

Cathy
  • 0

#52
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Yes. Lets scan your computer.

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

-------------------------------------------------

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremove...ed-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#53
CathyR

CathyR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Here is the copy of the first log file:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5814

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/19/2011 6:22:07 PM
mbam-log-2011-02-19 (18-22-07).txt

Scan type: Quick scan
Objects scanned: 176815
Time elapsed: 24 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\documents and settings\DRyder\application data\Sun\padjh9.dll (Trojan.Ambler.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{7F56AADC-5CD3-44B4-BF49-1988A462E50D} (Trojan.Ambler.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7F56AADC-5CD3-44B4-BF49-1988A462E50D} (Trojan.Ambler.Gen) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Rogue.Palladium) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\DRyder\application data\Sun\padjh9.dll (Trojan.Ambler.Gen) -> Delete on reboot.
c:\documents and settings\DRyder\local settings\Temp\1156199.5871755085.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\DRyder\local settings\Temp\4.603726237570754e8.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\DRyder\local settings\Temp\jh.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\CRyder\application data\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\DRyder\application data\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\DRyder\application data\Sun\cetw.txt (Malware.Trace) -> Quarantined and deleted successfully.

Do I continue with the combo fix?

Cathy
  • 0

#54
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Yes, please.
  • 0

#55
CathyR

CathyR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I can't uncheck the microsoft essentials - it will not let me turn it off. I need to turn this off before I run combo fix is this correct?

Cathy
  • 0

Advertisements


#56
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Attempt to run Combofix anyway. Only AVG and CA seems to affect its workings.
  • 0

#57
CathyR

CathyR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Here are the results of the combo fix. I rec'd an error "PEV.cfxxe encountered a problem and needs to close. This error happened when the autoscan finished Stage 2. But it finished running. Also another error was your computer does not have the Microsoft Windows recovery console without it Combofix shall not attempt the fixing of some serious infections.

I have attached the log.

ComboFix 11-02-20.01 - DRyder 02/20/2011 17:26:36.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.601 [GMT -5:00]
Running from: c:\documents and settings\DRyder\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\DRyder\Application Data\Sun\mxd1.txt
C:\Microsoft

.
((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-20 22:23 . 2011-02-20 22:23 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF1F25EE-096B-46C3-BB22-C4560F064925}\MpKslb62469cb.sys
2011-02-20 22:22 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF1F25EE-096B-46C3-BB22-C4560F064925}\mpengine.dll
2011-02-19 22:55 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-19 21:30 . 2010-12-09 15:15 718336 ----a-w- c:\windows\system32\ntdll.dll
2011-02-19 21:30 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-02-19 21:30 . 2010-12-09 13:42 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-19 21:30 . 2010-12-09 13:42 2148864 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-19 21:30 . 2010-12-09 13:38 2192768 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-19 21:30 . 2010-12-09 13:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-19 21:30 . 2010-12-09 13:07 2027008 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-19 21:30 . 2010-12-09 13:07 2069376 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-02-07 22:11 . 2009-08-06 02:55 123904 ----a-w- C:\MbrFix.exe
2011-02-04 02:04 . 2011-02-06 18:26 -------- d-----w- C:\_OTL
2011-01-24 11:32 . 2011-01-24 11:32 -------- d-----w- c:\documents and settings\CRyder\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2011-01-21 14:44 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2010-07-20 12:23 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-07 14:09 . 2011-01-07 14:09 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2010-12-31 13:10 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2010-12-22 12:34 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08 . 2010-07-13 21:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2010-12-20 17:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 14:30 . 2010-12-09 14:30 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-28 06:58 . 2010-11-28 06:58 37248 ----a-w- c:\windows\system32\drivers\ISAPNP.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"HP BTW Detect Program"="c:\program files\HP\HPBTWD.exe" [2009-03-30 319488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-06 737280]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP]
2009-07-14 10:54 589104 ----a-w- c:\program files\Hewlett-Packard\HP QuickSync\QuickSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 04:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 09:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP QuickSync\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [8/25/2009 7:31 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [8/25/2009 7:31 PM 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [7/2/2009 1:10 AM 103792]
R1 MpKslb62469cb;MpKslb62469cb;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF1F25EE-096B-46C3-BB22-C4560F064925}\MpKslb62469cb.sys [2/20/2011 5:23 PM 28752]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [8/25/2009 7:31 PM 25584]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [7/9/2009 6:08 AM 199152]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/25/2009 7:18 PM 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/31/2009 3:11 PM 39424]
S3 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 9:05 PM 457200]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSLB62469CB
.
Contents of the 'Scheduled Tasks' folder

2011-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2011-02-20 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-07-09 11:09]

2011-02-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
Trusted Zone: servicecanada.gc.ca\www
FF - ProfilePath - c:\documents and settings\DRyder\Application Data\Mozilla\Firefox\Profiles\agz1quun.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 17:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-02-20 17:50:13
ComboFix-quarantined-files.txt 2011-02-20 22:50

Pre-Run: 109,871,185,920 bytes free
Post-Run: 126,968,766,464 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 302610B0F3CBB30FEEF2E790BB85D919


CathyAttached File  ComboFix.txt   11.5KB   98 downloads
  • 0

#58
CathyR

CathyR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Also I have a Roxio Instant Restore dialogue box that just popped up
You should not run Windows System Restore and Roxio BackOnTrack's Instant Restore feature at the same time. If you do, you many not be able to restore your system safely. You do not need Windows system restore since you are already protected by Instant Restore. To ensure continued protection, we strongly recommend that you deactivate Windows System Restore now?

Not sure what to do about this message.

Cathy
  • 0

#59
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
I am not familiar with Roxio. Whether you want to keep Roxio over Windows System Restore will be up to you. I will show you how to reset Windows Restore. It will be up to you if you ant to turn it On. Resetting System Restore will remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.
  • Rename Combofix to Uninstall and click on it. That should remove the application.

Please download OTC by OldTimer.
  • Save it to your desktop.
  • Please double-click OTC.exe to run it. (Vista users, please right click on OTC.exe and select "Run as an Administrator")
  • This will delete the tools we used in the removal of malware, including this program.
  • If you are asked to reboot to complete the removal process then please do so
Upon restart, manually remove any remaining tools.


How is the computer doing?

  • 0

#60
CathyR

CathyR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
It appears to boot up fine now. That was one nasty virus pallidium - I am doing a check now to see if I can find any reference to it. I think I need to switch to firefox as a browser as added protection. I would welcome any suggestions. I cannot thank you enough. So much time and effort has gone into getting me back up and running. Once all is done, I will certainly be looking at a way to donate. The service you are providing is amazing.

Cathy
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP