[Render]

....ok so left the computer overnight - did as requested - made the iso boot disc - turned on the computer, put the disc straight in - and it has booted into the normal screen - was that supposed to happen????

I think so.

So what are current problems/issues with your computer? Can you connect to network, can you browse etc.?

[Advertisements]

I didn't connect the internet, just ran without connection - windows launched, and sent me to my log in screen - I logged in and then as i said the only other thing I have done is disable nero scout? go figure! No idea how it decided to just launch!! So, as I said - should I run chkdisk, or while it seems to be back do i attempt to run combofix again?

[rdbadger]

I didn't connect the internet, just ran without connection - windows launched, and sent me to my log in screen - I logged in and then as i said the only other thing I have done is disable nero scout? go figure! No idea how it decided to just launch!! So, as I said - should I run chkdisk, or while it seems to be back do i attempt to run combofix again?

[rdbadger]

...oh and it didn't send me through any blue screen or give me any other options such as repair windows or anything, just opened straight up, as if nothing had ever happened!

[Render]

OK. Please don't run Combofix again. As for NMIndexStoreSvr.exe error you can read about this issue here. It is not malicious process.

First try to connect to internet and then launch your favourite browser to see if you can surf the web.

[rdbadger]

ok, will have to disconnect from this computer!

[rdbadger]

...could connect to internet - went to google then edmodo, worked ok...but couldn't run internet straight from desktop and I have a warning that the firewall has been turned off

[Render]

but couldn't run internet straight from desktop and I have a warning that the firewall has been turned off

We will deal with these later.

Malwarebytes' Anti-Malware

Could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware.
• Select the Update tab.
• Click on Check for Updates button.
• Click on OK.
• Select the Scanner tab.
• Select Perform quick scan, then click on Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[rdbadger]

...cool will do, should I attempt to do this with or without internet connection?

[rdbadger]

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Roanna :: ROANNA-36A94C04 [administrator]

30/05/2012 7:32:28 PM
mbam-log-2012-05-30 (19-32-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242055
Time elapsed: 26 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Roanna\Local Settings\Temp\tmzzyawysrzyjkfsfl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roanna\Local Settings\Temp\e3gDJZhFTVDZgy.exe.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

[rdbadger]

Unfortunately NMIndexStoreSvr.exe popped up again after the restart and also can't exit any usb "safely" as it always says a program is still accessing it...ok well then what's next?!
ta

[Render]

should I attempt to do this with or without internet connection?

With.

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)


Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information



On completion click the link to locate the zip file to upload and attach to your next post

[rdbadger]

Still running - found 5 threats so far!

[Render]

OK.

[rdbadger]

...ok so in the middle of the scan it has detected "malicious software" which demands a system re-boot and has requested to perform a "special disinfection" do I allow or say no and just delete as i have the other files? It is now up to 13 threats!
Thanks

[rdbadger]

btw I attempted to just delete and it wouldn't, now its giving me two options either disinfect or skip - it is called/labelled MEM:Rootkit.Win32.Sst.b