Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rdriv blues [RESOLVED]


  • This topic is locked This topic is locked

#1
salaciouscrumb

salaciouscrumb

    New Member

  • Member
  • Pip
  • 7 posts
Hello to all of those suffering the same fate as I. Along with all of the other posts about rdriv.sys, I cannot remove this trojan either. I have done all of the scans and updates that the malware forum asks of me. As a result my trojan is very clean and still very active. Here is my HijackThis Log and my rdrivRem log.



Logfile of HijackThis v1.99.1
Scan saved at 6:43:13 PM, on 7/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\mssmbios.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Broadband Blaster UI\bbui.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\COMMON~1\AOL\112187~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\112187~1\EE\AOLServiceHost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121875939\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Broadband Blaster User Interface] C:\Program Files\Creative\Broadband Blaster UI\bbui.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\WINDOWS\system32\1.tmp
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: msmbios (Microsoft System Management BIOS Driver) - Unknown owner - C:\WINDOWS\mssmbios.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

and now the rdrivRem


~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

rdriv.sys PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!


~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~

rdriv.sys PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!


Please can anyone help this computer illiterate destroy this @*#!!!!&%$# trojan. Thank you for your quick responses. :tazz:
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi salaciouscrumb and Welcome to GeekstoGo!

Its been a few days since I dealt with rdriv.sys but if I remember right,it will be loacted in the System32 folder and only visible in Safe Mode!

So whatcha say lets squash this bug along with the one that dropped it!

Click Start-> Run-> Type in Services.msc and Click OK!

Scroll that list and locate this entry

msmbios

Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled!


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingc...showtutorial=62


Locate and Delete

C:\WINDOWS\system32\rdriv.sys

C:\WINDOWS\system32\1.tmp

C:\WINDOWS\mssmbios.exe

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\WINDOWS\system32\1.tmp

O23 - Service: msmbios (Microsoft System Management BIOS Driver) - Unknown owner - C:\WINDOWS\mssmbios.exe

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!

Click Start-> Run-> Type in sc delete Microsoft System Management BIOS Driver and Click OK!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!

Restart Normal and have the PC Scanned here:
Kaspersky

You will need to be using Internet Explorer for the Scan to work!

If the Online Scan doesnt give you the option to delete whatever it finds,please write down anything it identifies as Infected and place it in the next post!

Post back with a fresh HijackThis log and any results from Kaspersky!

Edited by Cretemonster, 23 July 2005 - 04:57 AM.

  • 0

#3
salaciouscrumb

salaciouscrumb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, I did everything you said and rdriv appears to be gone :tazz:! Ding dong the witch is dead! I did have a problem with the Kapersky online scan. When I go to the website it asks me to scan a specific file and not the whole computer. So I was unable to do the scan. Here is my HijackThis log though. I would also like to comment that my computer is running extremely slow at startup and while trying to open some programs. Is this due to the trojan or something else? I would appreciate your input. Thank you very much for your instructions up to this point. ;)


Logfile of HijackThis v1.99.1
Scan saved at 8:04:09 AM, on 7/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Broadband Blaster UI\bbui.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\112187~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\112187~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121875939\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Broadband Blaster User Interface] C:\Program Files\Creative\Broadband Blaster UI\bbui.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Since you have allready been to the Panda Site,Visit it again,get another scan of the system and save the report!

Lets see what else is running in there!

Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Restart in Safe Mode

Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

Once the Scan is Complete-> Restart back in Normal Mode-> Locate WinPFind.txt in the WinPFind folder!

Post back with the report from Panda and the contents of WinPFind.txt
  • 0

#5
salaciouscrumb

salaciouscrumb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, here are the two scans that I did. The first one is from the online panda scan.


Incident Status Location

Adware:adware/exactsearch No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ACTIVEX COMPATIBILITY\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}

And this is the Winpfind scan

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 7/21/2005 6:56:46 PM 218112 C:\Program Files\HijackThis.exe

Checking %WinDir% folder...
UPX! 7/22/2005 1:56:12 AM 170053 C:\WINDOWS\tsc.exe
PECompact2 7/22/2005 1:56:12 AM 15400675 C:\WINDOWS\VPTNFILE.741
qoologic 7/22/2005 1:56:12 AM 15400675 C:\WINDOWS\VPTNFILE.741
SAHAgent 7/22/2005 1:56:12 AM 15400675 C:\WINDOWS\VPTNFILE.741
UPX! 7/22/2005 6:00:38 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 7/22/2005 6:00:38 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 6/25/2002 4:37:22 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 7/20/2005 12:05:10 PM 60416 C:\WINDOWS\SYSTEM32\eraseme_17546.exe
Umonitor 8/29/2002 5:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 6/25/2002 4:49:36 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder for system and hidden files within the last 60 days...
7/20/2005 10:14:44 AM 749 C:\WINDOWS\WindowsShell.Manifest
7/20/2005 10:14:50 AM 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
7/20/2005 10:15:30 AM 67 C:\WINDOWS\Fonts\desktop.ini
7/20/2005 10:21:44 AM 0 C:\WINDOWS\inf\oem0.inf
7/20/2005 10:14:50 AM 65 C:\WINDOWS\Offline Web Pages\desktop.ini
7/20/2005 10:15:10 AM 242478 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1.cab
7/20/2005 10:15:10 AM 19959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2.cab
7/20/2005 10:15:10 AM 727 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3.cab
7/20/2005 10:16:52 AM 237568 C:\WINDOWS\repair\ntuser.dat
7/20/2005 10:14:44 AM 749 C:\WINDOWS\system32\cdplayer.exe.manifest
7/20/2005 10:14:50 AM 488 C:\WINDOWS\system32\logonui.exe.manifest
7/20/2005 10:14:44 AM 749 C:\WINDOWS\system32\ncpa.cpl.manifest
7/20/2005 10:14:44 AM 749 C:\WINDOWS\system32\nwc.cpl.manifest
7/20/2005 10:14:44 AM 749 C:\WINDOWS\system32\sapi.cpl.manifest
7/20/2005 10:14:50 AM 488 C:\WINDOWS\system32\WindowsLogon.manifest
7/20/2005 10:14:44 AM 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
7/23/2005 7:01:32 PM 8192 C:\WINDOWS\system32\config\default.LOG
7/23/2005 7:01:50 PM 1024 C:\WINDOWS\system32\config\SAM.LOG
7/23/2005 7:01:40 PM 12288 C:\WINDOWS\system32\config\SECURITY.LOG
7/23/2005 7:03:54 PM 110592 C:\WINDOWS\system32\config\software.LOG
7/23/2005 7:01:40 PM 831488 C:\WINDOWS\system32\config\system.LOG
7/20/2005 5:06:54 AM 1024 C:\WINDOWS\system32\config\TempKey.LOG
7/20/2005 5:06:56 AM 1024 C:\WINDOWS\system32\config\userdiff.LOG
7/20/2005 5:08:12 AM 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
7/20/2005 5:08:12 AM 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
7/20/2005 10:15:12 AM 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
7/20/2005 10:15:12 AM 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
7/20/2005 10:15:12 AM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
7/20/2005 10:15:12 AM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
7/22/2005 1:00:04 AM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B30CAX1L\desktop.ini
7/22/2005 1:00:04 AM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GZKN418X\desktop.ini
7/22/2005 1:00:04 AM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1D8K3IC\desktop.ini
7/22/2005 1:00:04 AM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9A7G1EN\desktop.ini
7/20/2005 10:14:52 AM 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
7/20/2005 5:08:12 AM 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
7/20/2005 10:16:02 AM 206 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
7/20/2005 10:16:00 AM 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
7/20/2005 10:16:00 AM 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
7/20/2005 10:16:02 AM 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
7/20/2005 10:16:00 AM 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
7/21/2005 4:29:28 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ad874552-4626-4e49-a6bc-32b25b8267ee
7/21/2005 4:29:28 PM 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/23/2005 7:00:56 PM 6 C:\WINDOWS\Tasks\SA.DAT

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/20/2005 11:21:44 AM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
7/23/2005 6:56:42 PM 1518 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Pure Networks Port Magic "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
nwiz nwiz.exe /install
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HostManager C:\Program Files\Common Files\AOL\1121875939\EE\AOLHostManager.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Broadband Blaster User Interface C:\Program Files\Creative\Broadband Blaster UI\bbui.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
AOL Spyware Protection "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
IMAIL
MAPI
MSFS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
AOL Fast Start "C:\Program Files\America Online 9.0\AOL.EXE" -b

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit C:\WINDOWS\system32\userinit.exe,
Shell Explorer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.3 - Log file written to "WinPFind.Txt" in the WinPFind folder.



I just wanted to thank you again for your wonderful instructions and guidance. I had been battling with the rdriv.sys for quite a few days and it was driving me and my wife(for having to deal with me) insane. So Cretemonster I salute you with my cold bottle of Coors Light and toast to your good fortune. :tazz:

Edited by salaciouscrumb, 23 July 2005 - 06:25 PM.

  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Tipping My cold Mich Light to ya Bro!

I know what a Beatch that little file can be!

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ACTIVEX COMPATIBILITY\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}]

Copy the text in the Code box to a blank Notepad page and Save it to the desktop with the name rem.reg

Double Click rem.reg and allow it to merge into the registry!

Now locate this file

C:\WINDOWS\SYSTEM32\eraseme_17546.exe

If you dont know where this came from or what it is associated with,have it scanned here
http://virusscan.jotti.org/

Let me know what the scan says!

That file just doesnt look like it belongs on the system and research turns up nothing!

Edited by Cretemonster, 24 July 2005 - 03:57 AM.

  • 0

#7
salaciouscrumb

salaciouscrumb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok did both of those things. Here is what the scan results were.



Scanner Malware name
AntiVir X
ArcaVir Trojan.Oleadm.Callgate2
Avast X
AVG Antivirus X
BitDefender Win32.Nsag.A
ClamAV X
Dr.Web Trojan.DownLoader.2636
F-Prot Antivirus W32/Nsag.A
Fortinet X
Kaspersky Anti-Virus Virus.Win32.Nsag.a
NOD32 Win32/Oleloa.gen
Norman Virus Control X
UNA X
VBA32 X


Any suggestions?
  • 0

#8
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Restart Safe Mode!

Locate and Delete

C:\WINDOWS\SYSTEM32\eraseme_17546.exe

Empty the Recycle Bin!


If you cant find that file,Download Pocket Killbox from here
http://www.bleepingc...les/killbox.php
There is a Direct Download and a description of what the Program does inside this link.

Open Killbox and Copy&Paste that entry into the "Full Path of File to Delete"

Once pasted in place a tick by these selections if available

"Standard File Kill"
"End Explorer Shell while Killing File"


Click the Red Circle with the White X in the Middle to Delete!


Post back and let me know if it went peacefully!
  • 0

#9
salaciouscrumb

salaciouscrumb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Everything seems to be cleared. Thank you again Cretemonster, I owe you my sanity. :tazz:
  • 0

#10
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,lets get ya set to surf a bit Safer,I will place many options to add Security to this PC,you just tinker and play with them until you find the right Combination!

For some Added Security to Internet Explorer

SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!

IE Spyad:
http://www.bleepingc...showtutorial=53
There is a direct download inside and great tutorial also!

Winhelp2002 Hosts File
http://www.mvps.org/...p2002/hosts.htm

Made Easy
http://www.mvps.org/...2002/hosts2.htm

To clean up all those uneeded termporary files!

CCleaner:
http://www.filehippo...d_ccleaner.html
This is to help keep those Temporary Files Cleaned Up!

All you will want to use on this is the Opening Page(Windows Tab)Just Click Run Cleaner and let it do its thing!

CleanUp! 4.0:
http://downloads.ste...p/CleanUp40.exe


Metallicas Malware Page
http://metallica.geekstogo.com/


Disable System Restore
http://service1.syma...src=sec_doc_nam

Restart the PC and Renable System Restore

Next Restart,you have fresh clean restore point to fall back on if ever needed!

How to Manually create a new Restore Point in Windows XP
http://www.microsoft...ew_03may19.mspx
Scroll down to "Use System Restore" and the Steps are laid out there!


Also,have a look at those 3 little black links in my signature,there is alot of good info inside them!


Post back with any questions!
  • 0

#11
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Cretemonster is away due to a medical emergency and he asked me to take over some of his logs. I see that your log is clean, so please let me know if you have any questions.
  • 0

#12
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP