1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help with virus.

Discussion in 'Virus & Other Malware Removal' started by mpanayi, Sep 22, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. mpanayi

    mpanayi Thread Starter

    Joined:
    Sep 22, 2008
    Messages:
    2
    I recently got infected with ms antispyware 2009 spoof , and it kept appearing all the time, i managed to remove it so it doesn't keep reapearing. All i remember is seeing something called bravix. The problem im having is im not 100% sure this thing is gone because when i run avast anti virus it finds something in startup and requires reeboot to do scan in startup. So when i do this avast finds stuff but none of the options works just give various error codes or says files missing etc. My computer is running XP SP3 with all security updates applied. Ive tried Xsoft and other sorts to no avail. I read on here to download hijackthis so i have done that and created a log as requested. If anyone can guide me in the correct direction it would be most appreciated.
     

    Attached Files:

  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    Pasting the HijackThis log here for easier viewing. Please paste the logs rather than attaching unless asked to or they are too large to fit into one reply.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:20:38 AM, on 9/22/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\ThreatFire\TFTray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ProcessGuard\pgaccount.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ProcessGuard\procguard.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\DIAS\CnxDIAS.exe
    C:\Program Files\ProcessGuard\dcsuserprot.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ThreatFire\TFService.exe
    C:\WINDOWS\system32\wbsecsvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Marios\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {22FA8483-D40B-4275-9202-7252C7E4267C} - blank (file missing)
    O2 - BHO: (no name) - {5AEE532C-7C2F-4E5C-A044-096846CB9490} - (no file)
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {B0C84611-BC2D-461B-A2C3-841752FA0782} - (no file)
    O3 - Toolbar: Systran40premi.IEPlugIn - {D3919E1A-D6A5-11D6-AC3E-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: jkkJyvwt - jkkJyvwt.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: dtseqrxk - {84F02C5E-A30E-4DCD-AC13-2E1F95F281BB} - blank (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
    O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
    O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.


    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
    • Instead of Windows loading as normal, the Advanced Options Menu should appear
    • Select the first option, to run Windows in Safe Mode, then press Enter
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to the clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log.

    Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

    Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
     
  4. mpanayi

    mpanayi Thread Starter

    Joined:
    Sep 22, 2008
    Messages:
    2
    Thanks i followed your instructions accuratly and i think it is gone but here is the report :

    SDFix: Version 1.230
    Run by Administrator on Mon 09/29/2008 at 09:30 AM
    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix
    Checking Services :
    Name :
    tdssserv
    Path :
    \systemroot\system32\drivers\TDSSserv.sys
    tdssserv - Deleted

    Restoring Default Security Values
    Restoring Default Hosts File
    Restoring Default HomePage Value
    Restoring Default Desktop Components Value
    Rebooting

    Checking Files :
    Trojan Files Found:
    C:\WINDOWS\EEQB.EXE - Deleted
    C:\Program Files\PCHealthCenter\0.gif - Deleted
    C:\Program Files\PCHealthCenter\1.gif - Deleted
    C:\Program Files\PCHealthCenter\1.ico - Deleted
    C:\Program Files\PCHealthCenter\2.gif - Deleted
    C:\Program Files\PCHealthCenter\2.ico - Deleted
    C:\Program Files\PCHealthCenter\3.gif - Deleted
    C:\Program Files\PCHealthCenter\sc.html - Deleted
    C:\WINDOWS\system32\1.ico - Deleted
    C:\WINDOWS\mgxfebsq.dll - Deleted
    C:\WINDOWS\system32\1.ico - Deleted
    C:\WINDOWS\system32\2.ico - Deleted

    Folder C:\Program Files\PCHealthCenter - Removed

    Removing Temp Files
    ADS Check :
    C:\WINDOWS
    :AFP_AfpInfo 0
    Total size: 0 bytes.
    WINDOWS: deleted 0 bytes in 1 streams.
    Checking for remaining Streams
    C:\WINDOWS
    No streams found.


    Final Check :
    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-29 09:46:06
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    IPC error: 2 The system cannot find the file specified.
    scanning hidden services & system hive ...
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a2a7]
    "001a8a2ee768"=hex:c0,d7,4d,c9,3d,8e,e2,1b,89,7c,b8,76,fb,84,87,d9
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]
    "start"=dword:00000001
    "type"=dword:00000001
    "imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv]
    "start"=dword:00000001
    "type"=dword:00000001
    "imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\TDSSserv]
    "start"=dword:00000001
    "type"=dword:00000001
    "imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\0011b107a2a7]
    "001a8a2ee768"=hex:c0,d7,4d,c9,3d,8e,e2,1b,89,7c,b8,76,fb,84,87,d9
    scanning hidden registry entries ...
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services :


    Authorized Application Key Export:
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "D:\\STHIW\\stInstall.exe"="D:\\STHIW\\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
    "C:\\Program Files\\Video Server E\\Video Server E.exe"="C:\\Program Files\\Video Server E\\Video Server E.exe:*:Enabled:Video Server E"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\Common Files\\Acronis\\Agent\\agent.exe"="C:\\Program Files\\Common Files\\Acronis\\Agent\\agent.exe:*:Enabled:Acronis Remote Agent"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\2hotspot\\Program\\pacsvc.exe"="C:\\Program Files\\2hotspot\\Program\\pacsvc.exe:*:Enabled:2hotspot controller"
    "C:\\Program Files\\2hotspot\\Program\\dhcpd.exe"="C:\\Program Files\\2hotspot\\Program\\dhcpd.exe:*:Enabled:ISC DHCP server"
    "C:\\Antamedia\\HotSpot\\HotSpot.exe"="C:\\Antamedia\\HotSpot\\HotSpot.exe:*:Enabled:Antamedia HotSpot"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Canon\\Network ScanGear\\SgTool.exe"="C:\\Program Files\\Canon\\Network ScanGear\\SgTool.exe:*:Enabled:SGTOOL"
    "C:\\Program Files\\Canon\\DIAS\\CnxDIAS.exe"="C:\\Program Files\\Canon\\DIAS\\CnxDIAS.exe:*:Disabled:Canon Driver Information Assist Service"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Documents and Settings\\Marios\\Local Settings\\Temp\\IXP000.TMP\\adobe.exe"="C:\\Documents and Settings\\Marios\\Local Settings\\Temp\\IXP000.TMP\\adobe.exe:*:Enabled:Windows Messanger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    Remaining Files :

    File Backups: - C:\SDFix\backups\backups.zip
    Files with Hidden Attributes :
    Mon 4 Oct 2004 417,792 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.1\Maint.exe"
    Tue 11 May 2004 61,440 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.1\uinstrsc.dll"
    Sat 2 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Wed 4 Apr 2001 28,738 A..HR --- "C:\Documents and Settings\Marios\My Documents\msoffice\MSDE2000\SQLRESLD.DLL"
    Finished!
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/752195

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice