Username:    Password:    Remember me     
Google
 

Forums


Malwareteks :: Forums :: Malware Support :: Inactive Malware Threads
 
<< Previous thread | Next thread >>
[INACTIVE] malware keeping my browsers from opening?
Moderators: ShadowPuterDude, Greg, D3m3nt3d, Brandon, Vmarm, peterparker, siljaline, jholland1964, TurcoLoco, Windsor, JeanInMontana, KZ, RatHat, Jason Amison, MrCharlie
This thread is now closed
Author Post
rwmurrow
Sun Aug 24 2008, 02:07PM
Registered Member #188
Joined: Wed Jul 02 2008, 05:06PM
Posts: 17
Thanked 0 times in 0 posts
I got some Malware and got it mostly taken care of but my browsers don't open except for IE in safe mode only. And when I try to go to the pages for downloading Malwarebytes and Sb S&D It wont connect to the page. I have hijackthis so I will post that log.

the rest of my computer seems to work fine it is just the browsers like The fox and opera that wont even try to open up.
hijackthis.log
Back to top
ShadowPuterDude
Sun Aug 24 2008, 03:17PM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts
All logs are to be from Normal Mode, unless specified otherwise.

Download to your Desktop:
- LSP-Fix

After download is complete, Run LSP-Fix

Check the Box labeled "I know what I'm doing" and then click on the gmboew.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move gmboew.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

Note: If the file gmboew.dll is already in the remove section, then just click FINISH.

Now run HijackThis and fix the following:
O4 - HKLM\..\Run: [BM8fbbc9a9] Rundll32.exe "C:\WINDOWS\system32\tyujensn.dll",s
O4 - HKLM\..\Run: [8c88fa35] rundll32.exe "C:\WINDOWS\system32\radwsrwc.dll",a
O20 - AppInit_DLLs: gmboew.dll

Download to your Desktop
- ComboFix by sUBs from >> Geeks2Go <<

During the download rename Combofix to Combo-Fix. This is important do not rename after downloading. Combofix must be renamed before it is downloaded to your desktop.

Close ALL windows

Physically disconnect from the Internet, then disable your anti-virus and any real-time anti-spyware monitors that are running.

Double click Combo-Fix.exe follow the prompts

When finished, the program will produce a log

Note:
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Reboot to Normal Mode.

Post a Fresh HijackThis log and the ComboFix Log.

[ Edited Sun Aug 24 2008, 03:18PM ]

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
rwmurrow
Sun Aug 24 2008, 08:20PM
Registered Member #188
Joined: Wed Jul 02 2008, 05:06PM
Posts: 17
Thanked 0 times in 0 posts
I can't download it onto my computer, IE says it cannot display the webpage and if I try to right click and "save target as" it says it can't connect to the server.

I downloaded it onto a flash drive from another computer then put it on my desktop and ran it and "gmboew.dll" was not in either keep or remove section. I guess it was because I downloaded onto another computer?

[ Edited Sun Aug 24 2008, 08:25PM ]
Back to top
ShadowPuterDude
Sun Aug 24 2008, 09:29PM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts
It has nothing to do with downloading from another computer.

I really need the logs from the other tools.

If you can't download from the infected computer, then download the tools from an clean system and install/copy them to the infected system.

Then run the tools and post the.

I need logs from HijackThis and ISeeYouXP while in Normal Mode; and I need the log from ComboFix.

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
rwmurrow
Mon Aug 25 2008, 09:03PM
Registered Member #188
Joined: Wed Jul 02 2008, 05:06PM
Posts: 17
Thanked 0 times in 0 posts
Here are two. I am still working on getting the combo fix to the infected system.
hijackthis.log
iseeyouxp.txt
Back to top
rwmurrow
Fri Aug 29 2008, 12:02AM
Registered Member #188
Joined: Wed Jul 02 2008, 05:06PM
Posts: 17
Thanked 0 times in 0 posts
I can't get the combo fix to run on my system. It ran in safe mode but it said access denied and did not finish.
Back to top
ShadowPuterDude
Fri Aug 29 2008, 07:31AM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts
We'll use a different tool.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back with a new HijackThis log please.


"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
rwmurrow
Fri Aug 29 2008, 10:06AM
Registered Member #188
Joined: Wed Jul 02 2008, 05:06PM
Posts: 17
Thanked 0 times in 0 posts
I can't get that one to run either.


hijackthis.log
Back to top
ShadowPuterDude
Fri Aug 29 2008, 10:59PM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts
Download
- Pocket Killbox
- ExplorerXP

Using Add or Remove Programs in the Control Panel; uninstall the following:
Java(TM) 6 Update 4

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Windows Service"=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Logon Applicationedc"=-
"BM8fbbc9a9"=-
"8c88fa35"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnKEwXQ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2753B591-D1EC-4A00-93E4-CEC5247EB60C}"-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2753B591-D1EC-4A00-93E4-CEC5247EB60C}]
Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Run HijackThis, choose "Open the Misc Tools Section", choose "Process Manager", Highlight:
C:\Documents and Settings\Richard\winlogon.exe
Choose Kill Process. Click on the "Back" Button. Click the 'Scan' button.

Place a checkmark in the box next to the following lines:
O4 - HKCU\..\Run: [Windows Service] C:\Documents and Settings\Richard\service.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:
  • Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    C:\Documents and Settings\Richard\service.exe
    C:\Documents and Settings\Richard\winlogon.exe
    C:\WINDOWS\1210.bat
    C:\WINDOWS\1485.bat
    C:\WINDOWS\1715.bat
    C:\WINDOWS\1781.bat
    C:\WINDOWS\1815.bat
    C:\WINDOWS\1875.bat
    C:\WINDOWS\2208.bat
    C:\WINDOWS\2264.bat
    C:\WINDOWS\2434.bat
    C:\WINDOWS\2500.bat
    C:\WINDOWS\2710.bat
    C:\WINDOWS\2940.bat
    C:\WINDOWS\2968.bat
    C:\WINDOWS\3035.bat
    C:\WINDOWS\3160.bat
    C:\WINDOWS\3364.bat
    C:\WINDOWS\3537.bat
    C:\WINDOWS\3671.bat
    C:\WINDOWS\3788.bat
    C:\WINDOWS\5472.bat
    C:\WINDOWS\5546.bat
    C:\WINDOWS\5606.bat
    C:\WINDOWS\5926.bat
    C:\WINDOWS\6000.bat
    C:\WINDOWS\6693.bat
    C:\WINDOWS\6898.bat
    C:\WINDOWS\7158.bat
    C:\WINDOWS\7316.bat
    C:\WINDOWS\7508.bat
    C:\WINDOWS\8133.bat
    C:\WINDOWS\8144.bat
    C:\WINDOWS\84.exe
    C:\WINDOWS\8403.bat
    C:\WINDOWS\8729.bat
    C:\WINDOWS\9391.bat
    C:\WINDOWS\9613.bat
    C:\WINDOWS\9694.bat
    C:\WINDOWS\9754.bat
    C:\WINDOWS\9927.bat
    C:\WINDOWS\as_affiliate.ini
    C:\WINDOWS\av_affiliate.ini
    C:\WINDOWS\mrofinu1188.exe
    C:\WINDOWS\plate611.exe
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\st_affiliate.ini
    C:\WINDOWS\task32.exe
    C:\WINDOWS\system32\87ab3e4b-.txt
    C:\WINDOWS\system32\ahhmaaho.dll
    C:\WINDOWS\system32\aljdkz.dll
    C:\WINDOWS\system32\blhtxini.dll
    C:\WINDOWS\system32\bmihjvxr.ini
    C:\WINDOWS\system32\bnrdoura.exe
    C:\WINDOWS\system32\cgrgbqni.dll
    C:\WINDOWS\system32\cwrswdar.ini
    C:\WINDOWS\system32\ddcaxyVm.dll
    C:\WINDOWS\system32\dfaugmua.ini
    C:\WINDOWS\system32\dukdgcqa.dll
    C:\WINDOWS\system32\dybkqwlj.ini
    C:\WINDOWS\system32\eebwdrvc.dll
    C:\WINDOWS\system32\ehjhrmby.exe
    C:\WINDOWS\system32\ehsnwgdd.dll
    C:\WINDOWS\system32\euuqhruq.dll
    C:\WINDOWS\system32\fqwcpasj.dll
    C:\WINDOWS\system32\fvhxssvn.ini
    C:\WINDOWS\system32\gavmoucg.exe
    C:\WINDOWS\system32\geBqPFWO.dll
    C:\WINDOWS\system32\geBqQIYR.dll
    C:\WINDOWS\system32\gmboew.dll
    C:\WINDOWS\system32\gtwude.dll
    C:\WINDOWS\system32\gvglphmv.dll
    C:\WINDOWS\system32\hgGvSjIx.dll
    C:\WINDOWS\system32\hqpujmfm.ini
    C:\WINDOWS\system32\hrlqkgnk.dll
    C:\WINDOWS\system32\hsrononb.dll
    C:\WINDOWS\system32\iifEWnnN.dll
    C:\WINDOWS\system32\iiffExvw.dll
    C:\WINDOWS\system32\iifgGATn.dll
    C:\WINDOWS\system32\inixthlb.ini
    C:\WINDOWS\system32\inqbgrgc.ini
    C:\WINDOWS\system32\jkkIBSKA.dll
    C:\WINDOWS\system32\jlnjyf.dll
    C:\WINDOWS\system32\JPqqYJlm.ini
    C:\WINDOWS\system32\JPqqYJlm.ini2
    C:\WINDOWS\system32\khfEVPGy.dll
    C:\WINDOWS\system32\kngkqlrh.ini
    C:\WINDOWS\system32\krdspptc.exe
    C:\WINDOWS\system32\krxccjwk.dll
    C:\WINDOWS\system32\laphbbmt.dll
    C:\WINDOWS\system32\legvkhhd.dll
    C:\WINDOWS\system32\logbghhh.dll
    C:\WINDOWS\system32\lphnitiw.ini
    C:\WINDOWS\system32\ltofakwm.ini
    C:\WINDOWS\system32\mfmjupqh.dll
    C:\WINDOWS\system32\mwkafotl.dll
    C:\WINDOWS\system32\ncfvgh.dll
    C:\WINDOWS\system32\nlweddpl.dll
    C:\WINDOWS\system32\nnavgtex.dll
    C:\WINDOWS\system32\NnnWEfii.ini
    C:\WINDOWS\system32\NnnWEfii.ini2
    C:\WINDOWS\system32\nvssxhvf.dll
    C:\WINDOWS\system32\oiahkdob.ini
    C:\WINDOWS\system32\olwghwwn.dll
    C:\WINDOWS\system32\opnmNHaW.dll
    C:\WINDOWS\system32\osddfdmr.dll
    C:\WINDOWS\system32\osisdjfq.dll
    C:\WINDOWS\system32\pdsvunvc.dll
    C:\WINDOWS\system32\pgrdlpxu.exe
    C:\WINDOWS\system32\pinkip.ico
    C:\WINDOWS\system32\pmnKEwXQ.dll
    C:\WINDOWS\system32\pmnnKeFx.dll
    C:\WINDOWS\system32\pnfkmh.dll
    C:\WINDOWS\system32\pswrxowm.ini
    C:\WINDOWS\system32\pwpgrcty.dll
    C:\WINDOWS\system32\qjyxptcm.exe
    C:\WINDOWS\system32\qurhquue.ini
    C:\WINDOWS\system32\qxfpfj.dll
    C:\WINDOWS\system32\radwsrwc.dll
    C:\WINDOWS\system32\rmdfddso.ini
    C:\WINDOWS\system32\rqRLffcy.dll
    C:\WINDOWS\system32\rvsnai.dll
    C:\WINDOWS\system32\rylbkwiu.dll
    C:\WINDOWS\system32\seoywytu.ini
    C:\WINDOWS\system32\shbymmti.dll
    C:\WINDOWS\system32\sttpzb.dll
    C:\WINDOWS\system32\tcntpldm.exe
    C:\WINDOWS\system32\tockbqsr.exe
    C:\WINDOWS\system32\trqydfff.exe
    C:\WINDOWS\system32\txkkvk.dll
    C:\WINDOWS\system32\tyujensn.dll
    C:\WINDOWS\system32\ubffjlkw.dll
    C:\WINDOWS\system32\uewchtbw.dll
    C:\WINDOWS\system32\ujrglcxt.ini
    C:\WINDOWS\system32\umjncugr.dll
    C:\WINDOWS\system32\upqfdabq.dll
    C:\WINDOWS\system32\utywyoes.dll
    C:\WINDOWS\system32\uxbtadhj.dll
    C:\WINDOWS\system32\vekaxe.dll
    C:\WINDOWS\system32\vomkcssi.dll
    C:\WINDOWS\system32\vtUkjjIX.dll
    C:\WINDOWS\system32\wbjndgyk.dll
    C:\WINDOWS\system32\winpfz33.sys
    C:\WINDOWS\system32\wthpdmfb.dll
    C:\WINDOWS\system32\wumyzn.dll
    C:\WINDOWS\system32\wvUmjJay.dll
    C:\WINDOWS\system32\wymiuruv.exe
    C:\WINDOWS\system32\xdpghgqt.dll
    C:\WINDOWS\system32\xiqplt.dll
    C:\WINDOWS\system32\xxsdqyoo.dll
    C:\WINDOWS\system32\xxyywtrr.dll
    C:\WINDOWS\system32\yayxyXrp.dll
    C:\WINDOWS\system32\ylernrpd.exe
    C:\WINDOWS\system32\ystgaayd.dll
    C:\WINDOWS\system32\ywhwsk.dll
    C:\WINDOWS\system32\yzgvqg.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

    Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following:
C:\Temp\1cb
C:\Temp\bbc2
C:\Temp\btxv15
C:\Temp\epr1
C:\Temp\tn3
C:\WINDOWS\UmljaGFyZA
C:\WINDOWS\system32\carH18
C:\WINDOWS\system32\eMaxt02
C:\WINDOWS\system32\kBin02
C:\WINDOWS\system32\og1
C:\WINDOWS\system32\runtime
C:\WINDOWS\system32\wn32
Now run AT Cleaner.

Delete the contents of C:\WINDOWS\Prefetch.

As an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to .

Run ComboFix

Attach the following logs:
  • ComboFix
  • HijackThis
  • ISeeYouXP


"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
rwmurrow
Sat Sep 06 2008, 02:34AM
Registered Member #188
Joined: Wed Jul 02 2008, 05:06PM
Posts: 17
Thanked 0 times in 0 posts
I still can't get combofix to run.
iseeyouxp.txt
hijackthis.log
Back to top
ShadowPuterDude
Sat Sep 06 2008, 07:50PM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts
Run HijackThis, choose "Open the Misc Tools Section", choose "Process Manager", Highlight:
C:\Documents and Settings\Richard\winlogon.exe
C:\WINDOWS\system32\calc.exe
Choose Kill Process. Wait for HijackThis to finish; close HijackThis.

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnKEwXQ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2753B591-D1EC-4A00-93E4-CEC5247EB60C}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2753B591-D1EC-4A00-93E4-CEC5247EB60C}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{449E245A-AA9A-400F-BE3E-6160657B175C}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d231dd02-5ac1-4d65-9bc8-a3cf13bda7f4}]
Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Richard\winlogon.exe
O4 - HKLM\..\Run: [BM8fbbc9a9] Rundll32.exe "C:\WINDOWS\system32\ryrtfcfp.dll",s
O24 - Desktop Component 0: Privacy Protection - (no file)
Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:
  • Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    C:\396.bat
    C:\Documents and Settings\Richard\winlogon.exe
    C:\WINDOWS\1042.bat
    C:\WINDOWS\1163.bat
    C:\WINDOWS\1210.bat
    C:\WINDOWS\1485.bat
    C:\WINDOWS\1565.bat
    C:\WINDOWS\1568.bat
    C:\WINDOWS\1715.bat
    C:\WINDOWS\1781.bat
    C:\WINDOWS\1815.bat
    C:\WINDOWS\1875.bat
    C:\WINDOWS\2208.bat
    C:\WINDOWS\2264.bat
    C:\WINDOWS\2434.bat
    C:\WINDOWS\2500.bat
    C:\WINDOWS\2710.bat
    C:\WINDOWS\2940.bat
    C:\WINDOWS\2968.bat
    C:\WINDOWS\3035.bat
    C:\WINDOWS\3160.bat
    C:\WINDOWS\3364.bat
    C:\WINDOWS\3537.bat
    C:\WINDOWS\3671.bat
    C:\WINDOWS\3788.bat
    C:\WINDOWS\4455.bat
    C:\WINDOWS\4639.bat
    C:\WINDOWS\5116.bat
    C:\WINDOWS\5472.bat
    C:\WINDOWS\5546.bat
    C:\WINDOWS\5606.bat
    C:\WINDOWS\5926.bat
    C:\WINDOWS\6000.bat
    C:\WINDOWS\6152.bat
    C:\WINDOWS\6555.bat
    C:\WINDOWS\6693.bat
    C:\WINDOWS\6898.bat
    C:\WINDOWS\7158.bat
    C:\WINDOWS\7316.bat
    C:\WINDOWS\7508.bat
    C:\WINDOWS\8133.bat
    C:\WINDOWS\8144.bat
    C:\WINDOWS\8403.bat
    C:\WINDOWS\8669.bat
    C:\WINDOWS\8729.bat
    C:\WINDOWS\9332.bat
    C:\WINDOWS\9391.bat
    C:\WINDOWS\9613.bat
    C:\WINDOWS\9678.bat
    C:\WINDOWS\9694.bat
    C:\WINDOWS\9754.bat
    C:\WINDOWS\9927.bat
    C:\WINDOWS\as_affiliate.ini
    C:\WINDOWS\av_affiliate.ini
    C:\WINDOWS\BM8fbbc9a9.txt
    C:\WINDOWS\BM8fbbc9a9.xml
    C:\WINDOWS\mrofinu1188.exe
    C:\WINDOWS\plate611.exe
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\st_affiliate.ini
    C:\WINDOWS\task32.exe
    C:\WINDOWS\system32\87ab3e4b-.txt
    C:\WINDOWS\system32\ahhmaaho.dll
    C:\WINDOWS\system32\aljdkz.dll
    C:\WINDOWS\system32\aqxpwmeo.dll
    C:\WINDOWS\system32\blhtxini.dll
    C:\WINDOWS\system32\bmihjvxr.ini
    C:\WINDOWS\system32\bnrdoura.exe
    C:\WINDOWS\system32\brkvqnon.dll
    C:\WINDOWS\system32\cdowpnou.dll
    C:\WINDOWS\system32\cgrgbqni.dll
    C:\WINDOWS\system32\crcdgnon.dll
    C:\WINDOWS\system32\csrntjgi.dll
    C:\WINDOWS\system32\cwrswdar.ini
    C:\WINDOWS\system32\cyaljqvd.dll
    C:\WINDOWS\system32\ddcaxyVm.dll
    C:\WINDOWS\system32\dfaugmua.ini
    C:\WINDOWS\system32\dkdglhoj.dll
    C:\WINDOWS\system32\dukdgcqa.dll
    C:\WINDOWS\system32\dybkqwlj.ini
    C:\WINDOWS\system32\dyprftdj.exe
    C:\WINDOWS\system32\eebwdrvc.dll
    C:\WINDOWS\system32\efcARIXq.dll
    C:\WINDOWS\system32\ehjhrmby.exe
    C:\WINDOWS\system32\ehsnwgdd.dll
    C:\WINDOWS\system32\feztae.dll
    C:\WINDOWS\system32\fgeebjra.dll
    C:\WINDOWS\system32\fqwcpasj.dll
    C:\WINDOWS\system32\fvhxssvn.ini
    C:\WINDOWS\system32\gavmoucg.exe
    C:\WINDOWS\system32\geBqPFWO.dll
    C:\WINDOWS\system32\geBqQIYR.dll
    C:\WINDOWS\system32\gmboew.dll
    C:\WINDOWS\system32\gmusjxsp.dll
    C:\WINDOWS\system32\gtwude.dll
    C:\WINDOWS\system32\gvglphmv.dll
    C:\WINDOWS\system32\hgGvSjIx.dll
    C:\WINDOWS\system32\hqpujmfm.ini
    C:\WINDOWS\system32\hqugptci.dll
    C:\WINDOWS\system32\hrlqkgnk.dll
    C:\WINDOWS\system32\hsrononb.dll
    C:\WINDOWS\system32\iifEWnnN.dll
    C:\WINDOWS\system32\iiffExvw.dll
    C:\WINDOWS\system32\iifgGATn.dll
    C:\WINDOWS\system32\inixthlb.ini
    C:\WINDOWS\system32\iphone-011.ico
    C:\WINDOWS\system32\jdlmcvbx.dll
    C:\WINDOWS\system32\jkkIBSKA.dll
    C:\WINDOWS\system32\jlnjyf.dll
    C:\WINDOWS\system32\JPqqYJlm.ini
    C:\WINDOWS\system32\JPqqYJlm.ini2
    C:\WINDOWS\system32\khfEVPGy.dll
    C:\WINDOWS\system32\kngkqlrh.ini
    C:\WINDOWS\system32\krdspptc.exe
    C:\WINDOWS\system32\krxccjwk.dll
    C:\WINDOWS\system32\laphbbmt.dll
    C:\WINDOWS\system32\legvkhhd.dll
    C:\WINDOWS\system32\logbghhh.dll
    C:\WINDOWS\system32\lphnitiw.ini
    C:\WINDOWS\system32\ltofakwm.ini
    C:\WINDOWS\system32\mluxneuq.ini
    C:\WINDOWS\system32\mscbqwfs.ini
    C:\WINDOWS\system32\mujwrsqq.dll
    C:\WINDOWS\system32\mwkafotl.dll
    C:\WINDOWS\system32\niitarck.dll
    C:\WINDOWS\system32\nlweddpl.dll
    C:\WINDOWS\system32\nnavgtex.dll
    C:\WINDOWS\system32\NnnWEfii.ini
    C:\WINDOWS\system32\NnnWEfii.ini2
    C:\WINDOWS\system32\nonqvkrb.ini
    C:\WINDOWS\system32\nqjgoxvy.dll
    C:\WINDOWS\system32\nvssxhvf.dll
    C:\WINDOWS\system32\oakiugfs.dll
    C:\WINDOWS\system32\ofdmghnr.dll
    C:\WINDOWS\system32\oiahkdob.ini
    C:\WINDOWS\system32\oktunrtk.ini
    C:\WINDOWS\system32\olwghwwn.dll
    C:\WINDOWS\system32\opnmNHaW.dll
    C:\WINDOWS\system32\osddfdmr.dll
    C:\WINDOWS\system32\osisdjfq.dll
    C:\WINDOWS\system32\ovnyfcbv.dll
    C:\WINDOWS\system32\pdsvunvc.dll
    C:\WINDOWS\system32\pgrdlpxu.exe
    C:\WINDOWS\system32\pinkip.ico
    C:\WINDOWS\system32\pmnKEwXQ.dll
    C:\WINDOWS\system32\pmnnKeFx.dll
    C:\WINDOWS\system32\pnfkmh.dll
    C:\WINDOWS\system32\ppvqqjtm.exe
    C:\WINDOWS\system32\pswrxowm.ini
    C:\WINDOWS\system32\puvvarii.dll
    C:\WINDOWS\system32\pwpgrcty.dll
    C:\WINDOWS\system32\qhmwytgj.exe
    C:\WINDOWS\system32\qjyxptcm.exe
    C:\WINDOWS\system32\quenxulm.dll
    C:\WINDOWS\system32\qurhquue.ini
    C:\WINDOWS\system32\qxfpfj.dll
    C:\WINDOWS\system32\rmdfddso.ini
    C:\WINDOWS\system32\rqRLffcy.dll
    C:\WINDOWS\system32\rshhmnqu.exe
    C:\WINDOWS\system32\rtexqvoq.dll
    C:\WINDOWS\system32\rvsnai.dll
    C:\WINDOWS\system32\rylbkwiu.dll
    C:\WINDOWS\system32\ryrtfcfp.dll
    C:\WINDOWS\system32\seoywytu.ini
    C:\WINDOWS\system32\shbymmti.dll
    C:\WINDOWS\system32\sttpzb.dll
    C:\WINDOWS\system32\swnpdqgt.dll
    C:\WINDOWS\system32\tcntpldm.exe
    C:\WINDOWS\system32\tockbqsr.exe
    C:\WINDOWS\system32\trqydfff.exe
    C:\WINDOWS\system32\tvfmzv.dll
    C:\WINDOWS\system32\txkkvk.dll
    C:\WINDOWS\system32\tyujensn.dll
    C:\WINDOWS\system32\ubffjlkw.dll
    C:\WINDOWS\system32\uewchtbw.dll
    C:\WINDOWS\system32\ujrglcxt.ini
    C:\WINDOWS\system32\umjncugr.dll
    C:\WINDOWS\system32\upqfdabq.dll
    C:\WINDOWS\system32\utywyoes.dll
    C:\WINDOWS\system32\uxbtadhj.dll
    C:\WINDOWS\system32\vekaxe.dll
    C:\WINDOWS\system32\vomkcssi.dll
    C:\WINDOWS\system32\vtUkjjIX.dll
    C:\WINDOWS\system32\wbjndgyk.dll
    C:\WINDOWS\system32\wtcivevl.exe
    C:\WINDOWS\system32\wthpdmfb.dll
    C:\WINDOWS\system32\wumyzn.dll
    C:\WINDOWS\system32\wvivvhpe.dll
    C:\WINDOWS\system32\wvUmjJay.dll
    C:\WINDOWS\system32\wymiuruv.exe
    C:\WINDOWS\system32\xbvcmldj.ini
    C:\WINDOWS\system32\xdpghgqt.dll
    C:\WINDOWS\system32\xiqplt.dll
    C:\WINDOWS\system32\xnbpnwgr.dll
    C:\WINDOWS\system32\xxsdqyoo.dll
    C:\WINDOWS\system32\xxyywtrr.dll
    C:\WINDOWS\system32\yayxyXrp.dll
    C:\WINDOWS\system32\yctxotat.dll
    C:\WINDOWS\system32\ylernrpd.exe
    C:\WINDOWS\system32\ystgaayd.dll
    C:\WINDOWS\system32\yuwqiu.dll
    C:\WINDOWS\system32\ywhwsk.dll
    C:\WINDOWS\system32\yzgvqg.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

    Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following:
C:\396.bat
C:\Documents and Settings\Richard\winlogon.exe
C:\WINDOWS\1042.bat
C:\WINDOWS\1163.bat
C:\WINDOWS\1210.bat
C:\WINDOWS\1485.bat
C:\WINDOWS\1565.bat
C:\WINDOWS\1568.bat
C:\WINDOWS\1715.bat
C:\WINDOWS\1781.bat
C:\WINDOWS\1815.bat
C:\WINDOWS\1875.bat
C:\WINDOWS\2208.bat
C:\WINDOWS\2264.bat
C:\WINDOWS\2434.bat
C:\WINDOWS\2500.bat
C:\WINDOWS\2710.bat
C:\WINDOWS\2940.bat
C:\WINDOWS\2968.bat
C:\WINDOWS\3035.bat
C:\WINDOWS\3160.bat
C:\WINDOWS\3364.bat
C:\WINDOWS\3537.bat
C:\WINDOWS\3671.bat
C:\WINDOWS\3788.bat
C:\WINDOWS\4455.bat
C:\WINDOWS\4639.bat
C:\WINDOWS\5116.bat
C:\WINDOWS\5472.bat
C:\WINDOWS\5546.bat
C:\WINDOWS\5606.bat
C:\WINDOWS\5926.bat
C:\WINDOWS\6000.bat
C:\WINDOWS\6152.bat
C:\WINDOWS\6555.bat
C:\WINDOWS\6693.bat
C:\WINDOWS\6898.bat
C:\WINDOWS\7158.bat
C:\WINDOWS\7316.bat
C:\WINDOWS\7508.bat
C:\WINDOWS\8133.bat
C:\WINDOWS\8144.bat
C:\WINDOWS\8403.bat
C:\WINDOWS\8669.bat
C:\WINDOWS\8729.bat
C:\WINDOWS\9332.bat
C:\WINDOWS\9391.bat
C:\WINDOWS\9613.bat
C:\WINDOWS\9678.bat
C:\WINDOWS\9694.bat
C:\WINDOWS\9754.bat
C:\WINDOWS\9927.bat
C:\WINDOWS\as_affiliate.ini
C:\WINDOWS\av_affiliate.ini
C:\WINDOWS\BM8fbbc9a9.txt
C:\WINDOWS\BM8fbbc9a9.xml
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\plate611.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\st_affiliate.ini
C:\WINDOWS\task32.exe
C:\WINDOWS\system32\87ab3e4b-.txt
C:\WINDOWS\system32\ahhmaaho.dll
C:\WINDOWS\system32\aljdkz.dll
C:\WINDOWS\system32\aqxpwmeo.dll
C:\WINDOWS\system32\blhtxini.dll
C:\WINDOWS\system32\bmihjvxr.ini
C:\WINDOWS\system32\bnrdoura.exe
C:\WINDOWS\system32\brkvqnon.dll
C:\WINDOWS\system32\cdowpnou.dll
C:\WINDOWS\system32\cgrgbqni.dll
C:\WINDOWS\system32\crcdgnon.dll
C:\WINDOWS\system32\csrntjgi.dll
C:\WINDOWS\system32\cwrswdar.ini
C:\WINDOWS\system32\cyaljqvd.dll
C:\WINDOWS\system32\ddcaxyVm.dll
C:\WINDOWS\system32\dfaugmua.ini
C:\WINDOWS\system32\dkdglhoj.dll
C:\WINDOWS\system32\dukdgcqa.dll
C:\WINDOWS\system32\dybkqwlj.ini
C:\WINDOWS\system32\dyprftdj.exe
C:\WINDOWS\system32\eebwdrvc.dll
C:\WINDOWS\system32\efcARIXq.dll
C:\WINDOWS\system32\ehjhrmby.exe
C:\WINDOWS\system32\ehsnwgdd.dll
C:\WINDOWS\system32\feztae.dll
C:\WINDOWS\system32\fgeebjra.dll
C:\WINDOWS\system32\fqwcpasj.dll
C:\WINDOWS\system32\fvhxssvn.ini
C:\WINDOWS\system32\gavmoucg.exe
C:\WINDOWS\system32\geBqPFWO.dll
C:\WINDOWS\system32\geBqQIYR.dll
C:\WINDOWS\system32\gmboew.dll
C:\WINDOWS\system32\gmusjxsp.dll
C:\WINDOWS\system32\gtwude.dll
C:\WINDOWS\system32\gvglphmv.dll
C:\WINDOWS\system32\hgGvSjIx.dll
C:\WINDOWS\system32\hqpujmfm.ini
C:\WINDOWS\system32\hqugptci.dll
C:\WINDOWS\system32\hrlqkgnk.dll
C:\WINDOWS\system32\hsrononb.dll
C:\WINDOWS\system32\iifEWnnN.dll
C:\WINDOWS\system32\iiffExvw.dll
C:\WINDOWS\system32\iifgGATn.dll
C:\WINDOWS\system32\inixthlb.ini
C:\WINDOWS\system32\iphone-011.ico
C:\WINDOWS\system32\jdlmcvbx.dll
C:\WINDOWS\system32\jkkIBSKA.dll
C:\WINDOWS\system32\jlnjyf.dll
C:\WINDOWS\system32\JPqqYJlm.ini
C:\WINDOWS\system32\JPqqYJlm.ini2
C:\WINDOWS\system32\khfEVPGy.dll
C:\WINDOWS\system32\kngkqlrh.ini
C:\WINDOWS\system32\krdspptc.exe
C:\WINDOWS\system32\krxccjwk.dll
C:\WINDOWS\system32\laphbbmt.dll
C:\WINDOWS\system32\legvkhhd.dll
C:\WINDOWS\system32\logbghhh.dll
C:\WINDOWS\system32\lphnitiw.ini
C:\WINDOWS\system32\ltofakwm.ini
C:\WINDOWS\system32\mluxneuq.ini
C:\WINDOWS\system32\mscbqwfs.ini
C:\WINDOWS\system32\mujwrsqq.dll
C:\WINDOWS\system32\mwkafotl.dll
C:\WINDOWS\system32\niitarck.dll
C:\WINDOWS\system32\nlweddpl.dll
C:\WINDOWS\system32\nnavgtex.dll
C:\WINDOWS\system32\NnnWEfii.ini
C:\WINDOWS\system32\NnnWEfii.ini2
C:\WINDOWS\system32\nonqvkrb.ini
C:\WINDOWS\system32\nqjgoxvy.dll
C:\WINDOWS\system32\nvssxhvf.dll
C:\WINDOWS\system32\oakiugfs.dll
C:\WINDOWS\system32\ofdmghnr.dll
C:\WINDOWS\system32\oiahkdob.ini
C:\WINDOWS\system32\oktunrtk.ini
C:\WINDOWS\system32\olwghwwn.dll
C:\WINDOWS\system32\opnmNHaW.dll
C:\WINDOWS\system32\osddfdmr.dll
C:\WINDOWS\system32\osisdjfq.dll
C:\WINDOWS\system32\ovnyfcbv.dll
C:\WINDOWS\system32\pdsvunvc.dll
C:\WINDOWS\system32\pgrdlpxu.exe
C:\WINDOWS\system32\pinkip.ico
C:\WINDOWS\system32\pmnKEwXQ.dll
C:\WINDOWS\system32\pmnnKeFx.dll
C:\WINDOWS\system32\pnfkmh.dll
C:\WINDOWS\system32\ppvqqjtm.exe
C:\WINDOWS\system32\pswrxowm.ini
C:\WINDOWS\system32\puvvarii.dll
C:\WINDOWS\system32\pwpgrcty.dll
C:\WINDOWS\system32\qhmwytgj.exe
C:\WINDOWS\system32\qjyxptcm.exe
C:\WINDOWS\system32\quenxulm.dll
C:\WINDOWS\system32\qurhquue.ini
C:\WINDOWS\system32\qxfpfj.dll
C:\WINDOWS\system32\rmdfddso.ini
C:\WINDOWS\system32\rqRLffcy.dll
C:\WINDOWS\system32\rshhmnqu.exe
C:\WINDOWS\system32\rtexqvoq.dll
C:\WINDOWS\system32\rvsnai.dll
C:\WINDOWS\system32\rylbkwiu.dll
C:\WINDOWS\system32\ryrtfcfp.dll
C:\WINDOWS\system32\seoywytu.ini
C:\WINDOWS\system32\shbymmti.dll
C:\WINDOWS\system32\sttpzb.dll
C:\WINDOWS\system32\swnpdqgt.dll
C:\WINDOWS\system32\tcntpldm.exe
C:\WINDOWS\system32\tockbqsr.exe
C:\WINDOWS\system32\trqydfff.exe
C:\WINDOWS\system32\tvfmzv.dll
C:\WINDOWS\system32\txkkvk.dll
C:\WINDOWS\system32\tyujensn.dll
C:\WINDOWS\system32\ubffjlkw.dll
C:\WINDOWS\system32\uewchtbw.dll
C:\WINDOWS\system32\ujrglcxt.ini
C:\WINDOWS\system32\umjncugr.dll
C:\WINDOWS\system32\upqfdabq.dll
C:\WINDOWS\system32\utywyoes.dll
C:\WINDOWS\system32\uxbtadhj.dll
C:\WINDOWS\system32\vekaxe.dll
C:\WINDOWS\system32\vomkcssi.dll
C:\WINDOWS\system32\vtUkjjIX.dll
C:\WINDOWS\system32\wbjndgyk.dll
C:\WINDOWS\system32\wtcivevl.exe
C:\WINDOWS\system32\wthpdmfb.dll
C:\WINDOWS\system32\wumyzn.dll
C:\WINDOWS\system32\wvivvhpe.dll
C:\WINDOWS\system32\wvUmjJay.dll
C:\WINDOWS\system32\wymiuruv.exe
C:\WINDOWS\system32\xbvcmldj.ini
C:\WINDOWS\system32\xdpghgqt.dll
C:\WINDOWS\system32\xiqplt.dll
C:\WINDOWS\system32\xnbpnwgr.dll
C:\WINDOWS\system32\xxsdqyoo.dll
C:\WINDOWS\system32\xxyywtrr.dll
C:\WINDOWS\system32\yayxyXrp.dll
C:\WINDOWS\system32\yctxotat.dll
C:\WINDOWS\system32\ylernrpd.exe
C:\WINDOWS\system32\ystgaayd.dll
C:\WINDOWS\system32\yuwqiu.dll
C:\WINDOWS\system32\ywhwsk.dll
C:\WINDOWS\system32\yzgvqg.dll

C:\Temp\tn3
C:\WINDOWS\system32\runtime
Now run CCleaner.

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

As an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to .

Post fresh logs for the following:
HijackThis
ISeeYouXP

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
rwmurrow
Mon Sep 08 2008, 12:37AM
Registered Member #188
Joined: Wed Jul 02 2008, 05:06PM
Posts: 17
Thanked 0 times in 0 posts
Some of that I couldn't find in explorerXP
iseeyouxp.txt
hijackthis.log
Back to top
ShadowPuterDude
Mon Sep 08 2008, 07:41AM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts
Download, install, and update Malwarebytes' Anti-Malware (MBAM)

Perform a quick scan and make sure you remove what MBAM finds.

Attach the MBAM log.

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
rwmurrow
Tue Sep 09 2008, 11:47PM
Registered Member #188
Joined: Wed Jul 02 2008, 05:06PM
Posts: 17
Thanked 0 times in 0 posts
I got it installed but it gave me a message saying "Error 707(3)" and did not run.
hijackthis.log
Back to top
ShadowPuterDude
Wed Sep 10 2008, 07:27AM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts
Download to your Desktop:
- Download VundoFix by Atribune

  • Double-click VundoFix.exe to run it.
  • When VundoFix opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES.
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.

*****Note: It is possible that VundoFix encountered a file it could not remove.*****

In this case, VundoFix will attempt run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button", when VundoFix appears at reboot.

Attach fresh logs for:
VundoFix
ISeeYouXP
HijackThis

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
rwmurrow
Fri Sep 12 2008, 02:30PM
Registered Member #188
Joined: Wed Jul 02 2008, 05:06PM
Posts: 17
Thanked 0 times in 0 posts
Vundo didn't find anything.

iseeyouxp.txt
hijackthis.log

[ Edited Fri Sep 12 2008, 02:30PM ]
Back to top
ShadowPuterDude
Fri Sep 12 2008, 08:35PM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts
Download SUPERAntiSpyware

Important Note: You should print or save these instructions to a local text file on your PC because when the Scan begins, any browser windows that are open will be closed.
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". ( If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • The first time you run it, it will ask you whether you want to Enable Automatic Update Checking. This is enabled by default. Since so many people come here complaining about slow start up, I suggest that you disable this now. If you later decide to keep SAS, you should enable automatic updating to make sure you are always up to date.
  • On the next form, you should allow diagnostic reports to be sent but this option is up to you.
  • On the next form fro Home Page protection, you should select Do Not Protect . We do this at this time because we do not want anything to get in the way of cleanup. Since are coming here for malware removal, your home page could be currently set to a malware link and we don't want to block fixing of it.
  • Now physically unplug your cable to the internet (even if you have dial-up, unplug modem)
  • In SUPERAntiSpyware under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure that only the following are Unchecked ( make sure all others are checked ):
    • Scan only know file types
    • Scan for tracking cookies
    • Display scan option in Explorer context (right click) menu
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive and any other Fixed Drives in your PC.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
    • NOTE: If you get a blue screen type crash when trying to run the scan then after reboot, configure the below options and rescan
    • Run SuperAntiSpyware
      • In SUPERAntiSpyware under Configuration and Preferences, click the Preferences button.
      • Click the Scanning Control tab.
      • Under Scanner Options uncheck the below two options
        • Use Kernel Direct File Access (recommended)
        • Use Kernel Direct Registry Access (recommended)
      • Then try doing a new Complete. If it still crashes, just skip SUPERAntispyware and continue with the other instructions. If the scan runs, continue on with the below steps.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
  • If asked if you want to reboot, click Yes.
  • Reboot into normal Windows boot mode
  • Now plug your cable to the internet back in.
  • At this point if you run into any problems where your internet connection appears to be broken, perform the below sub steps otherwise skip to the next main step about getting the log from SUPERAntiSpyware:
    • Click on the Repairs Tab.
    • Click on Repair broken Network Connection (WinSock LSP Chain)
    • and then click on Perform Repair
  • To retrieve the removal information ( the log )after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Although the logs are automatically save in a folder for SUPERAntiSpyware, you may want to save the log somewhere you can easily locate it. We suggest using an informative filename like SASlog.txt
    • Please attach the Scan Log results to your next reply whether it finds anything or not. This way we no that the correct updated version of the program has been run.
  • Click Close to exit the program.


"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
 

Jump:     Back to top
Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System

< ASAP Member Sites | Privacy Policy | Infected? | Want to Help? | Software Piracy | Malware Complaints | About Us | Contact Us | Terms of Service >

Content Copyright 2006-2008 - MalwareTeks
This site is powered by e107, which is released under the terms of the GNU GPL License.


Banner