Hi zipzappy,
Most of the malware was taken out in all those logs you've replied back with :) Time to do some cleanup.
--------------------------------------------------------------
Open
notepad and copy/paste the text in the quotebox below into it:
Quote:
File::
C:\WINDOWS\system32\gwvmwer.dll
C:\WINDOWS\uninstall_nmon.vbs
Folder::
C:\WINDOWS\R2lvcmdpbw
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\Documents and Settings\Administrator\My Documents\ѕystem
C:\Program Files\Common Files\sуmbols
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FDBDECA-350F-3AA0-7874-3DB60940FEC7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Oalt"=-
"Aokczev"=-
|
Save this as
CFScript
Refering to the picture above, drag CFScript into ComboFix.exe
Follow the prompts, and post the resulting log, C:\ComboFix.txt
Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
--------------------------------------------------------------
Establish an internet connection & perform an online scan with Internet Explorer at
Kaspersky Online Scanner
Answer Yes, when prompted to install an ActiveX component.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded click on NEXT
- Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
- Scan Options:
- Scan Archives
- Scan Mail Bases
- Click OK & have it scan My Computer
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
--------------------------------------------------------------
Please reply back with the following:
C:\ComboFix.txt
Kaspersky Scan Results