Can you tell me more about this program - C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe
What does it do?
I have attached a file to this post -
regdel.txt
Download it & rename it "regdel.REG" (inclusive of the quotes)
Make sure you do not mistakenly rename it as regdel.
reg.
txt (double extensions)
Double-click on it & answer YES when prompted to merge into the Registry
Please save these instructions in Notepad & close your browser after that.
Whilst in Normal mode...
Have HijackThis fix these:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run
Copy the filenames listed below.
Select/Highlight all the filenames & then click on Notepad's Edit menu & select Copy
- C:\WINDOWS\SYSTEM32\conres.cpl
C:\WINDOWS\SYSTEM32\b1s.dlltmp
C:\WINDOWS\SYSTEM32\biR.exe
C:\WINDOWS\system32\jajab.dll
C:\WINDOWS\SYSTEM32\c17b6s.dll
C:\WINDOWS\SYSTEM32\c41bRs.dll
C:\WINDOWS\SYSTEM32\datadx.dll
C:\WINDOWS\SYSTEM32\jajab.dll
C:\WINDOWS\SYSTEM32\ssssgss.dll
C:\WINDOWS\SYSTEM32\TV_ENG32.DLL
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nani.exe
C:\Documents and Settings\Steve\Application Data\Sskcwrd.dll
C:\Documents and Settings\Steve\Application Data\Sskknwrd.dll
Launch
KillBox.exe - Go to the File menu, and choose Paste from Clipboard
Click the dropdown-arrow next to the Full Path of File to Delete field.
Verify that the filenames you pasted are found in there.
- Select/tick the following:
- Replace on Reboot
- Use Dummy
- End Explorer Shell While Killing File
- Unregister dlll Before deleting * if it's not grayed out
- Click the RED X button.
- Click Yes at the Delete on Reboot prompt.
- Click Yes at the 'Pending Operations prompt'.
After you have rebooted, please try to do the
Panda online scan
If that fails, perform an online scan with Internet Explorer with
Kaspersky WebScanner
Next Click on
Launch Kaspersky Anti-Virus Web Scanner
You will be promted to install an ActiveX component from Kaspersky, Click
Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Archives
Scan Mail Bases
- Click OK
- Now under select a target to scan:
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Do another TrendMicro Antispyware scan.
In your next reply, please include the following logs:
- Fresh HJT log
- Online scan's log
- TrendMicro's log
Tell me how the machine is behaving now.
__________________
Question - what have you done for the community today?