Before doing any fixing, please do this:
Please download the Suspicious File Packer
http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it.
Paste the following list of bad files into the Suspicious File Packer window:
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\pmnoomm.dll
Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site
http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.
You should receive confirmation that the file was successfully uploaded. Once it has been uploaded, the .cab file which was created by SFP can be deleted.
---------------------------------------------------------------------------------------------
Next, please do this:
Copy and paste the following into Notepad (don't forget to copy and paste
REGEDIT4):
Quote:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"=-
|
Save the file as "
delete.reg". Make sure to save it with the quotes. It should look like this:
Close Notepad.
Double click on the
delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.
---------------------------------------------------------------------------------------------
Next.....
Run ComboFix again, using these instructions:
Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\combofix.exe" /v vtsqr pmnoomm
When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Next.....
Please do this:
Download
Deckard's System Scanner (DSS) to your
Desktop.
Note: You must be logged onto an account with administrator privileges.- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
- Please attach extra.txt to your post.
To attach a file to a new post, simply
- Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
- copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
- Click Upload.
What DSS will do:
- create a new System Restore point in Windows XP and Vista.
- clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
- check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006