Tech Support Forum banner
Cancel

Nasty virus please help

Jump to Latest Follow
Status
Not open for further replies.
1 - 2 of 2 Posts
D

· Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
hi was wondering if anyone could help please. i have been asked to fix a friends laptop and its riddled with viruses. It blocks internet access to any mircosoft site and avast and knocks of the windows firewall. I managed to get malwarebytes on it and it found 97! infected items removed most of these but that has not fixed the problem on performing another scan and another it seams that this virus it duplicating every time i access IE here is the log from the last scan.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

02/03/2000 18:43:42
mbam-log-2000-03-02 (18-43-42).txt

Scan type: Quick Scan
Objects scanned: 92081
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\Temp\5.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.

thanks to anyone who can help

hi was wondering if anyone could help please. i have been asked to fix a friends laptop and its riddled with viruses. It blocks internet access to any mircosoft site and avast and knocks of the windows firewall. I managed to get malwarebytes on it and it found 97! infected items removed most of these but that has not fixed the problem on performing another scan and another it seams that this virus it duplicating every time i access IE here is the info


DDS (Ver_09-12-01.01) - NTFSx86
Run by user 1 at 20:42:29.34 on 02/03/2000
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.239.95 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe "C:\WINDOWS\system32\adsldpcv.exe"
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NETGEAR\MA401 Wireless PC Card\Config.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
svchost.exe C:\WINDOWS\TEMP\VRT1.tmp
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
svchost.exe C:\WINDOWS\TEMP\VRTF.tmp
C:\WINDOWS\system32\NOTEPAD.EXE
svchost.exe C:\WINDOWS\TEMP\VRT15.tmp
C:\DOCUME~1\USER1~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\0ATCD5XP\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\config~1.lnk - c:\program files\netgear\ma401 wireless pc card\Config.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

============= SERVICES / DRIVERS ===============

R1 unpr;Unprotector;c:\windows\system32\drivers\unpr.sys [2000-3-2 4096]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R3 ndcprtns;NDC Network Agent;c:\windows\system32\drivers\ndcprtns.sys [2000-1-29 9328]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
R3 WLAN;NETGEAR Wireless 802.11b LAN Driver;c:\windows\system32\drivers\MA401RB.SYS [2000-2-19 614400]
S2 NtLmSspwuauserv;NT LM Security Support Provider NtLmSspwuauserv;c:\windows\system32\adsldpcv.exe srv --> c:\windows\system32\adsldpcv.exe srv [?]

=============== Created Last 30 ================

2008-03-17 11:33:38 588336 ----a-w- c:\windows\system32\ncs2dmix.dll
2008-03-17 11:33:34 473648 ----a-w- c:\windows\system32\accesor.dll
2008-03-12 09:09:50 180224 ----a-w- c:\windows\system32\Ncs2Setp.dll
2008-03-12 09:01:58 1301040 ----a-w- c:\windows\system32\ncscolib.dll
2008-03-03 10:36:54 145968 ----a-w- c:\windows\system32\ncs2instutility.dll
2008-02-20 21:19:56 30816 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2007-12-28 15:02:12 287232 ----a-w- c:\windows\system32\drivers\wg111v3.sys
2007-12-14 13:05:14 35424 ----a-w- c:\windows\system32\e100bmsg.dll
2007-12-06 13:00:26 114824 ----a-w- c:\windows\system32\drivers\ianswxp.sys
2007-11-28 23:38:46 40056 ----a-w- c:\windows\system32\NicInst.dll
2007-11-28 18:25:14 227928 ----a-w- c:\windows\system32\PRONtObj.dll
2007-11-16 11:55:00 165496 ----a-w- c:\windows\system32\drivers\e100b325.sys
2007-10-30 17:52:12 5590 ----a-w- c:\windows\system32\e100b325.din
2007-10-09 13:13:00 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys
2007-08-07 01:28:34 28272 ----a-w- c:\windows\system32\NicCo2.dll
2006-04-07 12:07:26 548864 ----a-w- c:\windows\system32\ncscrt8_p.dll
2006-04-07 12:05:52 622592 ----a-w- c:\windows\system32\ncscrt8.dll
2004-08-04 00:56:58 294912 ----a-w- c:\windows\system32\msh263.drv
2004-08-04 00:56:58 23552 ----a-w- c:\windows\system32\wdmaud.drv
2004-08-04 00:56:48 51712 ----a-w- c:\windows\system32\wzcsapi.dll
2004-08-04 00:56:48 359936 ----a-w- c:\windows\system32\wzcsvc.dll
2004-08-04 00:56:46 35328 ----a-w- c:\windows\system32\pid.dll
2004-08-04 00:56:46 17408 ----a-w- c:\windows\system32\msyuv.dll
2004-08-04 00:56:46 15360 ----a-w- c:\windows\system32\pjlmon.dll
2004-08-04 00:56:44 52224 ----a-w- c:\windows\system32\dmutil.dll
2004-08-04 00:56:44 47616 ----a-w- c:\windows\system32\iyuv_32.dll
2004-08-04 00:56:44 20992 ----a-w- c:\windows\system32\hid.dll
2004-08-04 00:56:42 47104 ----a-w- c:\windows\system32\cnbjmon.dll
2004-08-03 23:15:22 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2004-08-03 23:09:56 25472 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2004-08-03 23:08:58 16000 ----a-w- c:\windows\system32\drivers\usbintel.sys
2004-08-03 23:08:06 30080 ----a-w- c:\windows\system32\drivers\modem.sys
2004-08-03 23:08:04 48640 ----a-w- c:\windows\system32\drivers\stream.sys
2004-08-03 23:07:48 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2004-08-03 23:07:46 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2004-08-03 23:03:18 12416 ----a-w- c:\windows\system32\drivers\tunmp.sys
2004-08-03 23:03:14 12928 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2004-08-03 22:59:22 37376 ----a-w- c:\windows\system32\drivers\amdk7.sys
2004-08-03 22:59:22 36480 ----a-w- c:\windows\system32\drivers\crusoe.sys
2004-08-03 22:59:20 42496 ----a-w- c:\windows\system32\drivers\p3.sys
2004-08-03 22:59:20 36992 ----a-w- c:\windows\system32\drivers\amdk6.sys
2004-08-03 22:59:18 35328 ----a-w- c:\windows\system32\drivers\processr.sys
2004-08-03 22:59:08 80128 ----a-w- c:\windows\system32\drivers\parport.sys
2004-08-03 22:59:00 2056832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-08-03 22:58:42 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
2004-08-03 22:58:34 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2004-08-03 22:58:30 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2004-08-03 22:58:30 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2001-11-21 06:30:22 799816 ----a-w- c:\windows\system32\drivers\LTSM.sys
2001-08-17 22:37:00 98371 ----a-w- c:\windows\system32\usrmlnka.exe
2001-08-17 22:37:00 90180 ----a-w- c:\windows\system32\usrshuta.exe
2001-08-17 22:37:00 81988 ----a-w- c:\windows\system32\usrprbda.exe
2001-08-17 14:06:22 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2001-08-17 14:03:44 23936 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2001-08-17 14:03:42 23808 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2001-08-17 14:02:26 262528 ----a-w- c:\windows\system32\drivers\cinemst2.sys
2001-08-17 14:02:14 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys
2001-08-17 14:01:34 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys
2001-08-17 13:57:26 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2001-08-17 13:52:30 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2001-08-17 13:24:46 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2001-08-17 13:24:46 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2001-08-17 13:24:44 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2001-08-17 13:24:38 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2000-03-02 20:41:14 105984 ----a-w- c:\windows\system32\1C.tmp
2000-03-02 20:41:12 48 ----a-w- c:\windows\system32\19.tmp
2000-03-02 20:40:01 54016 ----a-w- c:\windows\system32\drivers\tevajujl.sys
2000-03-02 20:00:51 105984 ----a-w- c:\windows\system32\14.tmp
2000-03-02 20:00:49 48 ----a-w- c:\windows\system32\10.tmp
2000-03-02 19:47:40 105984 ----a-w- c:\windows\system32\E.tmp
2000-03-02 19:47:39 48 ----a-w- c:\windows\system32\D.tmp
2000-03-02 19:17:05 105984 ----a-w- c:\windows\system32\1B.tmp
2000-03-02 19:17:04 48 ----a-w- c:\windows\system32\1A.tmp
2000-03-02 19:13:57 0 d-----w- C:\OEMSettings
2000-03-02 18:28:55 105984 ----a-w- c:\windows\system32\3.tmp
2000-03-02 18:28:54 48 ----a-w- c:\windows\system32\2.tmp
2000-03-02 17:56:30 0 ----a-w- c:\windows\system32\21e.sys
2000-03-02 16:56:37 0 d-----w- c:\docume~1\user1~1\applic~1\Malwarebytes
2000-03-02 16:56:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2000-03-02 16:56:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2000-03-02 16:56:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2000-03-02 16:56:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2000-03-02 16:48:16 14854928 --sha-w- c:\windows\system32\accessf.sys
2000-03-02 16:43:43 58368 ----a-w- c:\windows\system32\7762044.exe
2000-03-02 16:43:40 744 ----a-w- c:\windows\system32\6982996.exe
2000-03-02 16:43:21 105984 ----a-w- c:\windows\system32\21.tmp
2000-03-02 16:43:20 48 ----a-w- c:\windows\system32\20.tmp
2000-03-02 16:43:10 410 --s-a-w- c:\windows\system32\3762452184.dat
2000-03-02 16:43:00 4096 ----a-w- c:\windows\system32\drivers\unpr.sys
2000-03-02 16:42:47 0 ----a-w- c:\windows\SC.INS
2000-03-02 16:42:26 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2000-03-02 16:42:19 110592 ----a-w- c:\windows\svchost95.exe
2000-03-02 16:33:39 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2000-03-02 16:32:53 0 d-----w- c:\windows\Downloaded Installations
2000-02-22 22:28:18 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2000-02-22 22:28:08 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2000-02-19 20:00:00 88064 ----a-w- c:\windows\system32\97.tmp
2000-02-19 20:00:00 1 ----a-w- c:\windows\system32\96.tmp
2000-02-19 19:59:59 88 ----a-w- c:\windows\system32\95.tmp
2000-02-19 19:54:58 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2000-02-19 19:54:58 1904 ------w- c:\windows\system32\SetupBD.din
2000-02-19 19:46:55 88064 ----a-w- c:\windows\system32\13.tmp
2000-02-19 19:46:54 1 ----a-w- c:\windows\system32\12.tmp
2000-02-19 19:46:50 88 ----a-w- c:\windows\system32\11.tmp
2000-02-19 19:44:18 0 d-----w- c:\windows\system32\ReinstallBackups
2000-02-19 19:42:37 88064 ----a-w- c:\windows\system32\C.tmp
2000-02-19 19:42:37 1 ----a-w- c:\windows\system32\B.tmp
2000-02-19 19:42:36 88 ----a-w- c:\windows\system32\A.tmp
2000-02-19 18:38:26 614400 ----a-w- c:\windows\system32\drivers\MA401RB.SYS
2000-02-19 18:32:43 0 d-----w- c:\docume~1\user1~1\applic~1\Uniblue
2000-02-19 18:32:43 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverScanner
2000-02-19 18:30:30 88064 ----a-w- c:\windows\system32\9.tmp
2000-02-19 18:30:29 1 ----a-w- c:\windows\system32\8.tmp
2000-02-19 18:30:28 88 ----a-w- c:\windows\system32\4.tmp
2000-02-19 18:19:13 88064 ----a-w- c:\windows\system32\7.tmp
2000-02-19 18:19:12 1 ----a-w- c:\windows\system32\6.tmp
2000-02-19 18:19:10 88 ----a-w- c:\windows\system32\5.tmp
2000-02-19 18:08:55 88064 ----a-w- c:\windows\system32\18.tmp
2000-02-19 18:08:52 88 ----a-w- c:\windows\system32\16.tmp
2000-02-19 18:08:52 1 ----a-w- c:\windows\system32\17.tmp
2000-02-19 18:08:33 1052 ----a-w- c:\windows\system32\6931421.exe
2000-02-19 18:06:09 0 d-----w- c:\program files\Huawei technologies
2000-02-19 18:05:00 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

==================== Find3M ====================

2007-12-28 15:02:12 287232 ----a-w- c:\windows\inf\wg111v3\wg111v3.sys
2007-12-28 14:59:30 342528 ----a-w- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-11-27 17:53:58 83456 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe
2007-11-27 17:52:44 53248 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe
2006-12-15 11:30:36 40960 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 11:30:36 39936 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE
2006-12-15 11:30:36 335872 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 11:30:36 233472 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 11:30:36 130108 ----a-w- c:\windows\inf\wg111v3\UScanM.exe
2005-05-04 14:45:36 98816 ----a-w- c:\windows\system32\msiexec.exe
2005-05-04 14:45:36 884736 ----a-w- c:\windows\system32\msimsg.dll
2005-05-04 14:45:36 271360 ----a-w- c:\windows\system32\msihnd.dll
2005-05-04 14:45:36 15360 ----a-w- c:\windows\system32\msisip.dll
2005-05-04 14:45:32 2890240 ----a-w- c:\windows\system32\msi.dll
2004-08-04 01:01:08 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2004-08-04 00:56:52 172544 ----a-w- c:\windows\system32\irftp.exe
2004-08-04 00:56:48 8192 ----a-w- c:\windows\system32\wshirda.dll
2004-08-04 00:56:48 74240 ----a-w- c:\windows\system32\usbui.dll
2004-08-04 00:56:46 74752 ----a-w- c:\windows\system32\storprop.dll
2004-08-04 00:56:44 4096 ----a-w- c:\windows\system32\ksuser.dll
2004-08-04 00:56:44 27136 ----a-w- c:\windows\system32\irmon.dll
2004-08-03 23:15:56 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2004-08-03 23:15:50 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
2004-08-03 23:15:06 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2004-08-03 23:08:00 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2004-08-03 23:07:58 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2004-08-03 23:07:50 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys
2004-08-03 23:07:48 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2004-08-03 23:07:42 42752 ----a-w- c:\windows\system32\drivers\ALIM1541.SYS
2004-08-03 23:07:40 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2004-08-03 23:07:40 14080 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2004-08-03 23:01:16 196864 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2004-08-03 23:00:54 87424 ----a-w- c:\windows\system32\drivers\irda.sys
2004-08-03 22:59:38 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2004-08-03 22:58:42 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2004-08-03 22:58:42 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2004-08-03 22:58:40 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2004-08-03 22:39:38 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2004-08-03 22:32:22 231552 ----a-w- c:\windows\system32\drivers\ac97ali.sys
2001-08-17 14:00:52 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2001-08-17 13:59:44 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2001-08-17 13:58:00 9344 ----a-w- c:\windows\system32\drivers\compbatt.sys
2001-08-17 13:57:54 14080 ----a-w- c:\windows\system32\drivers\battc.sys
2001-08-17 13:51:32 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2001-08-17 13:28:12 797500 ----a-w- c:\windows\system32\drivers\LTSMT.sys
2001-08-17 12:10:28 35913 ----a-w- c:\windows\system32\drivers\smcirda.sys
2001-01-03 04:52:40 9328 ----a-w- c:\windows\system32\drivers\ndcprtns.sys
2000-03-02 16:42:26 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2000-01-29 19:48:25 21640 ----a-w- c:\windows\system32\emptyregdb.dat




Thank you
 

Attachments

CatByte

· TSF-Emeritus
Joined
·
8,968 Posts
#2 ·
Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
 
Save Share
1 - 2 of 2 Posts
Status
Not open for further replies.
About this Discussion
1 Reply
2 Participants
Last post:
CatByte
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top