DDS and GMER logs

[bobmk]

GMER keeps crashing in normal and safe mode. I have attached GMER logs for three scans captured before it crashes; sometimes it crashes windows with a bugcheck.

Some help will be appreciated.

Thanks

Bob

DDS (Ver_10-11-10.01) - NTFSx86 NETWORK

Run by user at 16:09:07.10 on 24/11/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3069.2105 [GMT 0:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\LMI60F1.tmp\LMI_Rescue_srv.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\LMI60F1.tmp\LMI_Rescue_srv.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\LMI60F1.tmp\LMI_Rescue.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Users\user\Desktop\dds.com

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1109&m=aspire_8930

uStart Page = hxxp://my.yahoo.com/

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1109&m=aspire_8930

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1109&m=aspire_8930

uInternet Settings,ProxyServer = http=127.0.0.1:23012

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101024105614.dll

BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [qpgxbnym] c:\users\user\appdata\local\temp\bdfjdisyx\xkmxjmxtsbl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [bkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"

mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PLFSetI] c:\windows\PLFSetI.exe

mRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\applic~1\mozilla\firefox\profiles\9zwa7bdw.default\

FF - prefs.js: browser.startup.homepage - hxxp://home.bt.yahoo.com/|http://uk.mg.bt.mail.yahoo.com/dc/launch?.partner=bt-1&.gx=1&.rand=0u0o6b6u2r37j

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 386712]

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-4-8 911680]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-11 64304]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-24 164808]

R2 LMIRescue_d87beb6b-fe53-42b5-8786-1ceb4b414b72;LogMeIn Rescue (d87beb6b-fe53-42b5-8786-1ceb4b414b72);c:\windows\lmi60f1.tmp\LMI_Rescue_srv.exe [2010-11-24 1874808]

R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-24 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-24 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-24 141792]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-24 312904]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

S2 0184511289581545mcinstcleanup;McAfee Application Installer Cleanup (0184511289581545);c:\windows\temp\018451~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\018451~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-4-8 2480048]

S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2001-1-6 24576]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-6 374152]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-2-8 47640]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-24 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-24 271480]

S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-24 271480]

S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-24 171168]

S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]

S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-12-29 233472]

S2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2010-4-12 615312]

S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-4-8 160704]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-24 55840]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2001-1-6 85136]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-22 38224]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-24 152992]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-24 52104]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-24 84264]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]

S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-5-26 40752]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-25 1343400]

=============== File Associations ===============

.scr=AutoCADLTScriptFile

=============== Created Last 30 ================

2010-11-24 15:33:58 -------- d-----w- c:\windows\LMI60F1.tmp

2010-11-22 19:36:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-22 19:35:59 -------- d-----w- c:\progra~2\Malwarebytes

2010-11-22 19:35:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-22 19:35:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-17 20:58:56 -------- d-----w- c:\users\user\appdata\local\ElevatedDiagnostics

2010-11-12 16:10:04 -------- d-----w- c:\progra~2\4136a4

2010-11-05 10:13:28 -------- d-----w- c:\users\user\appdata\local\PackageAware

2010-11-01 10:21:10 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2010-11-01 10:17:04 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2010-11-01 10:17:03 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2010-10-28 09:03:36 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-10-28 09:03:36 417792 ----a-w- c:\windows\system32\msdri.dll

2010-10-28 09:03:36 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-10-28 09:03:36 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-10-28 09:03:29 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2010-10-26 14:52:23 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com

2010-10-26 14:52:15 -------- d-----w- c:\program files\SUPERAntiSpyware

==================== Find3M ====================

2010-10-14 10:18:26 362384 ----a-w- c:\windows\Unwash6.exe

2010-10-05 16:33:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2010-10-05 16:33:22 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2010-10-05 16:33:21 87424 ----a-w- c:\windows\system32\LMIinit.dll

2010-10-05 16:33:21 29568 ----a-w- c:\windows\system32\LMIport.dll

2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-21 13:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

2010-09-15 04:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll

============= FINISH: 16:09:43.30 ===============

Attach.zip

[Kenny94]

Hi Bob and Welcome to Malwarebytes Forum!

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory.

========

1. Download ComboFix from below:
   Combofix download
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   You can get help on disabling your protection programs here
   
3. Double click on combofix.exe & follow the prompts.
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   The Recovery Console was successfully installed.
   
   Click on Yes, to continue scanning for malware.
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
6. When finished, it shall produce a log for you. Please include the TDSSKiller and C:\ComboFix.txt in your next reply.
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   ---------------------------------------------------------------------------------------------
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   ---------------------------------------------------------------------------------------------
   

[bobmk]

Hi Kenny94 and thanks for your prompt response,

I ran both utilities and have attached the logs.

The problem has gone away and then I ran Malwarebytes which found one registry entry to delete.

Thanks

Bob

combofix.zip

[Kenny94]

Smile we are getting closer. Good job you done there Bob!

• Close any open browsers.
  
• Open Notepad by click start
  
• Click Run
  
• Type notepad into the box and click enter
  
• Notepad will open
  
• Copy and Paste everything from the Code box into Notepad:
  

KILLALL::

Folder::
c:\windows\LMI25E7.tmp
c:\windows\LMI60F1.tmp
c:\users\temp
c:\programdata\4136a4

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!