Jump to content

Recommended Posts

Good Day..I got the usual and so many pop ups of that Bad Image..like. "The application or DLL C:\WINDOWS\system32\rsext.dll is not a valid Windows image.Please check this against your installation diskette".

I try to follow the steps in "I'm infected - What do I do now?, Please follow these instructions to clean your system" in one of your forum computer help..but I am not able to save as instructed in the dds pop ups.it never comes out as it says that it only runs for 3 mins. so i try to post the mbam and hijackthis log only..please help..greatly appreciated..

i run before this the MBAM then i got some infection but deleted already now it is the result of MBAM but still bad image appears

here is the log now:

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5285

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/11/2010 12:12:48 PM

mbam-log-2010-12-11 (12-12-48).txt

Scan type: Quick scan

Objects scanned: 159342

Time elapsed: 1 hour(s), 29 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:44:17 PM, on 12/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Avira\AntiVir Desktop\avscan.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\Free User\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ask.com/?o=14090&l=dis

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Ant.com Toolbars browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.antplugin

O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files\ChameleonTom\wit4ie.dll (file missing)

O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll

O3 - Toolbar: Ant.com Download Toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [speedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus T10 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\WINDOWS\TEMP\E_S132.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.antplugin

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: perfutil.dll rasext.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Unknown owner - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 6389 bytes

Please help!! :) :) Thank you!!! :) :)

Link to post
Share on other sites

Hello roseoflion! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Please, open HiJackThis and select Do a system scan only.

Check the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O20 - AppInit_DLLs: perfutil.dll rasext.dll

Then, close all open windows except that of HijackThis, and select Fix Checked.

Step 2

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

Step 3

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

In your next reply, please include these log(s):

  1. ComboFix log
  2. Add or Remove Programs list

Link to post
Share on other sites

Good Day Borislay :) ..I'm really glad for early response. I never expect that..Thanks a lot!!

here is the result of hijackthis:

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Akamai NetSession Interface

Ant.com IE add-on

Ant.com IE add-on

Apple Application Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

Camera RAW Plug-In for EPSON Creativity Suite

EPSON Attach To Email

EPSON Easy Photo Print

EPSON File Manager

EPSON Scan Assistant

EPSON Stylus S20_T10_T20 Manual

EPSON Stylus T10 Series Printer Uninstall

EPSON Web-To-Page

GameHouse Super Games AIO

Link to post
Share on other sites

Good Day!! Borislay:P :) :) it takes more time for me to disable my avira personal antivirus finally i just uninstall it for combofix to be able to proceed..finally log come up here it is>>>>

ComboFix 10-12-11.01 - Free User 12/12/2010 2:27.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.478 [GMT 8:00]

Running from: c:\documents and settings\Free User\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Free User\Application Data\EurekaLog

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\system32\rasext.dll

.

((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))

.

2010-12-11 06:41 . 2010-12-11 06:41 388096 ----a-r- c:\documents and settings\Free User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-12-11 06:41 . 2010-12-11 06:41 -------- d-----w- c:\program files\Trend Micro

2010-12-11 06:31 . 2009-06-25 05:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

2010-12-10 08:20 . 2010-12-10 08:20 -------- d-----w- c:\documents and settings\Free User\Application Data\SUPERAntiSpyware.com

2010-12-10 08:20 . 2010-12-10 08:21 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-10 08:10 . 2010-12-10 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-12-10 07:32 . 2010-11-29 09:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-10 07:32 . 2010-12-10 12:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-10 07:32 . 2010-11-29 09:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-10 00:43 . 2010-12-10 00:43 -------- d-----w- c:\windows\system32\XPSViewer

2010-12-10 00:42 . 2010-12-10 00:42 -------- d-----w- c:\program files\MSBuild

2010-12-10 00:41 . 2010-12-10 00:41 -------- d-----w- c:\program files\Reference Assemblies

2010-12-10 00:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-12-10 00:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-12-10 00:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-12-10 00:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-12-10 00:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-12-10 00:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-12-10 00:39 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-12-10 00:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-12-10 00:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-12-10 00:11 . 2010-12-10 00:11 -------- d-sh--w- c:\documents and settings\Free User\IECompatCache

2010-12-09 17:23 . 2010-12-09 17:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2010-12-09 17:19 . 2010-12-09 17:19 -------- d-----w- c:\documents and settings\Administrator\PrivacIE

2010-12-09 17:10 . 2010-12-09 17:10 -------- d-----w- c:\documents and settings\Free User\Local Settings\Application Data\PCHealth

2010-12-09 11:31 . 2010-12-11 16:47 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2010-12-09 08:26 . 2010-12-09 14:16 -------- d-----w- c:\windows\SxsCaPendDel

2010-12-09 07:32 . 2010-12-09 07:53 -------- d-----w- c:\documents and settings\Free User\Application Data\Gizmo5

2010-12-09 06:56 . 2010-12-10 23:41 -------- d-----w- c:\program files\FileHippo.com

2010-12-08 04:02 . 2008-04-13 18:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys

2010-12-08 04:02 . 2008-04-13 18:40 5376 ----a-w- c:\windows\system32\drivers\viaide.sys

2010-12-08 04:02 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-12-08 04:02 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-12-08 04:00 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2010-12-08 01:43 . 2010-12-08 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-12-07 07:18 . 2010-12-11 00:01 -------- d-----w- c:\documents and settings\Free User\Application Data\skypePM

2010-12-07 06:49 . 2010-12-07 06:49 -------- d-----w- c:\documents and settings\Free User\Application Data\Panda Security

2010-12-07 06:49 . 2010-12-11 00:11 -------- d-----w- c:\documents and settings\Free User\Application Data\Skype

2010-12-07 06:48 . 2010-12-07 06:48 -------- d-----w- c:\documents and settings\Free User\Local Settings\Application Data\panda2_0dn

2010-12-07 06:46 . 2010-12-07 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security

2010-12-07 06:39 . 2010-12-07 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-12-07 04:00 . 2010-12-07 04:00 -------- d-----w- c:\documents and settings\Free User\Application Data\DriverCure

2010-12-06 22:58 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-12-06 22:58 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-06 22:50 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-12-06 07:33 . 2010-12-06 07:33 -------- d-----w- c:\windows\system32\scripting

2010-12-06 07:33 . 2010-12-06 07:33 -------- d-----w- c:\windows\l2schemas

2010-12-06 07:33 . 2010-12-06 07:33 -------- d-----w- c:\windows\system32\en

2010-12-06 07:33 . 2010-12-06 07:33 -------- d-----w- c:\windows\system32\bits

2010-12-05 22:40 . 2010-12-05 22:41 -------- dc----w- c:\windows\ie8

2010-12-05 22:37 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\spupdwxp.exe

2010-12-05 22:36 . 2008-04-14 00:12 4274816 ------w- c:\windows\system32\nv4_disp.dll

2010-12-05 22:35 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll

2010-12-05 22:34 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll

2010-12-01 23:40 . 2010-08-31 13:42 1852800 -c----w- c:\windows\system32\dllcache\win32k.sys

2010-12-01 23:03 . 2010-01-13 14:01 86016 -c----w- c:\windows\system32\dllcache\cabview.dll

2010-12-01 22:49 . 2009-12-16 18:43 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe

2010-12-01 22:46 . 2009-12-14 07:08 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll

2010-12-01 22:41 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-12-01 22:34 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-12-01 22:34 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-12-01 22:33 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll

2010-12-01 22:25 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2010-12-01 22:23 . 2010-12-06 07:30 -------- d-----w- c:\windows\ServicePackFiles

2010-12-01 22:20 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2010-12-01 22:19 . 2009-06-25 08:25 56832 -c----w- c:\windows\system32\dllcache\secur32.dll

2010-12-01 22:19 . 2009-03-21 14:06 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll

2010-12-01 22:18 . 2010-06-30 12:31 149504 -c----w- c:\windows\system32\dllcache\schannel.dll

2010-12-01 22:18 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll

2010-12-01 22:17 . 2008-06-24 16:43 74240 -c----w- c:\windows\system32\dllcache\mscms.dll

2010-12-01 22:16 . 2010-12-01 22:16 -------- d-----w- c:\documents and settings\LocalService\IETldCache

2010-12-01 15:48 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-12-01 15:47 . 2010-09-10 05:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-12-01 15:47 . 2010-09-10 05:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-12-01 15:47 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-12-01 15:47 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-12-01 15:47 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-12-01 15:47 . 2010-09-10 05:58 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-12-01 15:47 . 2010-09-10 05:58 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-12-01 15:45 . 2010-03-05 14:37 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll

2010-12-01 15:45 . 2010-06-09 07:43 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-12-01 15:44 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll

2010-12-01 15:43 . 2010-02-12 04:33 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll

2010-12-01 15:43 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-12-01 15:42 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys

2010-12-01 15:42 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll

2010-12-01 15:42 . 2009-11-27 16:07 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll

2010-12-01 15:42 . 2009-11-27 16:07 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll

2010-12-01 15:42 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll

2010-12-01 15:41 . 2010-02-05 18:27 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll

2010-12-01 15:41 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll

2010-12-01 15:41 . 2009-12-08 09:23 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll

2010-12-01 15:41 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll

2010-12-01 15:41 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll

2010-12-01 15:38 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll

2010-12-01 15:37 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll

2010-12-01 15:36 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll

2010-12-01 15:36 . 2009-06-12 12:31 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe

2010-12-01 15:36 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe

2010-12-01 15:33 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll

2010-12-01 15:33 . 2009-08-25 09:17 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll

2010-12-01 15:31 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-12-01 15:31 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-12-01 15:30 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-12-01 15:30 . 2008-07-07 20:26 253952 -c----w- c:\windows\system32\dllcache\es.dll

2010-12-01 15:29 . 2010-02-11 12:02 226880 -c----w- c:\windows\system32\dllcache\tcpip6.sys

2010-12-01 15:29 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys

2010-12-01 15:29 . 2008-06-20 17:46 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll

2010-12-01 15:29 . 2008-06-20 17:46 147968 -c----w- c:\windows\system32\dllcache\dnsapi.dll

2010-12-01 15:29 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys

2010-12-01 15:29 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-12-01 15:29 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-12-01 15:28 . 2010-12-06 23:33 -------- d-----w- c:\windows\$hf_mig$

2010-12-01 15:28 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-12-01 15:07 . 2009-08-06 11:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2010-12-01 15:07 . 2009-08-06 11:24 44768 ----a-w- c:\windows\system32\wups2.dll

2010-12-01 15:07 . 2009-08-06 11:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2010-12-01 15:07 . 2009-08-06 11:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2010-12-01 15:06 . 2009-08-06 11:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2010-11-30 04:21 . 2010-11-30 04:21 -------- d-----w- c:\documents and settings\Free User\Local Settings\Application Data\Identities

2010-11-29 16:10 . 2010-11-29 22:41 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-11-29 15:01 . 2010-12-05 05:19 -------- d-----w- c:\windows\system32\Adobe

2010-11-29 01:40 . 2010-11-29 01:40 -------- d-----w- c:\documents and settings\Free User\LimeWire

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-21 05:51 . 2010-10-21 05:51 5248 ----a-w- c:\windows\system32\giveio.sys

2010-09-18 06:53 . 2002-12-31 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2002-12-31 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2002-12-31 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 04:23 . 2002-12-31 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

2010-06-13 11:10 2734688 ----a-w- c:\program files\Zynga\tbZyn0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-06-09 1607272]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-11-04 6174008]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-03-26 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-03-26 106496]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1054:TCP"= 1054:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 2:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 2:41 AM 67656]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/31/2002 8:00 PM 14336]

S2 AntUpdaterService;Ant Toolbar updater service;"c:\program files\Ant.com\IE add-on\AntUpdaterService.exe" --> c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [?]

S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

S3 cpuz134;cpuz134;\??\c:\docume~1\FREEUS~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\FREEUS~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{788C393B-565C-4276-AF03-B5B84BDA8399}.job

- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://www.ask.com/?o=14090&l=dis

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\Download.antplugin

LSP: c:\progra~1\SPEEDB~1\sblsp.dll

FF - ProfilePath - c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\0ghcxi6u.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.chameleonsearch.com/search.php?src=tops&q=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - pinoy-ako.info

FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&q=

FF - component: c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\0ghcxi6u.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\0ghcxi6u.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\0ghcxi6u.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\0ghcxi6u.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\0ghcxi6u.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\0ghcxi6u.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - plugin: c:\documents and settings\Free User\Application Data\Mozilla\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\Free User\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Ant Video Downloader: anttoolbar@ant.com - c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\0ghcxi6u.default\extensions\anttoolbar@ant.com

FF - Extension: 4shared.com Toolbar: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\0ghcxi6u.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}

FF - Extension: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\0ghcxi6u.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}

FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\0ghcxi6u.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\0ghcxi6u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{851552F5-B878-4B03-904F-2AD6A4CC8994} - (no file)

HKLM-Run-NWEReboot - (no file)

HKLM-Run-Smapp - c:\program files\Analog Devices\SoundMAX\Smtray.exe

HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe

AddRemove-Chikka Messenger - c:\program files\Chikka Messenger\Chikka v.5\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-12 02:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(696)

c:\progra~1\SPEEDB~1\sblsp.dll

c:\program files\SpeedBit Video Accelerator\ConfigDB.dll

c:\program files\SpeedBit Video Accelerator\Accelerator.dll

c:\windows\system32\WININET.dll

c:\program files\SpeedBit Video Accelerator\Collector.dll

.

Completion time: 2010-12-12 02:34:23

ComboFix-quarantined-files.txt 2010-12-11 18:34

Pre-Run: 2,665,824,256 bytes free

Post-Run: 5,099,343,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CB86BDA0516C4055F84FABAD677604BD

I'M SORRY :) :) FOR THE PROGRAM LIST OF ADD REMOVE PROGRAMS IS not BEING PASTE HERE IN FOR I DO NOT KNOW HOW TO copy the information from the add remove programs window here but it is being attach here in photos!!thank you so much!!! :) :) :)

post-62359-1292093574_thumb.jpg

post-62359-1292093587_thumb.jpg

Link to post
Share on other sites

oh I'm sorry again :) :) i don't see this notepad info in my desktop..it is the add remove program list..

Adobe Flash Player 10 Plugin

Akamai NetSession Interface

Ant.com IE add-on

Ant.com IE add-on

Apple Application Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

Camera RAW Plug-In for EPSON Creativity Suite

EPSON Attach To Email

EPSON Easy Photo Print

EPSON File Manager

EPSON Scan Assistant

EPSON Stylus S20_T10_T20 Manual

EPSON Stylus T10 Series Printer Uninstall

EPSON Web-To-Page

GameHouse Super Games AIO

Link to post
Share on other sites

Glad I could help! :)

Step by step, don't worry.

Step 1

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

P.S.: Make sure there's a space between ComboFix and /uninstall

Step 2

Please uninstall your HiJackThis.

Step 3

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :lol:

Link to post
Share on other sites

Glad I could help! :)

Step by step, don't worry.

Step 1

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

P.S.: Make sure there's a space between ComboFix and /uninstall

Step 2

Please uninstall your HiJackThis.

Step 3

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

thank you sooo much..

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.