pinkwave Posted June 9, 2011 ID:438873 Share Posted June 9, 2011 Hi guys I'm new so forgive me if I'm doing this wrong or I don't make sense. I recently removed/quarantined the "FakeAlert!grb" Trojan with my McAfee scan. My desktop was empty. I managed to get a few icons back, by going into "control panel", folder options, unhide, but they're blurred. I can't see or find anything. I am no computer genius so I'm clueless what to do? I can access my certain accounts, favourite sites, hotmail etc. by doing a google search but I can't really find anything where it originally was...something like that? On the McAfee forum I was told to run "hijackthis" and post it here for help, so I'm going to try and do that now Please dumb down your help suggestions, because like I said I'm completely clueless here.Thanks in advance Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:38:43 PM, on 6/9/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Documents and Settings\USER\Bluebirds\BlueBirds.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\WINDOWS\system32\mfevtps.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\msiexec.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllR3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110608220712.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyO4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\USER\Bluebirds\BlueBirds.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabO16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cabO18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dllO20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeO23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeO23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeO23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exeO23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exeO23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 6693 bytes Link to post Share on other sites More sharing options...
Elise Posted June 10, 2011 ID:439125 Share Posted June 10, 2011 Hello and We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pif[*]Double click on the DDS icon, allow it to run.[*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.[*]Notepad will open with the results.[*]Follow the instructions that pop up for posting the results.[*]Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE Link to post Share on other sites More sharing options...
pinkwave Posted June 10, 2011 Author ID:439209 Share Posted June 10, 2011 Hello and We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pif[*]Double click on the DDS icon, allow it to run.[*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.[*]Notepad will open with the results.[*]Follow the instructions that pop up for posting.DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by USER at 12:36:23 on 2011-06-10Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2842 [GMT -4:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Documents and Settings\USER\Bluebirds\BlueBirds.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\WINDOWS\system32\mfevtps.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXE.============== Pseudo HJT Report ===============.uStart Page = hxxp://ca.yahoo.com/?p=usuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dlluURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110608220712.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dlluRun: [bluebirds] c:\documents and settings\user\bluebirds\BlueBirds.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeyIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cabTCP: DhcpNameServer = 64.71.255.198TCP: Interfaces\{FC55C39F-9E8D-46CA-9D91-D76C54290E11} : DhcpNameServer = 64.71.255.198Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllNotify: TPSvc - TPSvc.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-6-8 84200]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-8 271480]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-8 271480]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-8 271480]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-8 271480]R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-8 171168]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-8 188136]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-8 148520]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-6-8 56064]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-8 153280]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-8 52320]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-6-8 314088]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-6-8 88736]S3 cpuz132;cpuz132;\??\c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys [?]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-6-8 88736]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-8 84488].=============== Created Last 30 ================.2011-06-09 17:36:36 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe2011-06-09 17:36:35 -------- d-----w- c:\program files\Trend Micro2011-06-09 02:07:10 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2011-06-09 02:07:05 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys2011-06-09 02:07:05 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys2011-06-09 02:07:05 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2011-06-09 02:07:05 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys2011-06-09 02:07:05 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys2011-06-09 02:07:05 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys2011-06-09 02:07:05 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2011-06-09 02:07:00 -------- d-----w- c:\program files\McAfee.com2011-06-09 02:07:00 -------- d-----w- c:\program files\common files\Mcafee2011-06-09 02:06:52 -------- d-----w- c:\program files\McAfee2011-06-09 01:55:22 148520 ----a-w- c:\windows\system32\mfevtps.exe2011-06-08 19:36:05 -------- d-----w- c:\program files\Spybot - Search & Destroy2011-06-08 19:36:05 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy2011-06-08 17:34:20 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!2011-06-02 01:24:17 -------- d-----w- c:\documents and settings\all users\application data\Trymedia2011-06-02 01:16:58 -------- d-----w- C:\Zylom Games2011-06-02 01:15:34 -------- d-----w- c:\program files\RealArcade2011-06-02 01:13:16 -------- d-----w- c:\program files\Wedding Dash 4-Ever2011-05-27 17:10:36 -------- d-----w- c:\program files\Nancy Drew - The Trail of the Twister2011-05-22 20:18:00 -------- d-----w- c:\documents and settings\all users\application data\rionix2011-05-22 20:17:32 -------- d-----w- c:\program files\Rescue Team2011-05-22 19:15:03 -------- d-----w- c:\documents and settings\user\application data\Colibri Games2011-05-22 19:15:03 -------- d-----w- c:\documents and settings\all users\application data\Colibri Games2011-05-22 19:14:19 -------- d-----w- c:\program files\The Tiny Bang Story2011-05-11 16:44:58 -------- d-----w- c:\documents and settings\all users\application data\GameHouse2011-05-11 16:43:25 -------- d-----w- c:\program files\common files\Oberon Media2011-05-11 16:42:29 -------- d-----w- c:\program files\Oberon Media.==================== Find3M ====================.2011-06-08 17:41:38 1409 ----a-w- c:\windows\QTFont.for2011-03-13 15:20:10 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys2011-03-13 15:20:10 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys.============= FINISH: 12:36:43.68 =============== the results.[*]Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-06-03.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 2/19/2010 10:50:30 AMSystem Uptime: 6/10/2011 12:25:19 PM (0 hours ago).Motherboard: ASUSTeK Computer INC. | | P5QL PROProcessor: Intel Pentium III Xeon processor | LGA775 | 2792/266mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 596 GiB total, 513.516 GiB free.D: is CDROM (CDFS)E: is RemovableF: is RemovableG: is RemovableH: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.Adobe AIRAdobe Flash Player 10 ActiveXAdobe Reader 6.0.1Adobe Shockwave Player 11.5Agatha Christie: Evil Under the SunAiO_Scan_CDAAiOSoftwareNPIAveyondAveyond 2Aveyond: Gates of NightAveyond: Lord of TwilightAveyond: The Darkthrop ProphecyAveyond: The Lost OrbAzada: Ancient Magic Link to post Share on other sites More sharing options...
Elise Posted June 10, 2011 ID:439221 Share Posted June 10, 2011 Hi, please download and run unhide.exe and let me know if that helps.After that, run the following.COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply. Link to post Share on other sites More sharing options...
pinkwave Posted June 11, 2011 Author ID:439323 Share Posted June 11, 2011 Hi I did the unhide.exe. for the second time. Some, but not all of my desktop icons reappeared. I can't figure out how to disable my McAfee AntiVirus Plus so I can't download ComboFix. None of the directions seem to apply and I don't see an option for disabling? I have nothing on my Star Menu (below the pic and above "All Programs"). I know I'm not getting all the correct "terms" right, but I'm hoping you know what a mean You are dealing with a real dummy here. Link to post Share on other sites More sharing options...
Elise Posted June 11, 2011 ID:439493 Share Posted June 11, 2011 Hi, please reboot in safe mode with networking and try to run combofix from there. McAfee should not be running there (even if you get a warning, ignore it and continue). Link to post Share on other sites More sharing options...
Staff screen317 Posted June 17, 2011 Staff ID:442537 Share Posted June 17, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts