We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Problems with computer, what do i do next?
Options
stelly
Posts: 402 Forumite
in Techie Stuff
Hi sorry for the long post.
My OH updated the computer yesterday with what i think was a fake windows update and it's not been working properly since.
I did a scan last night with Malwarebytes this was the report
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5512
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13/01/2011 21:18:08
mbam-log-2011-01-13 (21-18-08).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 70231
Time elapsed: 2 hour(s), 17 minute(s), 5 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
c:\WINDOWS\Aconib.exe (Trojan.FraudPack.Gen) -> 3268 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FraudPack.Gen) -> Value: JP595IR86O -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MFJJEC0A1L (Trojan.FraudPack.Gen) -> Value: MFJJEC0A1L -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Documents and Settings\Drew & Estelle\Local Settings\Temp\Abl.exe (Trojan.FraudPack.Gen) -> Delete on reboot.
c:\Documents and Settings\Drew & Estelle\Local Settings\Temp\Abm.exe (Trojan.FraudPack.Gen) -> Delete on reboot.
c:\WINDOWS\Aconib.exe (Trojan.FraudPack.Gen) -> Delete on reboot.
c:\documents and settings\drew & estelle\local settings\Temp\Abk.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\drew & estelle\local settings\Temp\Abo.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\drew & estelle\local settings\Temp\Abp.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\drew & estelle\local settings\Temp\Abq.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
Today it still doesnt seem right.
And now the Windows Security Center is switched off.
It says "The Security Center is currently unavailable
because the "Security Center" service has not started or was stopped. Please
close this window, restart the computer (or start the "Security Center"
service), and then open the Security Center again.
I tried turning it back on and it does for about a minute then disables itself again.
So I did another scan with malwarebytes and this was the report
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5518
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14/01/2011 11:59:15
mbam-log-2011-01-14 (11-59-15).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 294751
Time elapsed: 1 hour(s), 49 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{e4b3eff3-e92a-4539-b774-6b07207d765f}\rp1\a0000112.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
I then did a boot time scan with avast and it came up with 17 files that were infected so I moved them to the virus chest.
I really dont know what to do now or how to fix any of it. Can anyone help please?
Stelly xx
My OH updated the computer yesterday with what i think was a fake windows update and it's not been working properly since.
I did a scan last night with Malwarebytes this was the report
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5512
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13/01/2011 21:18:08
mbam-log-2011-01-13 (21-18-08).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 70231
Time elapsed: 2 hour(s), 17 minute(s), 5 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
c:\WINDOWS\Aconib.exe (Trojan.FraudPack.Gen) -> 3268 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FraudPack.Gen) -> Value: JP595IR86O -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MFJJEC0A1L (Trojan.FraudPack.Gen) -> Value: MFJJEC0A1L -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Documents and Settings\Drew & Estelle\Local Settings\Temp\Abl.exe (Trojan.FraudPack.Gen) -> Delete on reboot.
c:\Documents and Settings\Drew & Estelle\Local Settings\Temp\Abm.exe (Trojan.FraudPack.Gen) -> Delete on reboot.
c:\WINDOWS\Aconib.exe (Trojan.FraudPack.Gen) -> Delete on reboot.
c:\documents and settings\drew & estelle\local settings\Temp\Abk.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\drew & estelle\local settings\Temp\Abo.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\drew & estelle\local settings\Temp\Abp.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\drew & estelle\local settings\Temp\Abq.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
Today it still doesnt seem right.
And now the Windows Security Center is switched off.
It says "The Security Center is currently unavailable
because the "Security Center" service has not started or was stopped. Please
close this window, restart the computer (or start the "Security Center"
service), and then open the Security Center again.
I tried turning it back on and it does for about a minute then disables itself again.
So I did another scan with malwarebytes and this was the report
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5518
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14/01/2011 11:59:15
mbam-log-2011-01-14 (11-59-15).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 294751
Time elapsed: 1 hour(s), 49 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{e4b3eff3-e92a-4539-b774-6b07207d765f}\rp1\a0000112.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
I then did a boot time scan with avast and it came up with 17 files that were infected so I moved them to the virus chest.
I really dont know what to do now or how to fix any of it. Can anyone help please?
Stelly xx
"Opportunity only knocks once.
It doesnt knock, knock again, then leave a note asking you to give it a call back when you've got your s*** together".
John Connolly
0
Comments
-
do a full disk cleanup and turn off system restore first, the trojan's hidden in the restore points and/or Temp files. Run CCleaner (cleaner and registry elements) and delete all it finds. Then, update mbam and do another full scan. Post the log, then download and run HiJack This and post the log it produces. DO NOT try and fix anything in HJT without advice..
downloads;-
http://www.filehippo.com/download_ccleaner/
http://www.filehippo.com/download_hijackthis/
use the greenish download latest version button towards the top-right of the page.
p.s can you post a list of the files avast quarantined, along with filepaths ??......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Before re running malwarebytes run this first;
Please download Rkill by Grinler and save it to your desktop.
Link 2
Link 3
Link 4- Double-click on the Rkill desktop icon to run the tool.
- If using Vista, right-click on it and Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
- A log file will be created and saved to the root directory, C:\rkill.log
- Copy and paste the contents of rkill.log in your next reply.
Note: If you get an alert that Rkill is infected, ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.
Now try performing a Quick Scan in normal mode with Malwarebytes Anti-Malware and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.0 -
do a full disk cleanup and turn off system restore first, the trojan's hidden in the restore points and/or Temp files. Run CCleaner (cleaner and registry elements) and delete all it finds. Then, update mbam and do another full scan. Post the log, then download and run HiJack This and post the log it produces. DO NOT try and fix anything in HJT without advice..
Thanks.
Will do all of above and post when finished.
I can't seem to find a way to copy and post the quarantined files. Do you want me to type them out for you (i don't mind) and what do you mean by the filepaths?
Stelly xx"Opportunity only knocks once.It doesnt knock, knock again, then leave a note asking you to give it a call back when you've got your s*** together".John Connolly0 -
Thanks Reluctant_spender.
Do i do
1. CCleaner
2. Rkill
3. Malwarebytes ( quick or full scan?)
4. Hijackthis
Sorry to be abit ditzy."Opportunity only knocks once.It doesnt knock, knock again, then leave a note asking you to give it a call back when you've got your s*** together".John Connolly0 -
Ok I turned off system restore and ran CCleaner.
I wasn't sure to do Rkill as i've never used it before.
This is the scan for malwarebytes
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5520
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14/01/2011 20:01:12
mbam-log-2011-01-14 (20-01-12).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 288337
Time elapsed: 1 hour(s), 29 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
And my Hijackthis scan
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:06:17, on 14/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT1.EXE
C:\Documents and Settings\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Drew & Estelle\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268308063109
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 7873 bytes
The Microsoft Security Centre is still showing the same message as before.
Is there anything else i still need to do?
Do I leave the system restore off?
Thanks"Opportunity only knocks once.It doesnt knock, knock again, then leave a note asking you to give it a call back when you've got your s*** together".John Connolly0 -
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive):idea:0 -
After running combofix do i turn the anti virus back on before posting the log here?
"Opportunity only knocks once.It doesnt knock, knock again, then leave a note asking you to give it a call back when you've got your s*** together".John Connolly0 -
no, leave it off until we are sure you are cleanEx forum ambassador
Long term forum member0 -
I just started combofix and it stuck at
"Attempting to create a new system restore point"
I then got a pop up from Microsoft Windows Recovery Console saying
"This machine does not have the microsoft windows recovery console installed. Alternately, an existing installation of the recovery console may be present but requires updating.
Without it combofix shall not attempt the fixing of some serious infections.
Click 'Yes' to have combofix download/install it.
Do i click yes?
Or is it because it is still turned off?"Opportunity only knocks once.It doesnt knock, knock again, then leave a note asking you to give it a call back when you've got your s*** together".John Connolly0 -
Its not required. So no need to install it:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.4K Spending & Discounts
- 243.7K Work, Benefits & Business
- 598.5K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards