1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Generic Host Process for Win32

Discussion in 'Malware and Virus Removal Archive' started by tesladomain, 2009/10/04.

  1. 2009/10/04
    tesladomain

    tesladomain Inactive Thread Starter

    Joined:
    2009/10/04
    Messages:
    1
    Likes Received:
    0
    [Active] Generic Host Process for Win32

    It encounter a problem n when it happens it disables sound card, looks like it changes theme for win n who knows what else... anyway sound card is not working after that. If i reinstall drivers for sound card again it will happen again after sometime. I have nod32 antivirus, trojan remover n both didnt found any viruses...i scanned system with DDS scanner so these r results....

    DDS (Ver_09-09-29.01) - NTFSx86
    Run by xp at 17:43:43.82 on Sun 10/04/2009
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.511.83 [GMT 2:00]

    AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\xp\Desktop\dds.scr
    C:\WINDOWS\SoftwareDistribution\Download\61c1721af834119a58811f42fc1bb9fc\update\update.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://search.live.com
    uInternet Connection Wizard,ShellNext = iexplore
    mSearchAssistant = hxxp://search.live.com/sphome.aspx
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Windows Live] c:\documents and settings\xp\application data\WindowsLive.exe
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [Windows Live] c:\documents and settings\xp\application data\WindowsLive.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [Windows Live] c:\documents and settings\all users\WindowsLive.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254665868484
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254665847046
    Notify: AtiExtEvent - Ati2evxx.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\xp\applic~1\mozilla\firefox\profiles\ilal4rr8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1500000
    FF - user.js: content.notify.interval - 750000
    FF - user.js: nglayout.initialpaint.delay - 100

    ============= SERVICES / DRIVERS ===============

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-18 54752]
    R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2007-3-2 2825088]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

    =============== Created Last 30 ================

    2009-10-04 17:34 <DIR> --d----- c:\windows\system32\appmgmt
    2009-10-04 17:23 <DIR> --d----- c:\windows\system32\PreInstall
    2009-10-04 17:23 <DIR> --d-h--- c:\windows\$hf_mig$
    2009-10-04 16:58 162,304 a------- c:\windows\system32\ztvunrar36.dll
    2009-10-04 16:58 153,088 a------- c:\windows\system32\UNRAR3.dll
    2009-10-04 16:58 77,312 a------- c:\windows\system32\ztvunace26.dll
    2009-10-04 16:58 75,264 a------- c:\windows\system32\unacev2.dll
    2009-10-04 16:58 69,632 a------- c:\windows\system32\ztvcabinet.dll
    2009-10-04 16:57 <DIR> --d----- c:\program files\Trojan Remover
    2009-10-04 16:57 <DIR> --d----- c:\docume~1\xp\applic~1\Simply Super Software
    2009-10-04 16:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
    2009-10-04 16:22 268,648 a------- c:\windows\system32\mucltui.dll
    2009-10-04 16:22 27,496 a------- c:\windows\system32\mucltui.dll.mui
    2009-10-04 16:19 <DIR> --d----- c:\windows\system32\SoftwareDistribution
    2009-10-04 16:19 31,768 a------- c:\windows\system32\wucltui.dll.mui
    2009-10-04 16:19 18,456 a------- c:\windows\system32\wuaueng.dll.mui
    2009-10-04 16:19 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
    2009-10-04 16:19 23,576 a------- c:\windows\system32\wuapi.dll.mui
    2009-10-04 15:50 3,350,519 a------- c:\docume~1\xp\applic~1\WindowsLive.exe
    2009-10-04 15:33 3,350,519 a------- c:\documents and settings\all users\WindowsLive.exe
    2009-10-04 15:32 813,772 a------- c:\windows\system32\rss.exe
    2009-09-21 19:31 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
    2009-09-21 19:31 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
    2009-09-18 10:49 <DIR> --d----- c:\documents and settings\xp\Tracing
    2009-09-18 10:42 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
    2009-09-18 10:42 54,752 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
    2009-09-18 10:37 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
    2009-09-18 10:37 23,856 a------- c:\windows\system32\spupdsvc.exe
    2009-09-18 10:35 <DIR> --d----- c:\program files\Microsoft
    2009-09-18 10:35 <DIR> --d----- c:\program files\Windows Live SkyDrive
    2009-09-18 10:10 <DIR> --d----- c:\program files\common files\Windows Live

    ==================== Find3M ====================

    2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
    2009-07-10 12:15 306,544 a------- c:\windows\WLXPGSS.SCR
    2007-11-30 22:19 22,328 a------- c:\docume~1\xp\applic~1\PnkBstrK.sys

    ============= FINISH: 17:44:06.34 ===============




    DDS (Ver_09-09-29.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/1/2007 12:30:38 PM
    System Uptime: 10/4/2009 5:21:33 PM (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | 'K8N'
    Processor: AMD Sempron(tm) Processor 3000+ | Socket 754 | 1808/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 38 GiB total, 12.022 GiB free.
    D: is FIXED (NTFS) - 36 GiB total, 30.75 GiB free.
    E: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP24: 7/13/2009 9:40:36 PM - Kontrolna tačka sistema
    RP25: 7/14/2009 10:08:38 PM - Kontrolna tačka sistema
    RP26: 7/15/2009 10:14:21 PM - Kontrolna tačka sistema
    RP27: 7/25/2009 5:39:24 PM - Kontrolna tačka sistema
    RP28: 7/29/2009 7:03:01 PM - Kontrolna tačka sistema
    RP29: 7/30/2009 7:43:41 PM - Kontrolna tačka sistema
    RP30: 7/31/2009 8:17:59 PM - Kontrolna tačka sistema
    RP31: 8/3/2009 9:50:20 PM - Kontrolna tačka sistema
    RP32: 8/8/2009 6:20:50 PM - Kontrolna tačka sistema
    RP33: 8/9/2009 6:25:28 PM - Kontrolna tačka sistema
    RP34: 8/10/2009 8:18:14 PM - Kontrolna tačka sistema
    RP35: 8/11/2009 9:07:23 PM - Kontrolna tačka sistema
    RP36: 8/12/2009 9:36:49 PM - Kontrolna tačka sistema
    RP37: 8/19/2009 11:33:05 AM - Kontrolna tačka sistema
    RP38: 8/23/2009 8:51:39 PM - Kontrolna tačka sistema
    RP39: 8/25/2009 7:09:44 PM - Kontrolna tačka sistema
    RP40: 8/26/2009 7:14:01 PM - Kontrolna tačka sistema
    RP41: 8/28/2009 8:26:41 PM - Kontrolna tačka sistema
    RP42: 8/30/2009 4:37:32 PM - Kontrolna tačka sistema
    RP43: 8/31/2009 10:10:14 PM - Kontrolna tačka sistema
    RP44: 9/2/2009 2:19:49 PM - Kontrolna tačka sistema
    RP45: 9/3/2009 6:52:57 PM - Kontrolna tačka sistema
    RP46: 9/5/2009 6:07:46 PM - Kontrolna tačka sistema
    RP47: 9/7/2009 9:12:38 PM - Kontrolna tačka sistema
    RP48: 9/8/2009 9:42:58 PM - Kontrolna tačka sistema
    RP49: 9/9/2009 10:08:28 PM - Kontrolna tačka sistema
    RP50: 9/11/2009 7:03:30 PM - Kontrolna tačka sistema
    RP51: 9/12/2009 7:57:51 PM - Kontrolna tačka sistema
    RP52: 9/13/2009 8:53:37 PM - Kontrolna tačka sistema
    RP53: 9/14/2009 8:58:16 PM - Kontrolna tačka sistema
    RP54: 9/15/2009 9:17:32 PM - Kontrolna tačka sistema
    RP55: 9/16/2009 9:51:30 PM - Kontrolna tačka sistema
    RP56: 9/18/2009 12:08:36 AM - Kontrolna tačka sistema
    RP57: 9/18/2009 10:37:05 AM - Installed Windows XP WIC.
    RP58: 9/18/2009 10:37:21 AM - Installed Windows XP KB954708.
    RP59: 9/18/2009 10:37:33 AM - Installed DirectX
    RP60: 9/20/2009 11:37:05 AM - Kontrolna tačka sistema
    RP61: 9/22/2009 5:44:14 PM - Kontrolna tačka sistema
    RP62: 9/24/2009 5:38:19 PM - Kontrolna tačka sistema
    RP63: 9/25/2009 6:41:05 PM - Kontrolna tačka sistema
    RP64: 9/26/2009 9:23:56 PM - Kontrolna tačka sistema
    RP65: 9/29/2009 10:36:58 AM - Kontrolna tačka sistema
    RP66: 9/30/2009 4:44:15 PM - Kontrolna tačka sistema
    RP67: 10/4/2009 11:05:59 AM - Kontrolna tačka sistema
    RP68: 10/4/2009 1:56:02 PM - Installed ESET NOD32 Antivirus
    RP69: 10/4/2009 5:23:40 PM - Software Distribution Service 3.0
    (*kontrolna tacka sistema=system check point)
    ==== Installed Programs ======================

    18 Wheels of Steel Pedal to the Metal
    ACDSee 6.0 Standard
    Ad-Aware SE Professional
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Reader 7.0
    ATI - Software Uninstall Utility
    ATI Display Driver
    BSPlayer
    Call of Duty(R) 2
    Call of Duty(R) 4 - Modern Warfare(TM)
    ESET NOD32 Antivirus
    Far Cry
    ffdshow (remove only)
    GameSpy Arcade
    Hotfix for Windows XP (KB954708)
    Junk Mail filter update
    MakeDVD 1.0
    Max Payne
    Medal of Honor Allied Assault
    Microsoft .NET Framework 2.0
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Mozilla Firefox (3.0.14)
    MSN
    MSVCRT
    My Cinema
    Nero 6 Enterprise Edition
    NVIDIA Drivers
    PCI SoftV92 Modem
    PhotoNow! 1.0
    PowerCinema
    PowerDirector
    PowerProducer Express
    Realtek AC'97 Audio
    Segoe UI
    Sniper Elite
    Trojan Remover 6.8.1
    Update for Windows XP (KB898461)
    WebFldrs XP
    Winamp
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows XP srpski interfejs paket - latinica
    WinRAR archiver
    WinZip

    ==== Event Viewer Messages From Past Week ========

    9/30/2009 11:58:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CyberLink Task Scheduler (CTS) service to connect.
    9/30/2009 11:58:27 PM, error: Service Control Manager [7000] - The CyberLink Task Scheduler (CTS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/30/2009 11:58:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NOD32 Kernel Service service to connect.
    9/30/2009 11:58:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Machine Debug Manager service to connect.
    9/30/2009 11:58:26 PM, error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/30/2009 11:58:26 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/30/2009 11:35:43 PM, error: Service Control Manager [7023] - The Microsoft Windows service terminated with the following error: Access is denied.
    9/30/2009 11:35:43 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    9/30/2009 11:35:43 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the file specified.
    10/4/2009 4:44:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    10/4/2009 4:09:45 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    10/4/2009 3:54:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdir Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss sptd Tcpip
    10/4/2009 3:54:09 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    10/4/2009 3:54:09 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/4/2009 3:54:09 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/4/2009 3:54:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/4/2009 3:54:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    10/4/2009 3:53:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/4/2009 3:53:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    10/4/2009 3:53:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/4/2009 3:52:41 PM, error: sfsync02 [12] -
    10/4/2009 2:09:57 PM, error: Service Control Manager [7023] - The Microsoft Windows service terminated with the following error: The specified module could not be found.
    10/4/2009 1:52:41 PM, error: Service Control Manager [7023] - The Microsoft Windows service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
    10/4/2009 1:39:19 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

    ==== End Of File ===========================
     
    tesladomain,
    #1
  2. 2009/10/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...