sarahw

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Hi, It doesn't look like there is anything wrong with the registry. I wouldn't change anything in the reigstry as its likely to leave your computer in a bad state. 1. Time for some housekeeping Click START then RUN Now type Combofix /u in the runbox and click OK The above procedure will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present [*] Reset the clock settings. [*] Hide file extensions, if required. [*] Hide System/Hidden files, if required. [*] Reset System Re

Hi, Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.). Click Scan. When the scan is complete, click OK, then Show Results to view the results. If Malware is

The software I use are: Windows Media Encoder (Encodes and records screen shots (movie and image)) Ulead Video Studio (add DVD menu's, make short clips from lager movie files) fraps (tells you the fps in games, take video screenshot and image screenshots of games) and the one that comes with vista is actually pretty good and easy to use.

The Malware community used to swear by programs like AVG Anti Virus and Ewido. After Ewido was bought by AVG they released 7.5 and then incorporated it into there security suite. They have totally changed there programs and nobody really recommends it anymore. For Anti-Virus I recommend Avast! and for a Anti-Spyware I recommend Malware Bytes.

How is the computer running?

Hi, Can you please uninstall Malware Bytes Anti Malware. If you wish to keep it you can reinstall it from the above link. Please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan Tick the box next to YES, I accept the Terms of Use Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the option Scan unwanted applications is checked Click Scan (This scan can take several hours, so please be patient) Once the scan is completed, you may close the window Use Notepad t

There was a problem with Mbam definitions. These were deleted: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\secdrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Open Mbam, click the Quarantine tab, and search for these entries. HKEY_LOCAL_MACHINE\

Click HERE and run an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected:Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases [*]Click OK [*]Now under select a target to scan: Select My Computer [*]This

Looks good. Click HERE and run an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected:Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases [*]Click OK [*]Now under select a target to scan: Select My Compu

Hi, Can you please have your threads at other sites closed. You only need to start one topic, starting multiple threads wastes peoples time if you are being helped elsewhere. Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): C:\WINDOWS\system32\wsldoekd.exe C:\WINDOWS\system32\WServing.exe C:\WINDO

Hi, Welcome to the site I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I want you to show hidden files. There are instructions HERE to help you do this. You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time. Please dont use any of the tools without specific instructions. Some of them are dangerous (and

Please open the OTMoveIt2 by OldTimer. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): C:\Program Files\rhcp2pj0e7bv C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv C:\WINDOWS\system32\kdizk.exe Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit

Please open the OTMoveIt2 by OldTimer. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): C:\Program Files\rhcp2pj0e7bv C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv C:\WINDOWS\system32\kdizk.exe Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit

We can install the recovery console now. Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System. Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log. Please do no

Download ComboFix from one of the locations below, and save it to your Desktop. Link 1 Link 2 Link 3 Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

If they got removed in the cleanup process, then yes. Otherwise they should be there. Your computer should now be clean, but, I will leave this thread open in case the problem returns due to reinfection. There is just a few more steps I'd like you to run. Please download OTCleanIt from HERE to your desktop. Double click to run it. It will clean up the assortment of tools used during malware removal. When it has finnished, it will ask you to reboot so it can remove itself. You can now Rehide your system files by using the reversal of these instructions HERE Congratulations, your log is now clea

Can you post the results anyways, your computer surely isn't clean.

ok

ok

Does it do that gibberish thing on the C:? Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): [kill explorer] d:\autorun.inf [start explorer] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! bu

Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.). Click Scan. When the scan is complete, click OK, then Show Results to view the results. If Malware is foun

hi can you click start, then run and type: cmd then press enter. In the black window that opens, type type: d: and press enter. does the computer access the d:\ ?

Can you please go to C:\_OTMoveIt\MovedFiles and look for a folder called: 09082008_091946 can you please zip\rar that folder and upload it here: http://www.uploadmalware.com

Download GMER from here: http://www.gmer.net/files.php Unzip it to the desktop. Open the program and click on the Rootkit tab. Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’. Click on Scan. When the scan has run click Copy and paste the results (if any) into this thread.