tim.halls

Members
  • Content Count

    11
  • Joined

  • Last visited

Everything posted by tim.halls

  1. Ryan, further to my last post wherein I completed all of your instructions below however the Kaspersky extended scan caused the PC to re-boot, I now enclose below my latest HijackThis log for your inspection. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:51:11 PM, on 4/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: F:\WINNT\System32\smss.exe F:\WINNT\system32\winlogon.exe F:\WINNT\system32\services.exe F:\WINNT\system32\lsass.exe F:\WINNT\system32\svchost.exe F:\WINNT\System32\svchost.exe F:\WIN
  2. Hi Ryan Please find below the fresh HijackThis log you requested following the PC re-botting itself when running the extended Kaspersky Online Scanner. I bring to your attention also that Malwarebytes Scanner run other evening also quarantined then deleted the following file from a rgistry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:26:21 PM, on 4/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: F:\WINNT\System32\smss.exe F:\WINNT
  3. Hi Ryan All is not well with the PC! Followed your below instructions but the PC self-booted when one third the way into Kaspersky Online Scan. As mentioned previously, it displays the same intolerance when I run the registry checkers RegCure or Registry First Aid. Before this virus attack it never use to do this. I know this for a fact since I would run RegCure on a monthly basis to maintain a 'clean' registry. There are a few potential clues I have alluded to in examining the PC more closely. It is running effortlessly and with efficiency I would say in loading and unloading memory - ce
  4. Hi Ryan Thanks for all the help thus far. It is taking time however the PC is gradually coming good. Before posting the HijackTHis Ininstall log you requested, I advise I ran Dr CureIt overnight in full scan mode. It was a long scan but I suspected there was something still afoot with viruses in the PC. Whilst I do not get the STOP: ox00000050 error anymore when running registry cleaner scans, both Registry Cleaner (RegClean) and Registry First Aid cause the PC to reboot of its own accord when run. I have not had this issue previously. I ran Dr CureIt with the aim of determining whether
  5. Hi Ryan Please ignore the previous post of HiJack This log. For some reason the notepad log failed to report the classes of the processes running beneath the file location information. The full log is enclosed below. I note the following entries in the log which refer to Spyware Doctor: O4 - HKUS\S-1-5-19\..\Run: [spyware Doctor] "F:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [spyware Doctor] "F:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'NETWORK SERVICE') O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84
  6. Hi Ryan Please find below my latest HijackTHis log, as requested. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:09:46 PM, on 4/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: F:\WINNT\System32\smss.exe F:\WINNT\system32\winlogon.exe F:\WINNT\system32\services.exe F:\WINNT\system32\lsass.exe F:\WINNT\system32\svchost.exe F:\WINNT\System32\svchost.exe F:\WINNT\system32\svchost.exe F:\WINNT\system32\LEXBCES.EXE F:\WINNT\system32\spoolsv.exe F:\WINNT\system32\LEXPPS.EXE F:\WINNT\Explorer.EXE F:\Progr
  7. Hi Ryan Have run Anti-malware wit update - as specified. It found one registry key infection. The log is below. Malwarebytes' Anti-Malware 1.11 Database version: 652 Scan type: Full Scan (C:\|F:\|G:\|H:\|) Objects scanned: 160406 Time elapsed: 2 hour(s), 55 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected:
  8. Hi Ryan I have incorporated your below instructions /guidance. All went well. I provide the log files your requested below with some screenshots of the PC's Event Viewer for (i) System and (ii) Application. When running application "RegCure" I have been getting the blue screen of death. This application is a sophisticated registry cleaner. This occurs when scanning the PC some way in. STOP code is STOP: 0x00000050, 0x00000000, 0x8054AA32, 0x00000000) - PAGE_FAULT_IN_NONPAGED_AREA. I have read the Microsoft Knowledge Base (for what it's worth) and have eliminated poor SDRAM a the issue aft
  9. Hi Ryan Please find enclosed logs from HijackThis and ComboFix. ComboFix appears to have removed my mass mail spammer (with many thanks). My virus and spyware application The Shield Deluxe 2008 (read: Kapernsky & spyware) no longer raises the alert of blocking a mass mailer and the email blocker application shows no emails are being generated. This is a great relief. (The email blocker demonstrated that over a 1,000 emails were being generated in a period of 20-30 minutes.) This leaves the following as questions remaining: 1. ComboFix placed the "qoobox" directory under "Program Files"
  10. Hi Ryan Good (a relief) to hear from you. I am about to follow your below routine to the letter. I'll post again as soon as I have the information you have requested. Tim
  11. Hi, I have spent days attempting to identify the source of an infection. It appears to be somehow embedded in the file: C:\WINNT\System 32\Services.exe I am now running the antivirus and spyware application "The Shield Deluxe" after being dissatisfied with Nortons Antivirus Corporate Edition. I was also running PCTools spyware previously at the time of infection. The Shield Deluxe informs that a "modification of riskware, i.e. 'Mass-mailer software' has been detected with the above file system process "Services.exe". I attach below my log from "Hijack This" in the hope you can pick any infi