![]() NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system.If you can't perform a certain step, or you're unsure on what to do, please stop and let me know. Please follow the steps exactly in the same order posted.When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked).Please don't be afraid to ask questions! No question is considered dumb here.To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer: Hello Wintered ! Welcome to the site! My nickname is heir and I'll be helping clean up your computer. C:\WINDOWS\system32\TDSSmtve.dat => ROOTKIT Tibs C:\WINDOWS\Tasks\AppleSoftwareUpdate.job C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\Norton PC Checkup WeekDay Scanner.job C:\WINDOWS\Tasks\Norton PC Checkup Weekend Scanner.job C:\WINDOWS\Tasks\SA.DAT. Locked (0) _ System (4) _ \SystemRoot\System32\smss.exe (184) _ \?\C:\WINDOWS\system32\csrss.exe (232) _ \?\C:\WINDOWS\system32\winlogon.exe (256) _ C:\WINDOWS\system32\services.exe (300) _ C:\WINDOWS\system32\lsass.exe (312) _ C:\WINDOWS\system32\svchost.exe (480) _ C:\WINDOWS\system32\svchost.exe (528) _ C:\WINDOWS\System32\svchost.exe (560) _ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (596) _ C:\Program Files\Alwil Software\Avast4\ashServ.exe (668) _ C:\WINDOWS\system32\spoolsv.exe (1008) _ C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (1064) _ C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (1088) _ C:\WINDOWS\system32\svchost.exe (1128) _ C:\WINDOWS\System32\svchost.exe (1204) _ C:\Program Files\Java\jre6\bin\jqs.exe (1228) _ C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (1292) _ C:\WINDOWS\system32\svchost.exe (1448) _ C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe (1488) _ C:\WINDOWS\System32\dmadmin.exe (1528) _ C:\WINDOWS\system32\wscntfy.exe (428) _ C:\WINDOWS\Explorer.EXE (1108) _ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1060) _ C:\WINDOWS\AGRSMMSG.exe (924) _ C:\WINDOWS\system32\rundll32.exe (920) _ C:\Program Files\Razer\Diamondback 3G\razerhid.exe (1744) _ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (1832) _ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (1756) _ C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe (2536) _ C:\Program Files\Java\jre6\bin\jusched.exe (2548) _ C:\WINDOWS\system32\ctfmon.exe (2608) _ C:\Program Files\Windows Media Player\WMPNSCFG.exe (2624) _ C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (2816) _ C:\Documents and Settings\User\Desktop\Rooter.exe (3888). Scan : 17:10.03 Path : C:\Documents and Settings\User\Desktop\Rooter.exe User : User ( Administrator -> YES ). (Security Center) RUNNING (state:4) STOPPED (state:1) : Windows Firewall -> Disabled !. ![]() Windows XP Home Edition () Service Pack 3 - x86 Family 6 Model 15 Stepping 6, GenuineIntel. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Rooter: Rooter.exe (v1.0.2) by Eric_71. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully. here are my logs.thanks in advance for helping me out MBAM: Malwarebytes' Anti-Malware 1.36 Database version: 2159 Windows Service Pack 3 5:07:29 PM mbam-log- (17-07-29).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 209557 Time elapsed: 33 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. it has somehow affected my windows logon ui as well cause every time i log into windows it pops out an error stating "windows logon ui has encountered an error and needs to be closed" but no matter how many times i close it, the dialog pops back out again. Hi.i recently screwed up my laptop.im not really sure what virus it is now i cant access my control panel, or the internet im using avast antivirus and now it wont stop detecting viruses in almost every file there is in my notebook.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |