MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 06-09-12, 15:13
INeedHelp. INeedHelp. is offline
Private E-2
 
Join Date: Jun 2012
Posts: 12
Thanks: 3
Thanked 0 Times in 0 Posts
Question Desktop.ini and ComboFix

Hello, a few days ago Trend Micro detected a virus located in C:\windows\assembly\GAC_32\Desktop.ini
I have tried so many things, but I can not remove it in any way, it redirects my web pages and causes my computer to freeze.
I tried reading other threads about this problem and I read about ComboFix, but I am not an expert and I don't want to do more damage by running it, can someone please help me?
Reply With Quote
Sponsored links
  #2  
Old 06-09-12, 19:18
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,122
Thanks: 1,004
Thanked 3,786 Times in 3,687 Posts
Default Re: Desktop.ini and ComboFix

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run


Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some information that will contain either the below line if no problem is found:
    • Done! Press ENTER to exit...
  • Or you will see more information like below if a problem is found:
    • Found non-standard or infected MBR.
    • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
  • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.


Now do not stop, please continue on with the below instructions too!

v
V
V
V
READ & RUN ME FIRST. Malware Removal Guide
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #3  
Old 06-10-12, 04:25
INeedHelp. INeedHelp. is offline
Private E-2
 
Join Date: Jun 2012
Posts: 12
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Desktop.ini and ComboFix

Here are the report and the log.
Attached Files
File Type: txt TDSSKiller.2.7.36.0_10.06.2012_10.15.53_log.txt (139.8 KB, 3 views)
File Type: txt MBRCheck_06.10.12_10.22.31.txt (15.5 KB, 3 views)
Reply With Quote
  #4  
Old 06-10-12, 06:19
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,122
Thanks: 1,004
Thanked 3,786 Times in 3,687 Posts
Default Re: Desktop.ini and ComboFix

Did you miss this???
Quote:
Now do not stop, please continue on with the below instructions too!
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #5  
Old 06-10-12, 09:05
INeedHelp. INeedHelp. is offline
Private E-2
 
Join Date: Jun 2012
Posts: 12
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Desktop.ini and ComboFix

No, but it took me ages to follow all the steps because my computer keeps freezing. I did everything, but ComboFix only does the extraction and does not run and RootRepeal says "Error - RootRepeal does not support 64-bit OSs!"
Also Trend Micro stopped working, it says "starting your protection", but it doesn't start even if I wait for a long time.
Attached Files
File Type: log SUPERAntiSpyware Scan Log - 06-10-2012 - 14-16-54.log (584 Bytes, 2 views)
File Type: txt mbam-log-2012-06-10 (14-27-39).txt (2.4 KB, 3 views)
File Type: zip MGlogs.zip (32.6 KB, 3 views)
Reply With Quote
Sponsored links
  #6  
Old 06-10-12, 17:57
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,122
Thanks: 1,004
Thanked 3,786 Times in 3,687 Posts
Default Re: Desktop.ini and ComboFix

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.
  • cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
  • nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
  • GRK64 <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
  • SN64 <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.


Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #7  
Old 06-11-12, 10:18
INeedHelp. INeedHelp. is offline
Private E-2
 
Join Date: Jun 2012
Posts: 12
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Desktop.ini and ComboFix

nwktst it said "the ordinal 1108 could not be located in the dynamic link library WSOCK32.dll"

I didn't get any error messages when i entered the other commands.

OTL only gave me OTL.Txt, I'm attachihng it here.
Attached Files
File Type: txt OTL.Txt (84.5 KB, 6 views)
Reply With Quote
  #8  
Old 06-11-12, 18:54
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,122
Thanks: 1,004
Thanked 3,786 Times in 3,687 Posts
Default Re: Desktop.ini and ComboFix

Quote:
nwktst it said "the ordinal 1108 could not be located in the dynamic link library WSOCK32.dll" I didn't get any error messages when i entered the other commands.
So did it produce a new MGlogs.zip?

Please uninstall anything relating to Searchqu Toolbar, Paretologic and Bandoo Media if they show.

Please try renaming combofix.exe to b7ytDF.com and boot into safe mode to see if it will run at all.


We need to run an OTL Fix
  • Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • Copy and Paste the following code into the textbox. Do not include the word Code
Code:
Code:
:otl
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
C:\windows\assembly\GAC_32\Desktop.ini
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
C:\PROGRA~2\WI3C8A~1\Datamngr
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
[2012/06/07 18:00:00 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2012/06/04 23:01:48 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS.job
[2012/06/11 16:05:36 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{13851150-6554-632f-43c3-3e704e0e6a72}
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05EE1EEF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:115CEE00
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA

:commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. ATTACH that report in your next reply.


For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Quote:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)

Now run OTL again like you did in my post # 6. Attach the log.

Also now see if you can run MGTools.exe again and see if it will produce a complete MGlogs.zip.

Let me know about Combofix too please.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #9  
Old 06-12-12, 10:22
INeedHelp. INeedHelp. is offline
Private E-2
 
Join Date: Jun 2012
Posts: 12
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Desktop.ini and ComboFix

No, it did not produce a new MGlogs.zip.

I renamend combofix, but it did only the extraction, even in safe mode.

Here are the OLT report, the FRST log, the OLT log and the MGlogs.zip, MGtools showed me an error message "the ordinal 1108 could not be located in the dynamic link library WSOCK32.dll", but it finished the scan.
Attached Files
File Type: log 06122012_153135.log (9.9 KB, 3 views)
File Type: txt FRST.txt (94.2 KB, 9 views)
File Type: txt OTL.Txt (80.9 KB, 2 views)
File Type: zip MGlogs.zip (411.0 KB, 2 views)
Reply With Quote
  #10  
Old 06-12-12, 23:36
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,680
Thanks: 62
Thanked 7,792 Times in 4,226 Posts
Default Re: Desktop.ini and ComboFix

I'll try to keep you moving along while Kestrel13! is not around.

Download this >> fixlist.txt


Save fixlist.txt to your flash drive.
  • You should now have both fixlist.txt and FRST64.exe on your flash drive.
Now reboot back into the System Recovery Options as you did previously.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now boot into normal Windows can continue with the below.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Now attach the below log:
  • Fixlog.txt from FRST
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #11  
Old 06-13-12, 02:47
INeedHelp. INeedHelp. is offline
Private E-2
 
Join Date: Jun 2012
Posts: 12
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Desktop.ini and ComboFix

Here are the files, it's not working properly, trend micro disappeared (?), my desktop is messed up and sometimes it says I can't access my profile when i boot.
Attached Files
File Type: zip MGlogs.zip (435.7 KB, 8 views)
File Type: txt Fixlog.txt (3.3 KB, 6 views)
Reply With Quote
  #12  
Old 06-13-12, 18:18
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,122
Thanks: 1,004
Thanked 3,786 Times in 3,687 Posts
Default Re: Desktop.ini and ComboFix

Hopefully you will be able to get through the below. The issues you are having is due to the damage the malware has caused no doubt.


Uninstall the below if you can.
  • Java(TM) 6 Update 22
  • Java(TM) 6 Update 26





Reboot your machine and install the most current and up to date version of Java available here at the below link:

Java Runtime 6


Now Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Run FRST again like you did in my post #8. Attach the log from doing so.

Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!

Last edited by Kestrel13!; 06-13-12 at 18:53.. Reason: edited post to remove 90% of my fix.
Reply With Quote
  #13  
Old 06-13-12, 18:51
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,680
Thanks: 62
Thanked 7,792 Times in 4,226 Posts
Default Re: Desktop.ini and ComboFix

Note that none of the below are problems and do not need to be fix. INeedHelp. has this software installed.
Quote:
Originally Posted by Kestrel13! View Post
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10203&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.autocompletepro.com/?si=10203&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.autocompletepro.com/?si=10203&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10203&bi=400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
O20 - AppInit_DLLs: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll
In fact after a more detailed look... nothing in this last fix other than the Java update and the below needs to be performed.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #14  
Old 06-13-12, 18:55
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,122
Thanks: 1,004
Thanked 3,786 Times in 3,687 Posts
Default Re: Desktop.ini and ComboFix

@Chas. Sorry. I was under the impression that searchautocomplete.com was a dodgy website, and also that datamngr.dll related to searchqu stuff as I swore I saw that in one of the logs.

Quote:
In fact after a more detailed look... nothing in this last fix other than the Java update and the below needs to be performed.
I would love to see the new log from FRST when the user attaches it after running again. There is still malware here. Possibly.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!

Last edited by Kestrel13!; 06-13-12 at 19:01..
Reply With Quote
  #15  
Old 06-13-12, 18:56
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,680
Thanks: 62
Thanked 7,792 Times in 4,226 Posts
Default Re: Desktop.ini and ComboFix

Quote:
Originally Posted by INeedHelp. View Post
Here are the files, it's not working properly,
Please explain what you mean.

Quote:
Originally Posted by INeedHelp. View Post
trend micro disappeared (?)
It was not installed when you posted your first logs. You will have to install it if you use it.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #16  
Old 06-13-12, 19:04
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: Desktop.ini and ComboFix

Just FYI that proxy is part of the Akamai software that is installed.
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #17  
Old 06-13-12, 19:07
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,122
Thanks: 1,004
Thanked 3,786 Times in 3,687 Posts
Default Re: Desktop.ini and ComboFix

I'm just going to check new FRST log and new MGlogs.zip if that's okay with everyone.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #18  
Old 06-13-12, 22:21
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,680
Thanks: 62
Thanked 7,792 Times in 4,226 Posts
Default Re: Desktop.ini and ComboFix

Quote:
Originally Posted by Kestrel13! View Post
I'm just going to check new FRST log and new MGlogs.zip if that's okay with everyone.
Yep.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #19  
Old 06-14-12, 17:50
INeedHelp. INeedHelp. is offline
Private E-2
 
Join Date: Jun 2012
Posts: 12
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Desktop.ini and ComboFix

Chaslang i'll try to install trend micro again, but I do get an icon saying "starting your protection" and the control panel shows that it's installed...

Kestrel13! I attached the logs.

It looks like it's working ok now. It does not freeze and I don't have any problems accessing my pprofile when I boot.

Silly question (probably) ^^' "The 'Java8tm) Plug-In SSV Helper' add-on from 'Sun Microsystems, Inc.' is ready for use." Should I enable it?
Attached Files
File Type: zip MGlogs.zip (438.2 KB, 2 views)
File Type: txt FRST.txt (102.5 KB, 3 views)
Reply With Quote
  #20  
Old 06-14-12, 18:10
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,122
Thanks: 1,004
Thanked 3,786 Times in 3,687 Posts
Default Re: Desktop.ini and ComboFix

Hi there.

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode


Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

After clicking Fix exit HJT.


Please note, the 020 line relates to imesh, which is not installed on your computer right now. Was it something you once had installed knowingly?


Please download Combofix as per the instructions in the Read and Run Me First procedures, to your desktop.

Now we need to use ComboFix by sUBs
  • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
  • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
  • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
  • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
Code:
KILLALL::

File::
c:\progra~2\wi3c8a~1\datamngr\datamngr.dll
Folder::
c:\progra~2\wi3c8a~1
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFscript.txt on top of ComboFix.exe



  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Please note, the use of keygens, torrents, and "cracks" is an open doorway for malware to come straight through...
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
INeedHelp. (06-16-12)
Sponsored links
Reply

Tags
combofix, desktop.ini

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Saving ComboFix to Desktop? ldmetott Malware Removal 2 03-20-10 07:44
Combofix Deleted all Personal Files - docs, pics, music, desktop, etc TechGuy Malware Removal 10 02-18-10 16:40
Combofix - Deleted Desktop, docs, programs etc stevep119 Malware Removal 25 01-29-10 00:15
combofix and desktop image issues brucebb Malware Removal 7 09-06-08 17:15
desktop time military after combofix anything else?? therealstarlette Software 1 05-27-08 21:24


All times are GMT -5. The time now is 20:19.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger