I get continual popups. AdAware, Spybot and Vet antivirus show nothing. I think it may be called Storage Protector. The main popups are four: Important - Potential Errors found in system During a scan of files at system startup, potential errors in the system registry were found. p-07-0100 irql: 1f SYVER 0xff00024 NT_Kernel error 1256 KMODE_EXCEPTION-NOT_HANDLED ----------------- Your system could become unstable A potential problem has been detected and Windows has been [sic] shutdown buggy application to prevent damage to computer. ****WXYZ.SYS -Address F73120AE base at C00000, DateStamp 36b 072A3 Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000) ------------------ The application failed to initialize because the window station is shutting down ----------------------- A Critical error could occur ***STOP: 0x000007B (0xF20184(0x F20184, 0x00000, 0xCC0034*** Inaccessible handler or device Click this balloon to fix the problem ------------------------- Any thoughts on what I should do, please. Here is my hijackthis.log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:06:09 PM, on 22/01/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\system32\ntvdm.exe C:\Documents and Settings\Arthur\Desktop\HiJackThis.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [dc7b1ac7] rundll32.exe "C:\WINDOWS\System32\weasfvxp.dll",b O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - Startup: iinet.lnk = ? O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{311D141F-99BA-40BF-A95F-578D1D13582A}: NameServer = 203.0.178.191 O17 - HKLM\System\CCS\Services\Tcpip\..\{D19F3C97-2978-44D9-A160-E522F386940E}: NameServer = 192.168.3.2 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: System Managment Controler (SMSCGISVC) - Unknown owner - C:\WINDOWS\system\smscg.exe (file missing) O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
hi, Download combofix from one of these links and save it to Desktop: http://subs.geekstogo.com/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe as a precaution, before using combofix: Close any open windows Close/disable anti virus and any antimalware programs that might have real time protection running.Usually this can be done by clicking on the icons by the clock and selecting exit etc. This is done to prevent any possible interference while Combofix is running. After combofix is done you can restart them. Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
Very many thanks for that. All now seems better. Here's hoping. I have been trying to send you all 550 pages of the report that combofix produced but I have twice been unsuccessful. I have therefore cut out over 540 pages of .tmp file references in the middle of it and am sending just the beginning and ending parts of the report. Here they are: ComboFix 08-01-23.1 - Arthur 2008-01-23 9:55:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.454 [GMT 11:00] Running from: C:\Documents and Settings\Arthur\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\storageprotector C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user C:\Documents and Settings\Arthur\Application Data\storageprotector C:\Documents and Settings\Arthur\Application Data\storageprotector\Logs\update.log C:\Documents and Settings\Arthur\My Documents\pos1000.tmp C:\Documents and Settings\Arthur\My Documents\pos1001.tmp C:\Documents and Settings\Arthur\My Documents\pos1002.tmp [over 540 pages of .tmp file references follow] -------------------------- ((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 ))))))))))))))))))))))))))))))) . 2008-01-23 09:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-22 09:36 . 2008-01-22 09:37 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI 2008-01-18 13:40 . 2008-01-19 22:45 1,076,294 --ahs---- C:\WINDOWS\system32\rfgjlqiq.ini 2008-01-17 13:39 . 2008-01-18 13:39 1,075,942 --ahs---- C:\WINDOWS\system32\qkesjsmf.ini 2008-01-15 21:02 . 2008-01-17 13:27 1,057,036 --ahs---- C:\WINDOWS\system32\hkchpacc.ini 2008-01-14 11:53 . 2008-01-14 11:53 <DIR> d---s---- C:\WINDOWS\system32\Microsoft 2008-01-14 11:49 . 2008-01-14 11:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-12 23:06 . 2008-01-21 10:27 477 --a------ C:\WINDOWS\wininit.ini 2008-01-12 22:22 . 2007-12-29 16:42 109,911 --------- C:\WINDOWS\hpoins08.dat.temp 2008-01-12 22:22 . 2006-01-25 10:23 7,577 --------- C:\WINDOWS\hpomdl08.dat.temp 2008-01-12 15:13 . 2008-01-12 15:13 524 --a------ C:\iinet.lnk 2008-01-02 21:20 . 2008-01-02 21:39 <DIR> d-------- C:\QUICKENW 2008-01-02 21:20 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe 2008-01-02 21:19 . 1997-04-14 15:09 113 --a------ C:\WINDOWS\QFNAUST.INI 2008-01-02 21:19 . 2008-01-02 21:21 48 --a------ C:\WINDOWS\QFN.INI 2008-01-02 21:04 . 2008-01-02 21:04 <DIR> d-------- C:\WINDOWS\Intuit 2008-01-02 21:04 . 1999-12-12 19:59 40,448 --a------ C:\WINDOWS\Icg32.dll 2008-01-02 21:04 . 1999-12-12 19:59 5,776 --a------ C:\WINDOWS\Icoadb32.dat 2008-01-02 21:04 . 2008-01-02 21:11 12 --a------ C:\WINDOWS\QBWCD.INI 2007-12-29 16:41 . 2007-12-29 16:41 <DIR> d-------- C:\Program Files\Common Files\HP 2007-12-29 16:39 . 2007-12-29 16:39 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-12-29 16:37 . 2007-12-29 16:37 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-12-29 16:37 . 2005-10-28 11:24 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2007-12-29 16:37 . 2005-10-28 11:24 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-12-29 16:36 . 2005-03-14 12:03 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-12-29 16:36 . 2005-03-14 12:05 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-12-29 16:36 . 2005-03-08 11:55 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-12-29 16:36 . 2005-03-22 23:48 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll 2007-12-29 16:36 . 2005-03-14 12:05 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-12-29 16:36 . 2005-03-14 13:39 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-12-29 16:36 . 2005-03-08 11:55 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-12-29 16:36 . 2005-10-14 22:42 46,592 --a------ C:\WINDOWS\system32\hpzll43a.dll 2007-12-29 16:36 . 2001-08-17 13:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-29 16:36 . 2001-08-17 13:53 13,824 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-12-29 16:34 . 2007-12-29 16:41 <DIR> d-------- C:\Program Files\HP 2007-12-29 16:32 . 2008-01-12 22:23 108,580 --a------ C:\WINDOWS\hpoins08.dat 2007-12-29 16:32 . 2006-01-25 10:23 7,577 --------- C:\WINDOWS\hpomdl08.dat 2007-12-25 21:21 . 2007-12-25 21:21 60 --a------ C:\WINDOWS\system32\i 2007-12-22 19:44 . 2007-12-22 19:44 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys 2007-12-22 17:58 . 2008-01-12 17:31 <DIR> d-------- C:\WINDOWS\nview 2007-12-22 17:58 . 2007-12-22 17:58 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2007-12-22 17:58 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-12-22 17:58 . 2006-10-22 12:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-12-22 17:58 . 2008-01-23 10:32 88,566 --a------ C:\WINDOWS\system32\nvapps.xml 2007-12-22 17:58 . 2006-10-22 12:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu 2007-12-22 15:34 . 2007-12-22 15:34 <DIR> d-------- C:\Program Files\Nero 2007-12-22 15:34 . 2007-12-22 15:42 <DIR> d-------- C:\Program Files\Common Files\Ahead . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-22 22:44 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-01-15 03:39 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-14 00:55 --------- d-----w C:\Program Files\Lavasoft 2008-01-12 03:53 430,080 ----a-w C:\WINDOWS\system32\winlogon.exe 2008-01-07 00:47 --------- d-----w C:\Program Files\Microsoft Works 2007-12-22 08:43 879,832 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys 2007-12-22 08:43 108,360 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys 2007-12-22 07:05 75,304 ----a-w C:\WINDOWS\system32\VetRedir.dll 2007-12-22 07:05 21,031 ----a-w C:\WINDOWS\system32\drivers\Vet-Filt.sys 2007-12-22 07:05 15,735 ----a-w C:\WINDOWS\system32\drivers\VetFDDNT.sys 2007-12-22 07:05 15,478 ----a-w C:\WINDOWS\system32\drivers\Vet-Rec.sys 2007-12-22 07:05 116,264 ----a-w C:\WINDOWS\UnVet32.exe 2007-12-22 07:05 112,168 ----a-w C:\WINDOWS\AVShlExt.dll 2007-12-21 07:20 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-20 23:52 879,832 ----a-w C:\WINDOWS\system32\drivers\VetEFile.1 2007-12-20 23:52 26,787 ----a-w C:\WINDOWS\system32\drivers\VetMonNT.1 2007-12-20 23:52 108,360 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.1 2007-12-20 23:51 21,031 ----a-w C:\WINDOWS\system32\drivers\Vet-Filt.1 2007-12-20 23:51 15,735 ----a-w C:\WINDOWS\system32\drivers\VetFDDNT.1 2007-12-20 23:51 15,478 ----a-w C:\WINDOWS\system32\drivers\Vet-Rec.1 2007-12-20 23:51 --------- d-----w C:\Program Files\CA 2007-12-20 10:44 --------- d-----w C:\Program Files\FreeRIP2 2007-12-20 08:08 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-12-20 07:59 --------- d--h--w C:\Program Files\Uninstall Information 2007-12-20 07:50 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 23:00 13312] "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Arthur^Start Menu^Programs^Startup^Billminder.lnk] path=C:\Documents and Settings\Arthur\Start Menu\Programs\Startup\Billminder.lnk backup=C:\WINDOWS\pss\Billminder.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\System32\jkhfd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe S2 SMSCGISVC;System Managment Controler;"C:\WINDOWS\system\smscg.exe" [] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-23 10:33:14 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-23 10:37:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-22 23:37:17
ok good. one more download to get and use: download and run vundofix.exe: http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Vundofix said "No infected files were found" and "Vundo will now close". Here for the record is C:\vundofix.txt --------------------------- VundoFix V6.7.7 Checking Java version... Sun Java not detected Scan started at 10:07:54 AM 24/01/2008 Listing files found while scanning.... No infected files were found. Beginning removal... ---------------------------- As Vundofix has not had to take any action I assume you don't now need me to send a new HiJackThis log? What is the significance of the warning that I received?: WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! Do I need to take any action or was that just part of the Combofix process? There have been no further popups and the computer is running a lot faster. How do you know these things? I'm very impressed. And I can now show my son that, even though I'm 74, I can nevertheless manage to do things on computers beyond mere word processing and sending e-mails.
hi, ok good. one more hjt log would be great its just a warning, in case the recovery console would have to be used for some reason. i've been looking at hjt logs for at least 4 years. yes you can, show him this thread. echoreply
I will. Thank you again VERY much. And here's the new hijackthis.log. I hope it shows that all is now well. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:25:04 PM, on 24/01/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\devldr32.exe C:\Documents and Settings\Arthur\Desktop\HiJackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - Startup: iinet.lnk = ? O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{311D141F-99BA-40BF-A95F-578D1D13582A}: NameServer = 203.0.178.191 O17 - HKLM\System\CCS\Services\Tcpip\..\{D19F3C97-2978-44D9-A160-E522F386940E}: NameServer = 192.168.3.2 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: System Managment Controler (SMSCGISVC) - Unknown owner - C:\WINDOWS\system\smscg.exe (file missing) O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe -- End of file - 2925 bytes
your welcome, log looks ok. you can remove combofix like this: go to start>run and type in combofix /u click ok note: there is a space after the x in combofix and before the u you can delete the vundofix icon new restore point, the why and how: One of the features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is a good idea after malware is removed. To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (winXP) 1. Turn off System Restore. (deletes old possibly infected restore point) On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore.(new restore points on a clean system) On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK, then reboot looks like you are way behind on windows updates. you need to pay a visit to the website and get caught up. happy safe surfing
All done - successfully, I hope. Yes, I'm behind on windows updates. I re-loaded windows in December and straightaway got the malware so there seemed little point in updating until the problem was removed. That's done now, so I'll update straight away. I'm amazed and delighted. Once again, very many thanks. Keep doing good works.
hi, i'm with the same trouble as the above i'll try this same process, is there any problem? thank for your attention!
