TechSpot

HJT pasted into message

By Dadof3
Feb 11, 2009
  1. As I am unable to attach my log files, I am pasting them into the message directly. I am unable to boot in safe mode, and unable to install Malware program or update AVS. I have run Super AV and adaware.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:34:31 PM, on 1/28/2009
    Platform: Windows 2000 SP1 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
    C:\Program Files\2Wire\2PortalMon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe
    C:\Documents and Settings\Paul Fink.PAUL-A2SU8NITMJ\My Documents\New Folder\WinZip\WZQKPICK.EXE
    C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
    O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [CS Update] copy /Y "C:\WINNT\System32\msxml71.dll.upd" "C:\WINNT\System32\msxml71.dll"
    O4 - HKCU\..\Run: copy /Y "C:\WINNT\System32\msxml71.dll.upd" "C:\WINNT\System32\msxml71.dll"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - .DEFAULT Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
    O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Paul Fink.PAUL-A2SU8NITMJ\My Documents\New Folder\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182713361120
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
     
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Hello Dadof3

    Boot to Safe Mode networking and do all below.

    Left Drag mouse and Copy for Pasting all text in the box below. Make sure the slider bar goes to bottom from the @ to the end of the second exit.

    Then paste to the black screen of an open command prompt. All may not apply so ignore errors.
    Code:
    @echo off
    cd\
    :: Fix associations
    ftype exefile="%1" %*
    ftype batfile="%1" %*
    ftype cmdfile="%1" %*
    ftype comfile="%1" %*
    ftype scrfile="%1" /S
    ftype regfile="regedit.exe" "%1"
    ftype piffile="%1" %*
    ftype inffile=%SystemRoot%\System32\NOTEPAD.EXE "%1"
    ftype vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    ftype jsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    
    assoc .exe=exefile
    assoc .bat=batfile
    assoc .cmd=cmdfile
    assoc .com=comfile
    assoc .scr=scrfile
    assoc .reg=regfile
    assoc .pif=piffile
    assoc .lnk=lnkfile
    assoc .inf=inffile
    assoc .vbs=VBSFile
    assoc .js=JSFile
    
    sc stop TDSSserv.sys
    sc delete TDSSserv.sys
    :: Above sc commands first stops then deletes service if it exists
    ::
    reg unload "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata"
    reg unload "HKEY_LOCAL_MACHINE\SOFTWARE\tdss"
    ::
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" /f
    ::The above reg commands first unloads the reg keys then deletes these keys.
    ::
    Attrib -h -s -r tdss*.* /s
    del  tdss*.* /f /q /s
    :: The above two lines first clears protective attributes then 
    :: deletes all files on Drive beginning with the name tdss
    
    :: Remove AntiVirus2009
    attrib -h -s -r "%UserProfile%\Desktop\Antivirus 2009.lnk"
    attrib -h -s -r "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk"
    attrib -h -s -r "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll"
    attrib -h -s -r "%UserProfile%\Start Menu\Antivirus 2009\*.*"
    
    del "%UserProfile%\Desktop\Antivirus 2009.lnk" /f /q
    del "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk" /f /q
    del "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll" /f /q
    del "%UserProfile%\Start Menu\Antivirus 2009\*.*" /f /q
    
    rd /s /q "%UserProfile%\Start Menu\Antivirus 2009"
    
    attrib -h -s -r "c:\Program Files\Antivirus 2009\*.*"
    rd /s/q "c:\Program Files\Antivirus 2009"
    
    attrib -h -s -r c:\WINDOWS\system32\ieupdates.exe
    attrib -h -s -r c:\WINDOWS\system32\scui.cpl
    attrib -h -s -r c:\WINDOWS\system32\winsrc.dll
    
    del c:\WINDOWS\system32\ieupdates.exe /f /q
    del c:\WINDOWS\system32\scui.cpl /f /q
    del c:\WINDOWS\system32\winsrc.dll /f /q
    
    attrib -h -s -r c:\program files\xwdxqu.txt
    attrib -h -s -r c:\windows\x
    attrib -h -s -r c:\windows\SxsCaPendDel
    
    del c:\program files\xwdxqu.txt  /f /q
    del c:\windows\x  /f /q
    del c:\windows\SxsCaPendDel  /f /q
    
    reg delete HKLM\SOFTWARE\swearware /f
    reg delete HKCU\Software\Wget /f
    reg delete HKLM\Software\Classes\CLSID\{CD363BEC-7150-B887-530D-F3E2E0424EA} /f
    
    :: rootkit gaopdxserv
    attrib -h -s -r "c:\windows\system32\drivers\gaopdxqfotrruc.sys"
    attrib -h -s -r "c:\windows\system32\gaopdxqpqjwmyc.dll"
    attrib -h -s -r "\c:\windows\system32\drivers\gaopdxuigiphwm.sys"
    
    sc stop gaopdxserv.sys.sys
    sc delete gaopdxserv.sys.sys
    
    del  /f /q "c:\windows\system32\drivers\gaopdxqfotrruc.sys"
    del  /f /q  "c:\windows\system32\gaopdxqpqjwmyc.dll"
    del  /f /q  "\c:\windows\system32\drivers\gaopdxuigiphwm.sys"
    
    reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys" /f
    reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys" /f
    reg delete "HKEY_LOCAL_MACHINE\Software\Classes\gaopdxvx" /f
    
    reg delete "HKEY_CURRENT_USER\Software\75319611769193918898704537500611" /f
    reg delete "HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}" /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" "75319611769193918898704537500611" /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" "ieupdate" /f
    echo Finshed ripping out Antivirus 2008-9
    :: Fix associations
    ftype exefile="%1" %*
    ftype batfile="%1" %*
    ftype cmdfile="%1" %*
    ftype comfile="%1" %*
    ftype scrfile="%1" /S
    ftype regfile="regedit.exe" "%1"
    ftype piffile="%1" %*
    ftype inffile=%SystemRoot%\System32\NOTEPAD.EXE "%1"
    ftype vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    ftype jsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    
    assoc .exe=exefile
    assoc .bat=batfile
    assoc .cmd=cmdfile
    assoc .com=comfile
    assoc .scr=scrfile
    assoc .reg=regfile
    assoc .pif=piffile
    assoc .lnk=lnkfile
    assoc .inf=inffile
    assoc .vbs=VBSFile
    assoc .js=JSFile
    exit
    exit
    This should run and exit!

    It is a coverall and you may see a few errors related to it addressing something you do not need. This is normal ignore.

    Then..

    Download ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    After attaching logs continue the 8 Steps.

    Mike
     
  3. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    cant boot into safe mode

    Cant boot into safe mode networking. A blue screen appears with white text telling me that I may have a virus or to check the connections of the hard disk. Run chkdsk/F
     
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    OK but I see, but are you saying you can boot into normal but with problems?

    If you can download then proceed to the ComboFix and try that! If ComboFix runs it may fix enough to allow copy/paste and to proceed more easily.

    Or let me have more details as to what works and how you are posting here.

    Mike
     
  5. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    combofix allowed to boot in safe mode

    responding from mobile data phone. Ran combo and can now boot in safe mode. Ran CCleaner and SuperAnti Spy. Want to know where to paste and run your fix. How do I get to black page/prompt?
     
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    Well you need to be connected and logged in here to see the box.

    To get a command prompt do this:

    Start-Run
    type
    cmd
    click ok or hit enter.

    Copy the box, then left click once inside the black screen, then rt click and paste.

    Mike
     
  7. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    New HJT Logfile pasted in message thread

    I ran the block of commands and was able to boot into safe mode. Could not install the malware software from the 8 things to do. Did run Super Anti Virus as well as clean up and the rest. Here is the latest HJT Logfile. I am still unable to update the definitions for AVS. It is being blocked to the server.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:11:25 PM, on 2/11/2009
    Platform: Windows 2000 SP1 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [CS Update] copy /Y "C:\WINNT\System32\msxml71.dll.upd" "C:\WINNT\System32\msxml71.dll"
    O4 - HKCU\..\Run: copy /Y "C:\WINNT\System32\msxml71.dll.upd" "C:\WINNT\System32\msxml71.dll"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\RunOnce: [CleanUp!] C:\Documents and Settings\Paul Fink.PAUL-A2SU8NITMJ\Desktop\CleanUp!\Cleanup.exe /WindowsRestart
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - .DEFAULT Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
    O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Paul Fink.PAUL-A2SU8NITMJ\My Documents\New Folder\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182713361120
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

    --
    End of file - 7155 bytes
     
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    OK to confirm, you are booting to Safe Mode networking correct.

    Only in Safe Mode Networking is the Internet available.

    Confirm the copy/paste operation ran and exited, yes?

    Did you try the ComboFix download in post #2.

    As you have SAS installed do the below below..

    Update then run SAS (if you can not update the do without update)
    Click Preferences-Repairs

    Do the below repairs

    Enable Windows Explorer options
    Internet Zone Security Reset
    Remove Explorer Policy Restrictions
    Remove Internet Explorer Policy Restrictions
    Remove WinOldApp policy restrictions
    Repair broken Network Connection (WinSock LSP Chain)
    Reset Desktop Componets
    Reset Desktop Policies
    Reset URL PreFixes
    Reset Web Settings
    Reset Winlogon Shell
    Reset ZoneMap Settings
    User Agent Post Platform Reset
    User Agent reset

    If you want to get this fixed then attach all logs.

    Now try the ComboFix in post #2.

    Mike

    PS Do not post logs into the thread unless for some reason you can not attach!
     
  9. Dadof3

    Dadof3 TS Rookie Topic Starter Posts: 67

    booting in safe mode

    Yes, confirm booting in safe mode (although now can boot normally as well).
    Internet available in both safe and normal boot.
    Confirm copy/paste operation ran and exited
    Ran ComboFix in safe mode
    No button available below to manage attach files, that is why I have pasted them in the body of the message.
    Ran update to SAS and repairs as listed
    Ran Combo Fix again.

    ComboFix 09-02-12.02 - Paul Fink 02/12/2009 11:33:51.2 - NTFSx86 NETWORK
    Microsoft Windows 2000 Professional 5.0.2195.1.1252.1.1033.18.511.421 [GMT -8:00]
    Running from: c:\documents and settings\Paul Fink.PAUL-A2SU8NITMJ\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    2009-02-11 21:39 --------- d-----w c:\documents and settings\Paul Fink.PAUL-A2SU8NITMJ\Application Data\AdobeUM
    2009-02-10 01:38 2,737,808 ----a-w c:\program files\pdfware.exe
    2009-02-04 15:43 --------- d--h--w c:\documents and settings\Paul Fink.PAUL-A2SU8NITMJ\Application Data\yahoo!
    2009-01-28 22:28 266,085 ----a-w C:\RatsCheddar.zip
    2009-01-27 04:17 --------- d-----w c:\program files\CCleaner
    2009-01-27 01:50 --------- d-----w c:\program files\Alwil Software
    2009-01-27 01:48 30,363,016 ----a-w c:\program files\setupeng.exe
    2009-01-27 00:50 --------- d-----w c:\program files\SUPERAntiSpyware
    2009-01-27 00:50 --------- d-----w c:\documents and settings\All Users.WINNT\Application Data\SUPERAntiSpyware.com
    2009-01-27 00:49 5,953,568 ----a-w c:\program files\SUPERAntiSpyware.exe
    2009-01-27 00:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-01-27 00:49 --------- d-----w c:\documents and settings\Paul Fink.PAUL-A2SU8NITMJ\Application Data\SUPERAntiSpyware.com
    2009-01-27 00:04 --------- d---a-w c:\documents and settings\All Users.WINNT\Application Data\avg7
    2009-01-26 23:02 --------- d-----w c:\documents and settings\All Users.WINNT\Application Data\Grisoft
    2009-01-26 22:10 5,287,071 ------w C:\AVG7QT.DAT
    2009-01-26 22:09 --------- d-----w c:\documents and settings\Paul Fink.PAUL-A2SU8NITMJ\Application Data\AVG7
    2009-01-26 22:08 26,880 ----a-w c:\winnt\system32\drivers\avg7rsnt.sys
    2009-01-26 22:08 --------- d-----w c:\documents and settings\Default User.WINNT\Application Data\AVG7
    2009-01-26 22:01 54,157,776 ----a-w c:\program files\avg_free_stf_en_8_176a1400.exe
    2009-01-26 20:01 --------- d-----w c:\documents and settings\All Users.WINNT\Application Data\Spybot - Search & Destroy
    2008-12-19 01:37 --------- d-----w c:\program files\Full Tilt Poker
    2008-11-19 17:00 16,987,136 ----a-w C:\LMSetup.exe
    2007-08-31 23:49 56,560 ----a-w c:\documents and settings\Paul Fink.PAUL-A2SU8NITMJ\Application Data\GDIPFONTCACHEV1.DAT
    2007-06-22 21:27 271 ---h--w c:\program files\DESKTOP.INI
    2007-06-22 21:27 21,952 ---h--w c:\program files\FOLDER.HTT
    2007-06-05 15:56 554,312 ----a-w c:\program files\SP2express.exe
    2007-06-05 15:45 16,706,160 ----a-w c:\program files\AdbeRdr60_enu_full.exe
    2003-03-03 18:39 76,264 ----a-w c:\documents and settings\Paul Fink\Application Data\GDIPFONTCACHEV1.DAT
    2001-09-04 21:35 1,259,960 ----a-w c:\program files\winzip80.exe
    2000-07-26 17:00 32,528 ----a-w c:\winnt\inf\wbfirdma.sys

    (((((((((( SnapShot@Wed 02-11-2009_11.26.24.01 ))))))))
    .
    + 2009-02-12 19:33:31 16,384 ----atw c:\winnt\system32\Perflib_Perfdata_1e8.dat
    .Reg Loading Points

    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CS Update"="copy" [X]
    "U"="copy" [X]
    "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [03/01/07 05:11p 4670968]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [01/15/09 04:17p 1830128]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "CleanUp!"="c:\documents and settings\Paul Fink.PAUL-A2SU8NITMJ\Desktop\CleanUp!\Cleanup.exe" [08/07/03 12:01a 323584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="NvQTwk" [X]
    "Adaptec DirectCD"="c:\progra~1\Adaptec\DirectCD\directcd.exe" [05/17/07 08:50p 1122304]
    "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [07/21/06 03:19p 129536]
    "IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [07/14/03 11:30a 98304]
    "2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [10/10/03 02:14a 393216]
    "YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [07/21/06 09:43a 407032]
    "CaAvTray"="c:\program files\Yahoo!\Antivirus\CAVTray.exe" [05/21/07 02:41p 230512]
    "CAVRID"="c:\program files\Yahoo!\Antivirus\CAVRID.exe" [05/21/07 02:41p 185456]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [06/18/07 03:26p 282624]
    "HPAIO_PrintFolderMgr"="c:\winnt\System32\spool\DRIVERS\W32X86\hpoopm07.exe" [01/24/01 01:57p 61440]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/07 01:25a 6731312]
    "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [06/05/08 02:06p 125208]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [11/26/08 09:18a 81000]
    "CreateCD"="c:\progra~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe" [03/22/01 09:20a 245760]
    "Synchronization Manager"="mobsync.exe" [07/26/00 09:00a 111376 c:\winnt\system32\mobsync.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [07/26/00 09:00a 186640]

    c:\documents and settings\Default User.WINNT\Start Menu\Programs\Startup\
    Camio Viewer 3.2.lnk - c:\program files\Sierra Imaging\Image Expert 2000\IXApplet.exe [2001-08-01 53248]

    c:\documents and settings\Paul Fink.PAUL-A2SU8NITMJ\Start Menu\Programs\Startup\
    Camio Viewer 3.2.lnk - c:\program files\Sierra Imaging\Image Expert 2000\IXApplet.exe [2001-08-01 53248]

    c:\documents and settings\All Users.WINNT\Start Menu\Programs\Startup\
    HPAiODevice.lnk - c:\program files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe [2002-03-08 282624]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    WinZip Quick Pick.lnk - c:\documents and settings\Paul Fink.PAUL-A2SU8NITMJ\My Documents\New Folder\WinZip\WZQKPICK.EXE [2007-11-27 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [05/13/08 09:13a 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    12/22/08 11:05a 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=NVDESK32.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"= mmdrv.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
    @="FSFilter System Recovery"

    R0 idebd;idebd;c:\winnt\system32\drivers\IdeBd.sys [2007-05-17 3737]
    R0 IntelATA;IntelATA;c:\winnt\system32\drivers\IntelATA.sys [2007-05-17 118480]
    R1 Cdudf;Cdudf;c:\winnt\system32\drivers\CDUDF.SYS [2007-05-17 223008]
    R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2007-06-22 61712]
    R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\winnt\system32\drivers\KTC111.SYS [1979-12-31 61888]
    S1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2009-01-26 111184]
    S1 cmosa;cmosa;c:\winnt\system32\drivers\cmosa.sys [2007-05-17 29344]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
    S2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2009-01-26 93296]
    S3 hpoid407;IEEE-1284.4 Driver hpoid407;c:\winnt\system32\drivers\hpoid407.sys [2007-06-22 50448]
    S3 hpoius07;USB to IEEE-1284.4 Translation Driver hpoius07;c:\winnt\system32\drivers\hpoius07.sys [2007-06-22 17904]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://att.yahoo.com/
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    LSP: %SystemRoot%\system32\msafd.dll
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    .
    --- File Associations --
    .
    inffile=c:\winnt\System32\NOTEPAD.EXE "%1"
    .

    *******

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-12 11:35:38
    Windows 5.0.2195 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    *******------- LOCKED REGISTRY KEYS -----

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    @DACL=(02 0000)
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    @DACL=(02 0000)
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    @DACL=(02 0000)
    "Installed"="1"
    .----- DLLs Loaded Under Running Processes -------

    -- - - - > 'winlogon.exe'(220)
    c:\winnt\system32\NVDESK32.DLL
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - > 'lsass.exe'(260)
    c:\winnt\system32\NVDESK32.DLL
    .
    Completion time: 02/12/2009 11:37:19
    ComboFix-quarantined-files.txt 2009-02-12 19:37:04
    ComboFix2.txt 2009-02-11 19:31:48

    Pre-Run: 29,576,668,160 bytes free
    Post-Run: 29,570,571,264 bytes free

    159
     
  10. mflynn

    mflynn TS Rookie Posts: 2,655

    OK to attach click the Advanced Tab right under the posting screen.

    Then look look above where you type to the header and click the PaperClip to attach!

    You look clean but to be sure do the below and Attach log using my instructions.

    Download SDFix to Desktop.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.

    Now you told me all that was now working so tell me what is not, what is left to do.

    Mike
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...