Thanks.

Do you have any idea what could be causing the control panel + saves to stop working?

Im doing avg scan now

I might have a better idea, once I`ve seen your AVG Antispyware and Combofix logs.

However, I did say before I started to clean your system, that it was possible your OS had been damaged.

Once I`ve seen your log files, I`ll see what we can do.

Regards Howard

This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Just thought i would mention this before i start combofix


I keep getting recurring

HKLM\SOFTWARE\ISTbar

Just wondering if this is normal, its been found by avg and ad-aware

Download and run this ISTbar removal TOOL.

Then post the log files I requested.

Regards Howard

This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Heres the logs

Timmy, glad to see your gettn the best help on the net. hope things continue to go yuor way.

howard, thanks for all you do. you da man!

Hes more helpful than like 5 call centres put together

Did you run the AVG Antispyware scan before or after you ran the ISTbar removal tool?

Also, your Combofix log contains the output from several scans. I need you to delete all the Combofix logs on your system and post a fresh Combofix log.

Also, I want you to run the Ccleaner programme as per the instructions in this thread HERE.

Remember what I said about following instructions 100%

Regards Howard

This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Before..


So you mean all those logs are bunched up together?

Yes, all the logs are bunched up together lol.

Run another AVG Antispyware scan, after you`ve run the ISTbar removal tool and Ccleaner. Then see what it comes up with. If it doesn`t find anything, there`s no need to post the log.

After you`ve done that, post a fresh HJT and Combofix log. Let me know exactly what problems you`re having, if any.

Regards Howard

This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Oh wait, here.


The numbers went backward, not forwards


/sigh

Looks like it deleted a load of crap.

Now do the following exactly.

Run the ISTbar removal tool.

Run the Ccleaner programme.

Run AVG Antispyware scan and post the log, only if it finds anything.

Delete all Combofix logs, then run Combofix and post the new log.

Let me know what problems you`re still having, if any.

Regards Howard

This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Hello howard, sorry about the late reply..

I don't go on as much during the weekdays.


I did a repair install - Some things are still a bit dodgy, i will possibly be getting a new rig in 2-3 weeks.



Thanks for all the help.


I also think i have a virus..

O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)


Tried deleting it but it comes back

You`re quite right, the mousecrm.exe is indeed a virus. Please post a fresh HJT log.

Regards Howard

This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Here we go..


Also , after i did repair install.. My pc isn't detecting my GPU, so when i try to install new drivers. It sais something about not being compatible with your hardware :|

For eg. when i scroll down in mozilla, it flashes as if im in safe mode




Also avast is detecting alot, i will post + edit its findings here.

C:\Documents and settings\Georgie\...\lo1[1]
Is the trojan horse TR/vundo.gen <Fixed

C:\Windows\System32\iiiii.dll
Is the trojan horse TR/vundo.gen <Fixed

C:\WINDOWS\system32\spoolvc.exe[
Name: Backdoor.sdbot.aad
Risk: High, Found by avg anti-spyware

C:\Documents and Settings\....\acid[1].exe
Is the trojan horse TR.Crypt.ULPM.gen

C:\msetss.exe
Is the trojan horse TR.Crypt.ULPM.gen


Also i decided today that i will be splashing out a bit on the new pc



Thanks, Tim


EDIT: Running vundo fix now, silly me (Found 3 so far)

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

This is the filepath you need to enter into killbox.

C:\WINDOWS\SYSTEM32\ddcaxwu.dll

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Mouse Cursor Monitor (mousecrm)<Disable the service name and/or the name in brackets.
Task Client Manager

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

spoolvc.exe
mousecrm.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O20 - Winlogon Notify: ddcaxwu - C:\WINDOWS\SYSTEM32\ddcaxwu.dll

O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)

O23 - Service: Task Client Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\spoolvc.exe
C:\WINDOWS\System32\mousecrm.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard

This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Same issue?

I think i may have the same issue as this user. Am i allowed to post to this forum? I found iiiii.dll.

Please don't post in this thread anymore it was for the use of --Timmy-- only. The instructions given were for this user only

hahahahahahah

i just checked my emails and saw that i was subscribed to this thread still... lol !

Anyways i haven't gotten a virus since formatting and starting off with a clean system and looking after it.

-Need a decent av
-Need a decent firewall
-Be cautious all the time.

Also, why was howard banned?

Thread closed. Do not post in year long threads that have had no response to them.

Do not post in other's threads with your problem. Instead open a new thread in the relevant forum, making sure you have already read the stickies and followed all required instructions.