Hi,
Can you please attach here MCShield’s AllScans.txt logreport?
Start -> All Programs -> MCShield -> Logs
Attach here -> AllScans.txt
Step#1
-
Again, temporaly disable your AV software …
-
Open notepad and copy/paste the text present inside the code box below:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SweetIM"=-
"Sweetpacks Communicator"=-
KillAll::
Folder::
c:\program files\SweetIM
ClearJavaCache::
Firefox::
FF - ProfilePath - c:\documents and settings\shima\Application Data\Mozilla\Firefox\Profiles\g2af35yv.default\
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.sessionstore.resume_from_crash - false
RegNull:
[HKEY_USERS\S-1-5-21-515967899-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF713E29-3232-BEE7-DFBD-58C20AB929D0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iagcchhpkbfglbcend"=hex:6a,61,64,6e,64,66,68,6c,68,62,63,70,67,64,69,69,63,61,
65,6b,00,0e
"haabikmegagnehcp"=hex:6a,61,63,6e,64,69,63,6d,68,6a,6c,66,66,69,6b,63,6a,64,
6a,64,00,ff
"iaclckchghkmhamffg"=hex:63,61,68,6e,68,69,00,7c
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
Step#2
[*]Download AdwCleaner (by Xplode) on your desktop.
[*] Click on the [Delete] Wait for the programme completes his work.
The program will close all active programs. Click OK to confirm that.
On the next two windows that open ( Informations and Restart required ) click OK
[*] The computer will restart and open a notepad ( C:\AdwCleaner[S1].txt ) with the report.
[*] Save the notepad report on the Desktop
[*] Please attach here C:\AdwCleaner[S1].txt
Note: The report will also be stored on C:\AdwCleaner[S1].txt
In your next reply please attach here:
- MCShield’s AllScans.txt
- Combofix’s Combofix.txt
- AdwCleaner’s AdwCleaner[S1].txt
Tell me, how is your computer running now? 8)