Hi,

Can you please attach here MCShield’s AllScans.txt logreport?

Start -> All Programs -> MCShield -> Logs Attach here -> AllScans.txt

Step#1

  1. Again, temporaly disable your AV software …

  2. Open notepad and copy/paste the text present inside the code box below:



Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SweetIM"=-
"Sweetpacks Communicator"=-

KillAll::

Folder::
c:\program files\SweetIM

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\documents and settings\shima\Application Data\Mozilla\Firefox\Profiles\g2af35yv.default\
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.sessionstore.resume_from_crash - false

RegNull:
[HKEY_USERS\S-1-5-21-515967899-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF713E29-3232-BEE7-DFBD-58C20AB929D0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iagcchhpkbfglbcend"=hex:6a,61,64,6e,64,66,68,6c,68,62,63,70,67,64,69,69,63,61,
   65,6b,00,0e
"haabikmegagnehcp"=hex:6a,61,63,6e,64,69,63,6d,68,6a,6c,66,66,69,6b,63,6a,64,
   6a,64,00,ff
"iaclckchghkmhamffg"=hex:63,61,68,6e,68,69,00,7c


Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

Step#2

[*]Download AdwCleaner (by Xplode) on your desktop.

[*] Click on the [Delete] Wait for the programme completes his work.
The program will close all active programs. Click OK to confirm that.
On the next two windows that open ( Informations and Restart required ) click OK

[*] The computer will restart and open a notepad ( C:\AdwCleaner[S1].txt ) with the report.
[*] Save the notepad report on the Desktop
[*] Please attach here C:\AdwCleaner[S1].txt

Note: The report will also be stored on C:\AdwCleaner[S1].txt


In your next reply please attach here:

  • MCShield’s AllScans.txt
  • Combofix’s Combofix.txt
  • AdwCleaner’s AdwCleaner[S1].txt

Tell me, how is your computer running now? 8)