4 replies to this topic

[Muzammil]

Hi,
For past couple of weeks my has slowed down considerably, my download speed has also gone down about 50% and whenever i open a folder on my local drive it takes too much time to open it.
I also installed Comodo security and it ran smoothly but today a process cmdagent.exe was using 100% of my CPU so i uninstalled it and now its my CPU is free but still my speed is slow !!
also whenever i restart my computer the date and time are changed to random 2006 month , whenever i restart it says a cmos failure and i have to restart it again and i have 4GB DDR2 RAM and my computer is showing 3.23

Here are my logs as recommended by the introductory topic !

DDS:

DDS (Ver_09-09-29.01) - NTFSx86
Run by XPPRESP3 at 20:30:41.67 on Wed 10/07/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.3315.2618 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\igfxsrvc.exe
E:\Utilities\Pure Networks\Network Magic\nmapp.exe
E:\Utilities\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
e:\Utilities\Trend Micro\Internet Security\SfCtlCom.exe
e:\Utilities\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
e:\UTILIT~1\Trend Micro\Internet Security\TmPfw.exe
e:\Utilities\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XPPRESP3\My Documents\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer provided by Muzammil Ahmed
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\bin\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "e:\utilities\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [UfSeAgnt.exe] "e:\utilities\trend micro\internet security\UfSeAgnt.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\xppresp3\startm~1\programs\startup\erunt autobackup.lnk - e:\utilities\erunt\AUTOBACK.EXE
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoTaskGrouping = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: DisableCurrentUserRunOnce = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
IE: Download All Links with IDM - c:\program files\internet download manager\bin\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\bin\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\bin\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {55F98F72-CA69-4EC6-9A03-8066E1DFB8FD} = 202.70.150.10,202.70.150.11
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xppresp3\applic~1\mozilla\firefox\profiles\fkp38g03.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15015&l=dis
FF - component: c:\progra~1\mozill~1\extensions\{31513e58-f253-47ad-86db-d5f21e905429}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\progra~1\mozill~1\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\internet download manager\bin\appdataidmmzcc3\components\idmmzcc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214024]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-5 233472]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-10-5 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-15 36368]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-5 36608]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-15 333328]
R3 TmPfw;Trend Micro Personal Firewall;e:\utilit~1\trend micro\internet security\TmPfw.exe [2009-10-5 488768]
R3 tmproxy;Trend Micro Proxy Service;e:\utilities\trend micro\internet security\TmProxy.exe [2009-10-5 648456]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-2 34248]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-8-27 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-8-27 8320]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-3-20 1452032]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-10-5 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-10-5 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-10-5 121856]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-10-07 20:30 <DIR> --d-h--- c:\windows\PIF
2009-10-05 22:05 121,856 a------- c:\windows\system32\drivers\ss_bmdm.sys
2009-10-05 22:05 90,112 a------- c:\windows\system32\drivers\ss_bbus.sys
2009-10-05 22:05 14,976 a------- c:\windows\system32\drivers\ss_bmdfl.sys
2009-10-05 22:05 12,160 a------- c:\windows\system32\drivers\ss_bwhnt.sys
2009-10-05 22:05 12,160 a------- c:\windows\system32\drivers\ss_bwh.sys
2009-10-05 22:05 12,160 a------- c:\windows\system32\drivers\ss_bcmnt.sys
2009-10-05 22:05 12,160 a------- c:\windows\system32\drivers\ss_bcm.sys
2009-10-05 22:05 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-10-05 22:04 233,472 a------- c:\windows\system32\FsUsbExService.Exe
2009-10-05 22:04 110,592 a------- c:\windows\system32\FsUsbExDevice.Dll
2009-10-05 22:04 36,608 a------- c:\windows\system32\FsUsbExDisk.Sys
2009-10-05 22:04 <DIR> --d----- c:\docume~1\xppresp3\applic~1\Samsung
2009-10-05 21:25 <DIR> --d----- c:\windows\system32\log
2009-10-05 19:25 142,864 a------- c:\windows\system32\drivers\tmcomm.sys
2009-10-05 19:25 52,752 a------- c:\windows\system32\drivers\tmactmon.sys
2009-10-05 19:25 52,624 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-10-05 19:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-10-05 19:14 25,392 a------- c:\windows\system32\drivers\pnarp.sys
2009-10-05 19:14 26,672 a------- c:\windows\system32\drivers\purendis.sys
2009-10-05 19:14 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2009-10-05 17:53 456,384 a----r-- c:\windows\system32\drivers\ar5211.sys
2009-10-05 16:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-10-05 16:37 17,801 a------- c:\windows\system32\drivers\AegisP.sys
2009-10-01 12:15 <DIR> --d----- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-10-01 12:15 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-30 12:03 225,280 a------- c:\windows\system32\rewire.dll
2009-09-30 12:03 1,554,944 a------- c:\windows\system32\vorbis.acm
2009-09-30 12:01 <DIR> --d----- c:\windows\system32\Adobe
2009-09-27 00:14 <DIR> --d----- c:\windows\system32\AGEIA
2009-09-26 23:13 515,416 a------- c:\windows\system32\XAudio2_5.dll
2009-09-26 23:13 238,936 a------- c:\windows\system32\xactengine3_5.dll
2009-09-26 23:13 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll
2009-09-26 23:12 5,501,792 a------- c:\windows\system32\d3dcsx_42.dll
2009-09-26 23:12 235,344 a------- c:\windows\system32\d3dx11_42.dll
2009-09-26 23:12 453,456 a------- c:\windows\system32\d3dx10_42.dll
2009-09-26 23:12 1,892,184 a------- c:\windows\system32\D3DX9_42.dll
2009-09-26 23:12 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-09-26 23:12 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-09-26 23:12 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-09-26 23:12 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-09-26 23:12 69,464 a------- c:\windows\system32\XAPOFX1_3.dll
2009-09-26 23:12 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-09-26 23:12 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-09-26 23:08 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-09-26 17:01 153 a------- c:\windows\cavscan.INI
2009-09-20 23:06 <DIR> --d----- c:\docume~1\xppresp3\applic~1\IObit
2009-09-18 15:20 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-09-18 15:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-09-17 19:09 304,128 a------- c:\windows\IsUninst.exe
2009-09-17 19:09 <DIR> --d----- c:\documents and settings\xppresp3\WINDOWS
2009-09-17 15:56 <DIR> --d----- c:\documents and settings\xppresp3\.dvdcss
2009-09-16 14:26 210,352 a------- c:\windows\system32\idmmbc.dll
2009-09-10 17:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 14:13 <DIR> --d----- c:\windows\system32\appmgmt
2009-09-09 15:34 <DIR> --d----- C:\winnt_

==================== Find3M ====================

2009-10-07 20:12 1,474,832 a------- c:\windows\system32\drivers\sfi.dat
2009-08-27 15:16 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-27 15:16 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-25 20:19 409,600 a------- c:\windows\system32\wrap_oal.dll
2009-08-25 20:19 114,688 a------- c:\windows\system32\OpenAL32.dll
2009-08-14 20:31 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-14 19:56 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-05 20:49 2,301 a------- c:\windows\mozver.dat
2009-08-05 20:41 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-07-28 23:33 25,088 a------- c:\windows\system32\msxml3a.dll
2009-07-20 08:34 70,936 a------- c:\windows\system32\PhysXLoader.dll

============= FINISH: 20:30:58.67 ===============

RootRepeal:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2006/01/01 00:34
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8AF9000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5F4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP8764
Image Path: \Driver\PCI_PNP8764
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7C13000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sphc.sys
Image Path: sphc.sys
Address: 0xB9EAA000 Size: 1036288 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x89a83c60

#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x89a83160

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x89a83420

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x89a84ac0

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x89a841e0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x89a844a0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sphc.sys" at address 0xb9ec8ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sphc.sys" at address 0xb9ec9030

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x89a84c60

#: 119 Function Name: NtOpenKey
Status: Hooked by "sphc.sys" at address 0xb9eab0c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x89a836e0

#: 160 Function Name: NtQueryKey
Status: Hooked by "sphc.sys" at address 0xb9ec9108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sphc.sys" at address 0xb9ec8f88

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x89a83f20

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x89a839a0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x89a84920

==EOF==

Attached Files

•  Attach.txt   15.83KB   1062 downloads

Edited by Muzammil, 08 October 2009 - 04:19 AM.

[CatByte]

Hi,

There are no obvious signs of malware on your system, but we can do a couple of scans to make certain.

Please do the following:

Please download Malwarebytes' Anti-Malware

• Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- very important
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

In your next reply please include

• MBAM Log
• Kaspersky report

[Muzammil]

hi, thanx for your help but yesterday for unknown reasons my computer just crashed and had to do a complete new os install but it was not recognizing my harddisk so had to repartition my disk so lost all my data but finally got it working . . . Thanks for your time by the way! Muzammil

[CatByte]

Glad you have it working again. It didn't appear to be a malware issue. So at least you know now and have your computer up and running again/ Stay safe ~CB

[CatByte]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.