View Single Post
  #8  
Old January 6th, 2008, 04:31 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
The system has infection, but that log is always a very large one, so not an indicator of just how much infection is there. Let's start some repairs now.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Please run Notepad and copy the following text in bold into a new file:

Code:
@ECHO OFF
cd %windir%
sc start r_server
sc start seclogon
sc start Remote Registry
exit
Save the file as "servstart.bat"

Make sure to save it with the quotes. Save this in case it is needed to start that service again if too many errors occur after this service is stopped. It will automatically change to an "as-needed" startup setting. You should not need this - it is just a precaution measure.


Now run Notepad and copy the following text in bold into a new file:

Code:
@ECHO OFF
cd %windir%
sc config r_server start= disabled
sc stop r_server
sc config seclogon start= disabled
sc stop seclogon
sc config Remote Registry start= disabled
sc stop Remote Registry
Save the file as "servstop.bat"

Make sure to save it with the quotes. Please double-click on servstop.bat. A window should open and close very quickly --- this is normal.

---------------------------

Then Download ComboFix.exe from here to your desktop, and click the downloaded file to run the repair.

When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop, however given the infection there ComboFix will likely cause a reboot in order to complete it's repairs.

(ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver)

Post back the C:\ComboFix.txt log as well as a new HijackThis log please.