View Single Post

**ceewi1** · 09-01-2008, 12:48 PM

Do you recognise and trust the sites in the following entries?:
O15 - Trusted Zone: http://*.bmc (HKLM)
O15 - Trusted Zone: http://*.goober (HKLM)
O15 - ESC Trusted Zone: http://www.wise.com
O15 - ESC Trusted Zone: http://www.wise.com (HKLM)

If not, please run HijackThis place a check next to those entries and click on Fix checked.

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code:
```
File::
C:\WINDOWS\system32\msjetwo.exe
C:\WINDOWS\system32\msmbsr.exe

Driver::
msjetwod
vsinstdv
```
Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.

CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

Please click on Start -> Run. Type the following command and click OK:
notepad "%userprofile%/Start Menu/Programs/Startup/drives.bat"

This should open up a Notepad window, please copy and past the contents into your next reply.

Please post

The ComboFix log
The Notepad document produced by running the above command
A new HijackThis log
An update on how your system is running now

09-01-2008, 12:48 PM	#6 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 22 Posts: 5,418	Do you recognise and trust the sites in the following entries?: O15 - Trusted Zone: http://.bmc (HKLM) O15 - Trusted Zone: http://.goober (HKLM) O15 - ESC Trusted Zone: http://www.wise.com O15 - ESC Trusted Zone: http://www.wise.com (HKLM) If not, please run HijackThis place a check next to those entries and click on Fix checked. Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: Code: File:: C:\WINDOWS\system32\msjetwo.exe C:\WINDOWS\system32\msmbsr.exe Driver:: msjetwod vsinstdv Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop. Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log. CAUTION: Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running. Please click on Start -> Run. Type the following command and click OK: notepad "%userprofile%/Start Menu/Programs/Startup/drives.bat" This should open up a Notepad window, please copy and past the contents into your next reply. Please post The ComboFix log The Notepad document produced by running the above command A new HijackThis log An update on how your system is running now __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870 RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides