Computer cleaned (?) but Control Panel still inaccessible

**Tirhakah** · 01-23-2008, 10:59 AM

Here's the log. Still includes some 'reg load points' for files that don't exist (I checked), and the scheduled tasks seem to be far greater in number than they used to be...

**PhilliePhan** · 01-23-2008, 04:12 PM

Originally Posted by Tirhakah

Here's the log. Still includes some 'reg load points' for files that don't exist (I checked), and the scheduled tasks seem to be far greater in number than they used to be...

Yup - There is a bunch of stuff we missed. Sorry about that.

Let's do this:

-- Download the attached file CFScript.txt to your Desktop
-- Close ALL browser windows and then drag CFScript.txt into ComboFix.exe

-- Let Combofix run as before and post me that log along with a fresh HJT Log.

And . . . We'll go from there

PP

**Tirhakah** · 01-24-2008, 11:22 AM

Done the scan with the dragging as shown. Actually, done it twice, since when I returned to the computer the first time it appeared to have crashed (no icons/menubar) and so I wasn't sure it had managed to complete the scan. Here are the logs:

**PhilliePhan** · 01-24-2008, 02:32 PM

Originally Posted by Tirhakah

Done the scan with the dragging as shown. Actually, done it twice, since when I returned to the computer the first time it appeared to have crashed (no icons/menubar) and so I wasn't sure it had managed to complete the scan. Here are the logs:

Looks like it made some progress!
I should apologize - it is taking me a bit longer than I thought to get back into the swing of things, malware-wise.

Anyhoo, lets try that one more time, but this time in Safe Mode.

-- I have attached a fresh CFScript.txt. Please DL a fresh ComboFix.exe and delete the older version and then do the drag and drop again with this new CFScript and post the log.

Hopefully this should do the trick!

Best Luck

PP

**Tirhakah** · 01-25-2008, 02:20 PM

Ok, here they are:
the combofix was done in safe mode, and the hjt after the computer was back in normal mode.

**PhilliePhan** · 01-25-2008, 03:35 PM

Originally Posted by Tirhakah

Ok, here they are:
the combofix was done in safe mode, and the hjt after the computer was back in normal mode.

Great! Almost done - For some reason the fix scripts are only partially taking.

Let's do this by hand:

-- Completely Uninstall Kaspersky (via Add/Remove Programs, if possible) and then DELETE this folder if it remains: C:\Program Files\Kaspersky Lab

-- Download the attached Zip. Please extract Fixit.reg to the desktop and DoubleClick on it and allow it to merge into the registry. Let me know if there are any problems with that.

-- Boot to Safe Mode with the Viewing of Hidden Files Enabled and see if you can locate C:\WINDOWS\system32\wowfx.dll
RightClick on it and Rename it to wowfx.BAD
Then, please upload it here for analysis and let me know what you find ---> http://virusscan.jotti.org/

If the above goes well, reinstall or re-enable your Resident Anti-virus program. Also, I would suggest installing Zone Alarm Firewall from my linky below as well.

Best luck

PP

**Tirhakah** · 01-29-2008, 12:39 PM

Sorry, I haven't been home for a couple of days.
Anyway, I removed kaspersky, and the online filescanner portion, but when I tried to merge fixit with the registry editor, I got an error saying "Cannot import C:\Documents and Settings\User\Desktop\Fixit.reg: The specified file is not a registry script.
You can only import binary registry files from within the registry editor."
Assuming that this stage was required, I therefore haven't done anything about wowfx.dll.

Thread: Computer cleaned (?) but Control Panel still inaccessible

Thread Tools

Display

Hybrid View

Thread Information

Users Browsing this Thread

Posting Permissions