[Howard]

Ok, we need to remove some files manually.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

MsnMsgr .exe<Note the spaces between the filename and the .exe part, this is the infection.
spoolvs .exe<Note the spaces between the filename and the .exe part, this is the infection.
printer .exe<Note the spaces between the filename and the .exe part, this is the infection.

Close task manager.

Locate and delete the following bold files and/or folders(if there).

C:\WINDOWS\system32\spoolvs .exe
C:\WINDOWS\system32\printer .exe
C:\Program Files\MSN Messenger\MsnMsgr .exe

Make sure you only delete the files with the spaces after the filename and before the .exe part.

Click start/run and type regedit into the run box and press the enter key.

Navigate to the following registry key and delete the bold portion.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\msnmsgr

Close regedit.

Reboot into normal mode and rehide your protected OS files.

Run the DSS tool and post the main log file only.

Regards Howard

This thread is for the use of DarkVisor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[DarkVisor]

hey howard, sorry it took me so long to reply!
I deleted the files successfully and did the log, but the problem is still present
Hmm I was running the Opera browser before, and it ran perfectly, so I know its not a CPU problem, but to be sure I got a new cooler today, but as I have said nothing makes a difference.

I have noticed in the registry notes, that bittorrent also has the spaces before the .exe so that might be worth deleting.
Also, my 3rd party firewall keeps telling me that dnsresponder.exe keeps trying to access the internet, and its calling itself bonjour service. I can see its folder in program files, but i dont know if its normal, should I delete it?

[Howard]

dnsresponder.exe is part of the Itunes chat client and is safe.

Please post the requested log file.

Regards Howard

This thread is for the use of DarkVisor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[DarkVisor]

Here it is

[Howard]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

Locate and delete the following bold files and/or folders(if there).

C:\Program Files\BitTorrent\bittorrent .exe

Reboot into normal mode.

Now, let`s see if you can run Combofix.

Delete any versions of Combofix you currently have.

Download combofix.exe to your desktop. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

Post the Combofix log.

Regards Howard

This thread is for the use of DarkVisor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[Howard]

Due to lack of feedback this thread is closed.

If you need this thread re-opened please contact a moderator or PM me.

Regards Howard