:help:how to delete or remove"new folder.exe" virus?w/ no admin account but only "power user" or "group user" on xp os

use AVG anti virus bro..or any anti virus..kung hindi kya ng anti-virus mo..switch sa mas magandang anti-virus

i already tried to installed AV but unable to installed due to restriction.

:hi: doom_warrior,

did you already try this?.

[TUT] How to Remove Malicious/VIRUS/WORMS in your Infected PC's (http://www.symbianize.com/showthread.php?t=30628)

if not, kindly apply this first, and update us the result. :D

Try to gain a SYSTEM Account tapos install mo na yung AV kasi kkung limited yang account mo talagang hini mo maaalis yang virus...

i cannot gain access ng admin account coz our company have strict policy..already done sir noosadz but all the programs cannot install the combofx,sdfix . the taskkiller was installed but disable by the virus ...thanks for the reply

ok bro,

First Launch your Internet Explorer, try to perform Kaspersky Online Scanner (http://www.kaspersky.com/kos/english/kavwebscan.html)

take note, that will not access in firefox, only in your IE.

Now, click Accept to start initializing and scanning to your windows, target it on your local drives and take a full scan.

Well, just give it a try bro.

If doesn't access this online scanner, maybe you should consult your admin for you to access programs/softwares. :D

ok bro,

First Launch your Internet Explorer, try to perform Kaspersky Online Scanner

take note, that will not access in firefox, only in your IE.

Now, click Accept to start initializing and scanning to your windows, target it on your local drives and take a full scan.

Well, just give it a try bro.

If doesn't access this online scanner, maybe you should consult your admin for you to access programs/softwares.



ok...i'll try ..thanks

tol kelangan mu na atang ireformat yang pc mo as in format talaga ha at change OS

sir noOsadz i'll tried online virus scan on kaspersky but the IE window was close when i open it, and possible the virus close it.And i also tried BETdepender AV online scan and it was detected but when i tried to logoff and login the virus appeard at my desktop.I'll tried CUREit AV standalone but the same encounter on Betdepender AV.....thanks

TO zh3vlag-sir reformat is not my option coz the pc that we used was a company owned and it was only allocated our a group..thanks also

:help:how to delete or remove"new folder.exe" virus?w/ no admin account but only "power user" or "group user" on xp os

Bro try mo rin ito, napulot ko lang New Folder.exe Removal Tool :D:

EDIT: Ito rin bro baka umubra din newfolder_killer.exe

dude try mo to astiggen at talagang nakakatulong gawa ni Uchiha_Yueh - symbianizer to'

http://www.symbianize.com/showthread.php?t=46407

sana matulungan ka tulad na naitulong neto sakin.:thumbsup:

thanks bro. psychospath and st_jorgeN95..i'll try it...i hope it will be remove....thanks again......

:hi: again doom_warrior,

Also kindly perform Hijackthis and post the logs here. :D

thanks bro. psychospath and st_jorgeN95..i'll try it...i hope it will be remove....thanks again......

ur' welcome!
kay Uchiha_Yueh ka mag thanks knaya yung application e inadvertize ko lang hehehe:lol:

sir nakapag add rep na po ako sa kanya in other threads....cge salamat sa kanya

hahaha:lol:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:37 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\WINDOWS\DisplayMonitor.exe
C:\WINDOWS\cmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Setup.exe
C:\WINDOWS\system\reg32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Analog Devices Inc.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Forefront Client Security Antimalware Service] "c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NVIDIA Display] C:\WINDOWS\DisplayMonitor.exe
O4 - HKLM\..\Run: [Win32 Console] C:\WINDOWS\cmd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\OfficeXP\Office10\OSA.EXE
O4 - Global Startup: Setup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://globalview.adp.com
O15 - Trusted Zone: http://*.netbenefits.com
O15 - Trusted Zone: http://analog.sumtotalsystems.com
O15 - Trusted Zone: http://globalview.adp.com (HKLM)
O15 - Trusted Zone: http://*.netbenefits.com (HKLM)
O15 - Trusted Zone: http://analog.sumtotalsystems.com (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1195789293404
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/EN/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.analog.com
O17 - HKLM\Software\..\Telephony: DomainName = ad.analog.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.analog.com
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe

--
End of file - 6812 bytes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:37 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\WINDOWS\DisplayMonitor.exe
C:\WINDOWS\cmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Setup.exe
C:\WINDOWS\system\reg32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Analog Devices Inc.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Forefront Client Security Antimalware Service] "c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NVIDIA Display] C:\WINDOWS\DisplayMonitor.exe
O4 - HKLM\..\Run: [Win32 Console] C:\WINDOWS\cmd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\OfficeXP\Office10\OSA.EXE
O4 - Global Startup: Setup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://globalview.adp.com
O15 - Trusted Zone: http://*.netbenefits.com
O15 - Trusted Zone: http://analog.sumtotalsystems.com
O15 - Trusted Zone: http://globalview.adp.com (HKLM)
O15 - Trusted Zone: http://*.netbenefits.com (HKLM)
O15 - Trusted Zone: http://analog.sumtotalsystems.com (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1195789293404
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/EN/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.analog.com
O17 - HKLM\Software\..\Telephony: DomainName = ad.analog.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.analog.com
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe

--
End of file - 6812 bytes

:hi: again doom_warrior,

I review now your logs, and your PC still got NASTY items, ok let's try to remove that and clean your PC. just follow all the procedures so we'll remove permanently the infected item, ok? so let's start.

- First, Disable mo ang system restore, Right Click My computer icon -> Properties -> System Restore -> Check "Turn off system restore on all drives", click apply and OK.

- Now, launch your Hijackthis, click do a scan only, then after scan, kindly check this items below on that part.

Unknown
O4 - HKLM\..\Run: [NVIDIA Display] C:\WINDOWS\DisplayMonitor.exe

O4 - HKLM\..\Run: [Win32 Console] C:\WINDOWS\cmd.exe

O4 - Global Startup: Setup.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.in...lInstaller.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.analog.com

O17 - HKLM\Software\..\Telephony: DomainName = ad.analog.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.analog.com

Now click "Fix Checked" below on that program, then you may now exit the program, Take note, Kindly close your browser when you fix those items above.

- After that, Kindly download The Avenger (http://swandog46.geekstogo.com/avenger.zip) by Swandog46, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

Files to delete:
C:\WINDOWS\DisplayMonitor.exe
C:\WINDOWS\cmd.exe

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

- After that use this KaiZeR Killer Version 1.8 (http://www.symbianize.com/showthread.php?t=44558&highlight=kaizer+killer), save it to your desktop and apply it, then restart.

- Now run CCleaner (http://www.ccleaner.com/), clean your temp files, unused files and fix also your registry which you'll seen on the Registry Tab.

- After you apply those procedure, Kindly scan again your Hijackthis, post your new logs here and update us the result. GoodLuck! :D

ok i'll try

again doom_warrior,

I review now your logs, and your PC still got NASTY items, ok let's try to remove that and clean your PC. just follow all the procedures so we'll remove permanently the infected item, ok? so let's start.

- First, Disable mo ang system restore, Right Click My computer icon -> Properties -> System Restore -> Check "Turn off system restore on all drives", click apply and OK.

- Now, launch your Hijackthis, click do a scan only, then after scan, kindly check this items below on that part.


Quote:
Unknown
O4 - HKLM\..\Run: [NVIDIA Display] C:\WINDOWS\DisplayMonitor.exe

Quote:
O4 - HKLM\..\Run: [Win32 Console] C:\WINDOWS\cmd.exe

Quote:
O4 - Global Startup: Setup.exe

Quote:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab

Quote:
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.in...lInstaller.exe

Quote:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.analog.com

Quote:
O17 - HKLM\Software\..\Telephony: DomainName = ad.analog.com

Quote:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.analog.com

Now click "Fix Checked" below on that program, then you may now exit the program, Take note, Kindly close your browser when you fix those items above.

- After that, Kindly download The Avenger by Swandog46, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:


Quote:
Files to delete:
C:\WINDOWS\DisplayMonitor.exe
C:\WINDOWS\cmd.exe

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

- After that use this KaiZeR Killer Version 1.8, save it to your desktop and apply it, then restart.

- Now run CCleaner, clean your temp files, unused files and fix also your registry which you'll seen on the Registry Tab.

- After you apply those procedure, Kindly scan again your Hijackthis,




THANKS SIR NOOSADZ....HEHEHE....THE SOLUTION WAS TO RUN HIJACKTHIS AND FIXED W/ THE NETWORK CABLE WAS DISCONNECTED. AND THEN MANUALLY DELETED THE NEWFOLDER.EXE VIRUS AND RAN CCLEANER AND THE VIRUS GONE...I TRIED TO RUN THE AVENGER PROGRAM BUT ENCOUNTER SCRIPT ERROR DUE TO ADMIN ACCOUNT AND THE KAIZER WAS VERSION 1.8 ENCOUNTER ERROR ALSO..THANK YOU VERY MUCH....IDOL...HEHEHE..