Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Antivirus 2009 Pro and more


  • This topic is locked This topic is locked
3 replies to this topic

#1 dspiel

dspiel

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 16 February 2009 - 06:24 PM

Workstation is located on a Windows SBS domain, user has local administrator privledges. User was complaining of issues with her printer, spoolsv.exe is crashing.

Found Antivirus 2009 Pro was installed when looking at Add/Remove programs.

Ran full scans of machine using spybot, ad-aware, anti-malware and removed as much as I could.





DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 15:06:49.75 on Mon 02/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2806.1928 [GMT -8:00]

AV: Total Protection Service *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\zshp1020.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UStorSrv.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061127
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061127
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: PCLaw Web Timer: {0e1230f8-ea50-42a9-983c-d22abc2eed4b} - c:\progra~1\lexisn~1\pclaw32\plietool.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6173\SiteAdv.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickBooksDB17] c:\program files\intuit\quickbooks 2007\qbdbmgrn.exe -n qb_ws022_17 -qs -gd all -gk all -gp 4096 -gu all -ch 64m -c 32m -x tcpip(broadcastlistener=no;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe c:\docume~1\ameksa~1\locals~1\applic~1\intuit\quickb~1\log\DBSTAR~1.LOG -y
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [SiteAdvisor] c:\program files\siteadvisor\6173\SiteAdv.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\agent\Splash.exe"
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [QuickBooksDB19] c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -n qb_ws022_19 -qs -gd all -gk all -gp 4096 -gu all -ch 64m -c 32m -x tcpip(broadcastlistener=no;port=55333) -ti 0 -ec simple -qi -qw -tl 120 -oe c:\docume~1\alluse~1\applic~1\intuit\quickb~2\DBSTAR~1.LOG -y
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {91d9cee5-3906-40f7-b51a-9b013b59c826} - {836ece4e-a83a-404a-9433-6b15a66cb0fc} - c:\progra~1\lexisn~1\pclaw32\plietool.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {9d2169e0-0775-4080-9b4e-90fce9945b4a} - {2741ca04-5b65-4b10-afc0-4e8387fe6bde} - c:\progra~1\lexisn~1\pclaw32\plietool.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {3269A168-A467-4236-9D77-FF36D8DFB20F} - hxxps://bis.t-mobile.com/html/web/client_tools/RIM-PwpClient.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234815778982
DPF: {6B9A6E3B-0307-47A7-82B1-F2D215973CAF} - hxxps://accounting.quickbooks.com/c1/v23.122/qboimax6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2007\HelpAsyncPluggableProtocol.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.7.0.538.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6173\SiteAdv.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-16 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-3 201320]
R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2008-11-3 14144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-22 47640]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-16 38496]
R3 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2008-11-3 144704]
R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2008-11-3 79304]
R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2008-11-3 35240]
R3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2008-11-3 33832]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-11-27 29744]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-02-16 14:58 <DIR> --d----- c:\program files\Trend Micro
2009-02-16 14:55 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-16 14:54 <DIR> --d----- c:\documents and settings\administrator\.housecall6.6
2009-02-16 14:37 <DIR> --d----- C:\e868d0c5de0a2838bc
2009-02-16 14:36 <DIR> --d----- C:\7f41182640369974c5bd59cc562914fb
2009-02-16 14:31 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-16 13:10 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-02-16 13:10 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-02-16 13:10 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-02-16 13:10 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-02-16 13:10 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-02-16 13:09 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-02-16 12:59 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-16 12:50 <DIR> --d----- c:\windows\system32\scripting
2009-02-16 12:50 <DIR> --d----- c:\windows\system32\en
2009-02-16 12:50 <DIR> --d----- c:\windows\system32\bits
2009-02-16 12:50 <DIR> --d----- c:\windows\l2schemas
2009-02-16 12:46 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-02-16 12:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-16 12:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 12:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 12:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-16 12:46 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-16 12:44 <DIR> --d----- c:\windows\network diagnostic
2009-02-16 12:43 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 12:43 <DIR> --d----- c:\program files\Lavasoft
2009-02-16 12:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-16 12:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-16 12:33 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys
2009-02-16 12:26 <DIR> --d----- c:\windows\system32\PreInstall
2009-02-16 12:23 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-02-16 12:23 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-02-16 12:23 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-02-16 12:23 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-02-16 12:23 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-02-16 12:22 <DIR> --ds---- c:\documents and settings\administrator\UserData
2009-02-16 11:12 <DIR> --d----- C:\spoolerlogs
2009-02-16 08:48 520,192 -------- c:\windows\system32\ati2sgag.exe
2009-02-16 08:48 <DIR> --d----- c:\program files\ATI Technologies
2009-02-16 08:42 862,464 a------- c:\windows\system32\dllcache\ativvaxx.dll
2009-02-16 08:42 862,464 a------- c:\windows\system32\ativvaxx.dll
2009-02-16 08:42 2,518,016 a------- c:\windows\system32\dllcache\ati3duag.dll
2009-02-16 08:42 2,518,016 a------- c:\windows\system32\ati3duag.dll
2009-02-16 08:42 1,414,656 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-16 08:42 1,414,656 a------- c:\windows\system32\dllcache\ati2mtag.sys
2009-02-16 08:42 870,784 a------- c:\windows\system32\ati3d1ag.dll
2009-02-16 08:42 252,928 a------- c:\windows\system32\dllcache\ati2dvag.dll
2009-02-16 08:42 252,928 a------- c:\windows\system32\ati2dvag.dll
2009-02-16 08:42 237,568 a------- c:\windows\system32\dllcache\ati2cqag.dll
2009-02-16 08:42 237,568 a------- c:\windows\system32\ati2cqag.dll
2009-02-12 14:35 574,100 a------- c:\windows\system32\hp1022n.img
2009-02-12 14:35 106,496 a------- c:\windows\system32\ZSPOOL.DLL
2009-02-12 14:35 102,400 a------- c:\windows\system32\ZLhp1020.DLL
2009-02-12 14:35 53,248 a------- c:\windows\system32\ZTAG.DLL
2009-02-12 14:35 10,632 a------- c:\windows\system32\ZSHP1020.CHM
2009-02-12 14:35 430,080 a------- c:\windows\system32\ZSHP1020.EXE
2009-02-12 14:35 206,768 a------- c:\windows\system32\hp1022.img
2009-02-12 14:35 128,380 a------- c:\windows\system32\hp1020.img
2009-02-12 14:35 61,440 a------- c:\windows\system32\ZIMF.DLL
2009-02-12 14:35 <DIR> --d----- C:\hp
2009-02-12 14:30 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-02-11 13:55 2,010 a------- c:\windows\hpbvnstp.hi2
2009-02-11 13:55 783 a------- c:\windows\hpbvnstp.bu2
2009-02-11 13:51 <DIR> --d----- C:\HP LJ1320 PCL6 Driver
2009-02-09 09:06 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-09 09:06 1,409 a------- c:\windows\QTFont.for
2009-01-22 18:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LogMeIn
2009-01-22 18:03 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-01-22 18:03 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-01-22 18:03 28,984 a------- c:\windows\system32\LMIport.dll
2009-01-22 18:03 87,352 a------- c:\windows\system32\LMIinit.dll
2009-01-22 18:03 1,024 a------- C:\.rnd
2009-01-22 18:02 <DIR> --d----- c:\program files\LogMeIn
2009-01-22 17:54 <DIR> --d----- c:\program files\JAM Software

==================== Find3M ====================

2009-02-16 12:54 87,699 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-04 09:03 15,794 a------- c:\program files\common files\zusyvaxe.vbs
2008-11-03 15:32 15,265 a------- c:\program files\common files\awaqivo.bat
2008-11-03 15:32 14,927 a------- c:\docume~1\admini~1\applic~1\wevywori.bat
2008-11-03 15:32 13,023 a------- c:\program files\common files\lekivide.bin
2008-11-03 15:32 12,166 a------- c:\docume~1\alluse~1\applic~1\limyqote.dat
2008-11-03 15:32 10,895 a------- c:\docume~1\admini~1\applic~1\kidyqohu.com
2008-11-03 10:02 16,669 a------- c:\program files\common files\itaxatahub.bat
2008-11-03 10:02 11,620 a------- c:\program files\common files\ahojawac.db
2008-11-03 10:02 11,382 a------- c:\docume~1\alluse~1\applic~1\eturepe.com

============= FINISH: 15:08:19.80 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 17 February 2009 - 05:09 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..



Post these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. ComboFix

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 dspiel

dspiel
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 17 February 2009 - 11:35 AM

I'm going to wipe out the machine. Can't spend anymore time investigating. Thanks for your help.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 17 February 2009 - 11:47 AM

Thank you for notify us.. I will now close this topic.. Please pm any Moderator or HJT Team should you need to re-open this topic..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users