Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 triscope

triscope

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 20 July 2009 - 07:00 PM

Hi, I have the exact same problem. I stumbled on this forum after searching for win32/rootkit.agent.odg.

I scanned my system with malwarebytes, spybot, nod32 and only nod32 keeps saying that my memory is infected. I tried combofix also and that didnt work.
gmer will load but I cant really do anything with it. When I right click I cant select any option to do any changes.

Same goes for rootkit repeal.

Also I cant even access safemode. Whenever I try to access safemode, my computer just reboots. So it seems like its affected even that as well.

I really hope there is a solution. This damn rootkit is really pissing me off.

BC AdBot (Login to Remove)

 


#2 triscope

triscope
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 20 July 2009 - 07:20 PM

Here's the log of combofix. I dont seem to find anything wrong in there....



ComboFix 09-07-20.01 - K0MPR3SS0R 20/07/2009 18:50.2.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1601 [GMT -4:00]
Running from: e:\downloads2\ComboFix.exe
AV: Avanquest VirusScanner Pro *On-access scanning enabled* (Updated) {6A383D4C-7657-408f-BD0D-B379B5C7C3BE}
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.

2009-07-20 22:29 . 2009-07-20 22:29 -------- d-----w- c:\program files\Trend Micro
2009-07-19 19:54 . 2009-07-19 19:54 -------- d-----w- c:\program files\HandBrake
2009-07-15 17:06 . 2000-09-13 10:14 155648 ----a-w- c:\windows\system32\Sde50.dll
2009-07-15 17:06 . 2000-09-13 09:14 266240 ----a-w- c:\windows\system32\SdeNsx50.dll
2009-07-15 17:06 . 2009-07-15 17:09 -------- d-----w- c:\program files\Windows Lotto Pro 2000
2009-07-15 14:01 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 14:01 . 2009-07-15 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 14:01 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-14 04:12 . 2009-07-14 04:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-07-14 03:34 . 2009-07-14 03:34 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Local Settings\Application Data\ESET
2009-07-14 03:09 . 2009-07-14 03:09 -------- d-----w- c:\program files\ESET
2009-07-14 03:09 . 2009-07-14 03:09 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ESET
2009-07-13 20:54 . 2009-07-13 20:54 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Application Data\Media Player Classic
2009-06-24 15:38 . 2009-06-24 15:38 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Application Data\Braid

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 22:42 . 2008-01-19 23:46 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Application Data\uTorrent
2009-07-20 22:36 . 2008-03-15 14:31 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 4
2009-07-20 18:22 . 2004-08-04 03:14 361088 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-07-20 18:22 . 2009-07-20 18:22 361088 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-20 07:00 . 2007-12-21 19:19 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-20 02:33 . 2009-04-02 14:36 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Application Data\AVI ReComp
2009-07-19 19:54 . 2007-12-15 20:11 79216 ----a-w- c:\documents and settings\K0MPR3SS0R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 07:00 . 2007-12-18 13:23 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-07-14 03:23 . 2007-12-13 04:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 03:22 . 2008-06-03 21:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Codemasters
2009-07-14 03:03 . 2009-01-08 15:53 -------- d-----w- c:\program files\Brother
2009-07-14 03:03 . 2008-03-21 01:33 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-07-14 03:03 . 2008-03-21 01:33 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Roxio
2009-07-14 03:01 . 2008-02-23 19:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-13 21:29 . 2008-01-20 01:07 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Application Data\mIRC
2009-07-10 13:45 . 2008-01-20 01:07 -------- d-----w- c:\program files\mIRC
2009-07-08 22:43 . 2009-04-28 13:43 81984 ------w- c:\windows\system32\bdod.bin
2009-06-29 21:59 . 2007-12-13 20:05 -------- d-----w- c:\program files\Google
2009-06-04 03:16 . 2008-08-14 00:57 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Application Data\FrostWire
2009-05-14 15:41 . 2008-02-21 18:47 73108 ------w- c:\windows\system32\mlfcache.dat
2009-05-13 13:40 . 2009-05-13 13:40 2678 ----a-w- c:\windows\java\Packages\Data\TBZNL779.DAT
2009-05-13 13:40 . 2009-05-13 13:40 2678 ----a-w- c:\windows\java\Packages\Data\H3JPJ5R1.DAT
2009-05-13 13:40 . 2009-05-13 13:40 2678 ----a-w- c:\windows\java\Packages\Data\GJR5BNHR.DAT
2009-05-13 13:40 . 2009-05-13 13:40 2678 ----a-w- c:\windows\java\Packages\Data\7NBBNRPB.DAT
2008-03-09 12:25 . 2009-02-15 22:05 236 ---ha-w- c:\program files\Common Files\dx.reg
.

------- Sigcheck -------

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 03:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 23:33 361088 AC6ECC5CB4C7E9DB72273489ECB94CFF c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2009-07-20 18:22 361088 5ACBE0F5C41AD07AF2F6B7F9464B5441 c:\windows\system32\dllcache\TCPIP.SYS
[7] 2007-10-30 23:33 361088 AC6ECC5CB4C7E9DB72273489ECB94CFF c:\windows\system32\dllcache\cache\tcpip.sys
[-] 2009-07-20 18:22 361088 5ACBE0F5C41AD07AF2F6B7F9464B5441 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( SnapShot@2009-07-17_19.38.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-20 22:59 . 2009-07-20 22:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-13 04:07 . 2009-07-17 18:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-13 04:07 . 2009-07-20 22:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-13 04:07 . 2009-07-17 18:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-13 04:07 . 2009-07-20 22:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-12-13 04:07 . 2009-07-17 18:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 03:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-10-31 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-10-31 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-31 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"usnjsvc"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"PnkBstrA"=2 (0x2)
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)
"RoxLiveShare10"=2 (0x2)
"Roxio Upnp Server 10"=2 (0x2)
"Roxio UPnP Renderer 10"=3 (0x3)
"gupdate1c9cf58f3a58534"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"BRA_Scheduler"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Home 2007\\sandra.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Home 2007\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Home 2007\\Win32\\RpcDataSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\ElectricSheep.scr"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Games\\BCR\\bcr.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\discover.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\AuditorServer.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\bradminv3.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Downloads\\Apps\\eclipse-SDK-3.3-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\OPNET EDU\\9.1.A\\sys\\pc_intel_win32\\bin\\itguru.exe"=
"c:\\Games\\Burnout_Paradise\\BurnoutLauncher.exe"=
"c:\\Games\\Burnout_Paradise\\BurnoutConfigTool.exe"=
"c:\\Games\\Burnout_Paradise\\BurnoutParadise.exe"=
"c:\\Program Files\\Xming\\Xming.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Lotto Pro 2000\\proupdt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"5900:TCP"= 5900:TCP:vncS
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [10/04/2008 9:04 AM 244736]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 2:23 PM 727720]
R3 JakNDis;Jaksta Service;c:\windows\system32\drivers\JakNDis.sys [04/08/2008 9:34 AM 26656]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [06/08/2004 8:17 PM 3584]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [03/02/2008 9:35 AM 35824]
S3 GPU-Z;GPU-Z; [x]
S3 I97DRIVER;I97DRIVER;\??\c:\progra~1\AVANQU~1\Fix-It\dgs.sys --> c:\progra~1\AVANQU~1\Fix-It\dgs.sys [?]
S3 MailScan;MailScan;\??\c:\progra~1\AVANQU~1\Fix-It\MailScan.sys --> c:\progra~1\AVANQU~1\Fix-It\MailScan.sys [?]
S3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\@BIOS\markfun.w32 [08/02/2008 7:20 PM 17912]
S4 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [08/01/2009 11:53 AM 65536]
S4 gupdate1c9cf58f3a58534;Google Update Service (gupdate1c9cf58f3a58534);c:\program files\Google\Update\GoogleUpdate.exe [07/05/2009 5:15 PM 133104]
S4 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1F737D09-620A-C2CA-EF03-5B3C53038126}]
c:\windows\system32\sys32.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
TCP: {3DD2AE91-574F-4618-BBEB-CA2AD8A060D3} = 192.168.1.1
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\docume~1\K0MPR3~1\APPLIC~1\Mozilla\Firefox\Profiles\smklq0ud.default\
FF - prefs.js: browser.startup.homepage - hxxp://WWW.GOOGLE.CA
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 18:59
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-07-20 19:02
ComboFix-quarantined-files.txt 2009-07-20 23:02
ComboFix2.txt 2009-07-17 19:42

Pre-Run: 21,378,785,280 bytes free
Post-Run: 21,581,594,624 bytes free

229 --- E O F --- 2009-07-15 07:00

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 AM

Posted 20 July 2009 - 08:35 PM

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users