Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not quite sure of my infection, had a browser hijack. Malware log included.


  • This topic is locked This topic is locked
5 replies to this topic

#1 jetfxr27

jetfxr27

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 15 June 2010 - 10:40 AM

Was browsing when all of a sudden the java logo began spinning and pop up city. After that everything seemed normal, just overall slow.
Ran a scan and found the following.




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/17/2010 12:12:09 PM
mbam-log-2010-05-17 (12-12-09).txt

Scan type: Full scan (C:\|)
Objects scanned: 188918
Time elapsed: 42 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 56

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\544449\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10-21.6311A-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10-21.COS-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10-21.CTC-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10-21.DAL-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10-21.EWRH-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10-21.FIELD-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10-21.INDH-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10-21.MCO-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10-21.MEMH-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10-21.SG-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10-21.WHQ-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10-21.WTC-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10.21.LAC-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user\My Documents\avalanche executables\Ava-3.10.21.SCS-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10-21.6311A-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10-21.COS-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10-21.CTC-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10-21.DAL-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10-21.EWRH-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10-21.FIELD-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10-21.INDH-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10-21.MCO-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10-21.MEMH-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10-21.SG-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10-21.WHQ-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10-21.WTC-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10.21.LAC-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\user2\Desktop\avalanche executables\Ava-3.10.21.SCS-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10-21.6311A-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10-21.COS-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10-21.CTC-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10-21.DAL-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10-21.EWRH-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10-21.FIELD-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10-21.INDH-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10-21.MCO-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10-21.MEMH-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10-21.SG-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10-21.WHQ-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10-21.WTC-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10.21.LAC-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\Documents and Settings\Default User\Desktop\avalanche executables\Ava-3.10.21.SCS-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10-21.6311A-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10-21.COS-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10-21.CTC-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10-21.DAL-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10-21.EWRH-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10-21.FIELD-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10-21.INDH-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10-21.MCO-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10-21.MEMH-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10-21.SG-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10-21.WHQ-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10-21.WTC-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10.21.LAC-Laptop.exe (Trojan.Spambot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Desktop\avalanche executables\Ava-3.10.21.SCS-Laptop.exe (Trojan.Spambot) -> No action taken.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:19 PM

Posted 21 June 2010 - 10:53 AM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

  • Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab, uncheck files option and then click scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #3 jetfxr27

    jetfxr27
    • Topic Starter

    • Members
    • 2 posts
    • OFFLINE
    •  
    • Local time:03:19 PM

    Posted 22 June 2010 - 01:43 PM

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Laptop at 13:30:43.58 on Tue 06/22/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2000.1354 [GMT -5:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Users\Laptop\Desktop\dds.com
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://OMITTED/
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = OMITTED
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxps://hrthome.prod.fedex.com/groups/hrtapps/CTMS4/authorware/download/awswaxf.cab
    DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: igfxcui - igfxdev.dll
    LSA: Authentication Packages = msv1_0 relog_ap

    ============= SERVICES / DRIVERS ===============

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_450b431403c091e3\AEstSrv.exe [2010-4-28 81920]
    R2 alssvc;Ambient Light Sensor;c:\program files\dell\ambient light sensor\AlsSvc.exe [2008-6-3 382232]
    R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
    R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2009-6-13 221912]
    R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]

    =============== Created Last 30 ================

    2010-06-22 18:26:02 228246397 ----a-w- c:\windows\MEMORY.DMP
    2010-06-17 13:20:20 0 d-----w- c:\program files\iPod
    2010-06-17 13:20:19 0 d-----w- c:\program files\iTunes
    2010-06-17 13:18:11 0 d-----w- c:\program files\Bonjour
    2010-05-26 21:21:39 0 d-----w- c:\program files\Haali
    2010-05-26 20:59:06 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-05-26 20:59:05 0 d-----w- c:\program files\ffdshow
    2010-05-26 20:26:55 0 d-----w- c:\program files\MPC HomeCinema
    2010-05-26 13:33:12 0 ----a-w- c:\windows\system32\CONVERT
    2010-05-25 21:30:50 0 d-sh--w- C:\found.000
    2010-05-24 19:06:58 0 d-----w- c:\programdata\MediaBrowser
    2010-05-24 19:06:52 0 d-----w- c:\program files\MediaBrowser

    ==================== Find3M ====================

    2010-05-18 21:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 21:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-12 18:13:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2010-05-06 12:50:08 1885464 ----a-w- c:\windows\system32\AutoPartNt.exe
    2010-05-06 12:47:37 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
    2010-05-06 12:47:37 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
    2010-05-06 12:47:33 132480 ----a-w- c:\windows\system32\drivers\snapman.sys
    2010-05-06 12:47:30 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
    2010-05-04 13:22:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-28 15:18:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
    2010-04-28 14:55:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
    2010-04-28 14:51:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_SensorsAlsDriver_01_09_00.Wdf
    2010-04-28 13:28:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
    2010-04-20 01:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 13:31:21.97 ===============



    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-06-22 13:30:36
    Windows 6.1.7600
    Running: 58s9kt89.exe; Driver: C:\Users\Laptop\AppData\Local\Temp\uxryrpow.sys


    ---- System - GMER 1.0.15 ----

    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28AF8
    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28104
    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C283F4
    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C10634
    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C10898
    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C281DC
    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28958
    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C286F8
    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28F2C
    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C291A8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C88599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CACF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text peauth.sys 9596CC9D 28 Bytes [4F, 76, B6, 65, C1, 97, 8B, ...]
    .text peauth.sys 9596CCC1 28 Bytes [4F, 76, B6, 65, C1, 97, 8B, ...]
    PAGE peauth.sys 9597302C 102 Bytes [07, A1, DD, E4, C9, C8, 6C, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 4F90 96873000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 50B3 96873123 629 Bytes [E5, 86, 96, FE, 05, 34, E5, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 5329 96873399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 538F 968733FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 543B 968734AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
    PAGE ...

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

    Device \Driver\ACPI_HAL \Device\0000006d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AD296C6D-042F-47DD-AA7E-D3DAAAF5E1B6}\Connection@Name isatap.{613069EF-C34E-4CF6-90F4-87E87693ED3E}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{33EEBC2D-881F-4656-B8C7-7D05D8D7A3E0}?\Device\{AD296C6D-042F-47DD-AA7E-D3DAAAF5E1B6}?\Device\{0FF34155-1A16-455D-B787-42D0530F37BD}?\Device\{064D2BFC-B95F-410C-AD24-4FB64D09C370}?\Device\{8112E86C-AC3B-45F2-BEF4-BB259A357DEE}?\Device\{F67575DC-FA30-4982-9266-A0946B3AA1A6}?\Device\{084A0C40-D1E7-42D3-8867-2E3FBB5D823D}?\Device\{B11B6801-F7DC-4C77-85E6-8F48344EFBB1}?\Device\{3250CE6D-912A-466A-B39C-7A068D13AB28}?\Device\{A953A58B-54B6-4542-8CA3-1AF052584240}?\Device\{2C95AD73-237A-4EA3-B78B-E1B2CB3555EF}?\Device\{95D568DF-C286-48FD-B54C-D8051200A80F}?\Device\{16F05820-9740-4498-B2A2-190147CD7130}?\Device\{F3803329-0CF6-4CEC-9DB3-86FE2B02260F}?\Device\{73C2B3E6-06D9-4667-BE1C-29EF172A7EBC}?\Device\{621B7856-5140-4A47-8177-0089D63B70BA}?\Device\{1AA2CEEE-8AA1-4A1B-88CE-D5937DEC3473}?\Device\{A349D182-CFFD-475E-BE71-89D1EE2AE17E}?\Device\{EDF4ADD7-FDCC-42F0-A835-690FA0AEF7E0}?\Device\{9B014DA3-387D-4D35-953A-5D604FAB135A}?\Device\{16248494-E801-4C9F-A6C4-C48A40162CAE}?\Device\{40B44928-8ED9-49CD-8D25-B6E
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{33EEBC2D-881F-4656-B8C7-7D05D8D7A3E0}"?"{AD296C6D-042F-47DD-AA7E-D3DAAAF5E1B6}"?"{0FF34155-1A16-455D-B787-42D0530F37BD}"?"{064D2BFC-B95F-410C-AD24-4FB64D09C370}"?"{8112E86C-AC3B-45F2-BEF4-BB259A357DEE}"?"{F67575DC-FA30-4982-9266-A0946B3AA1A6}"?"{084A0C40-D1E7-42D3-8867-2E3FBB5D823D}"?"{B11B6801-F7DC-4C77-85E6-8F48344EFBB1}"?"{3250CE6D-912A-466A-B39C-7A068D13AB28}"?"{A953A58B-54B6-4542-8CA3-1AF052584240}"?"{2C95AD73-237A-4EA3-B78B-E1B2CB3555EF}"?"{95D568DF-C286-48FD-B54C-D8051200A80F}"?"{16F05820-9740-4498-B2A2-190147CD7130}"?"{F3803329-0CF6-4CEC-9DB3-86FE2B02260F}"?"{73C2B3E6-06D9-4667-BE1C-29EF172A7EBC}"?"{621B7856-5140-4A47-8177-0089D63B70BA}"?"{1AA2CEEE-8AA1-4A1B-88CE-D5937DEC3473}"?"{A349D182-CFFD-475E-BE71-89D1EE2AE17E}"?"{EDF4ADD7-FDCC-42F0-A835-690FA0AEF7E0}"?"{9B014DA3-387D-4D35-953A-5D604FAB135A}"?"{16248494-E801-4C9F-A6C4-C48A40162CAE}"?"{40B44928-8ED9-49CD-8D25-B6EDD73B2EA3}"?"{0B7A01E0-87A6-4621-9907-B55DAEF8F700}"?"{7F838BF2-3771-4050-8BD0-3F9B45ADD486}"?"{079C18A5-B86C-4AEA-9740-999EB640F9F2}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{33EEBC2D-881F-4656-B8C7-7D05D8D7A3E0}?\Device\TCPIP6TUNNEL_{AD296C6D-042F-47DD-AA7E-D3DAAAF5E1B6}?\Device\TCPIP6TUNNEL_{0FF34155-1A16-455D-B787-42D0530F37BD}?\Device\TCPIP6TUNNEL_{064D2BFC-B95F-410C-AD24-4FB64D09C370}?\Device\TCPIP6TUNNEL_{8112E86C-AC3B-45F2-BEF4-BB259A357DEE}?\Device\TCPIP6TUNNEL_{F67575DC-FA30-4982-9266-A0946B3AA1A6}?\Device\TCPIP6TUNNEL_{084A0C40-D1E7-42D3-8867-2E3FBB5D823D}?\Device\TCPIP6TUNNEL_{B11B6801-F7DC-4C77-85E6-8F48344EFBB1}?\Device\TCPIP6TUNNEL_{3250CE6D-912A-466A-B39C-7A068D13AB28}?\Device\TCPIP6TUNNEL_{A953A58B-54B6-4542-8CA3-1AF052584240}?\Device\TCPIP6TUNNEL_{2C95AD73-237A-4EA3-B78B-E1B2CB3555EF}?\Device\TCPIP6TUNNEL_{95D568DF-C286-48FD-B54C-D8051200A80F}?\Device\TCPIP6TUNNEL_{16F05820-9740-4498-B2A2-190147CD7130}?\Device\TCPIP6TUNNEL_{F3803329-0CF6-4CEC-9DB3-86FE2B02260F}?\Device\TCPIP6TUNNEL_{73C2B3E6-06D9-4667-BE1C-29EF172A7EBC}?\Device\TCPIP6TUNNEL_{621B7856-5140-4A47-8177-0089D63B70BA}?\Device\TCPIP6TUNNEL_{1AA2CEEE-8AA1-4A1B-88CE-D5937DEC3473}?\De
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AD296C6D-042F-47DD-AA7E-D3DAAAF5E1B6}@InterfaceName isatap.{613069EF-C34E-4CF6-90F4-87E87693ED3E}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AD296C6D-042F-47DD-AA7E-D3DAAAF5E1B6}@ReusableType 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???t???????????t?????t????????????????????????R??t????????h??????????????????t???t??????????????SCSI Miniport?????R??t???????????d???t?t?t?t?t?t?t??????"??????g????h???????? ???????t?????t?????t?????????????? ??????????????? ????????e??? ???????t???????????t????????????????????????????????????5?????? ???????o?????t?????t??????????T???????????????????????t??????????????????????t??????????????????????????T??t????????h??????????t??????p???SCSI Miniport??????t?????t??\SystemRoot\system32\DRIVERS\lsi_sas2.sys?????T??t???????????d??lsi_sas2.inf_x86_neutral_e12a5c4cfbe49204???????? ???????t?????t?????t?????????????? ??????????????? ????????e??? ???????t???????????t????????????????????????????????????5?????? ???????o?????t?????t??????????T???????????????????????t??????????????????????t??????????????????????????T??t????????h??????????t??????p???SCSI Miniport??????t?????t??\SystemRoot\system32\DRIVERS\lsi_scsi.sys?????T??t???????????d??lsi_scsi.inf_x86_neutral_cfbbf0b0b66ba280???????? ???????t?????t?????t?????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????????m????????????N??????.??????????? ???????d??????????6to4mp.ndi???????????????8??s?????????????z??????????????????????4??59???????j???B??40???????????T??cp???????????9??92??????????????? ??????????????????6.1.7600.16385???????????????B???????????????????????????e???????????T??????????? ?????????????????????1????????????????????? ???????????????????;?1????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D6605C52-5D27-45D2-8F7D-F92B10CB7870}] DATAGRAM 9???-??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{92864F2A-EDCA-45EB-970C-A58E9DA0EBEE}] SEQPACKET 11?-??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{92864F2A-EDCA-45EB-970C-A58E9DA0EBEE}] DATAGRAM 11?9-???????????B????????mice??? ???????????????????t????????"???Y?????????7F???????????R??????????????????????????? ???????:???????????t?:????????????&???????????????????????? ???????B?????ip6???????????4?????e00????????????????????m?????????????????????????????????????? ?????????????????????;??L??????????????6??? ?????????????????????.??"?????????????????{4d36e972-e
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???t????????p????t???s?s?s?s?s??System32\Drivers\ksecdd.sys?????System32\Drivers\ksecpkg.sys???????t?????????????????s??????p???????????????????? ???????s???????????s????????,????? ???????????????????????????????????????d???????????????e????????s??????????????????KeyboardClass??????????????????????????????????????????????????????s????? ???????o?????s????????????????T???????????????????????t?????????????????????????????????????????8??s????????h?????system32\DRIVERS\kbdhid.sys?\kbdhid.sys??????? t?????t????(??s?????????e????Keyboard HID Driver??????????s??????p???Keyboard Port???LocalSystem?????Cryptography?????????????-??25????T??s???????????d??hidirkbd.inf_x86_neutral_b7b6ffb126da2654????t??? ?????????????????????? ????????????t??????????????? ???????s???????????s?????????????? ???????????? ???????o?????t?????t??????????@?????????????"??t?????????e????@keyiso.dll,-100??????@??t????????h?????%SystemRoot%\system32\lsass.exe???????"??t?????????n????@keyiso.dll,-101????? ???s?????????????????????????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???t?????????????????s??????p???????????????????? ???????s???????????s????????,????? ???????????????????????????????????????d???????????????e????????s??????????????????KeyboardClass??????????????????????????????????????????????????????s????? ???????o?????s????????????????T???????????????????????t?????????????????????????????????????????8??s????????h?????system32\DRIVERS\kbdhid.sys?\kbdhid.sys??????? t?????t????(??s?????????e????Keyboard HID Driver??????????s??????p???Keyboard Port???LocalSystem?????Cryptography?????????????-??25????T??s???????????d??hidirkbd.inf_x86_neutral_b7b6ffb126da2654????t??? ?????????????????????? ????????????t??????????????? ???????s???????????s?????????????? ???????????? ???????o?????t?????t??????????@?????????????"??t?????????e????@keyiso.dll,-100??????@??t????????h?????%SystemRoot%\system32\lsass.exe???????"??t?????????n????@keyiso.dll,-101????? ???s??????????????????????????????????????????????t????????t???????????????t???????????e??RpcSs????????t?t?t?t?t?t?s?t????? ???????t?????

    ---- EOF - GMER 1.0.15 ----


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume3
    Install Date: 4/28/2010 8:27:01 AM
    System Uptime: 6/22/2010 1:25:48 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0W620R
    Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 2401/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 112 GiB total, 80.43 GiB free.
    D: is FIXED (NTFS) - 149 GiB total, 106.904 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Broadcom USH
    Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
    Manufacturer:
    Name: Broadcom USH
    PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
    Service:

    Class GUID: {50dd5230-ba8a-11d1-bf5d-0000f805f530}
    Description: Microsoft Usbccid Smartcard Reader (WUDF)
    Device ID: USB\VID_0A5C&PID_5800&MI_01\6&66DE6C9&0&0001
    Manufacturer: Microsoft
    Name: Microsoft Usbccid Smartcard Reader (WUDF)
    PNP Device ID: USB\VID_0A5C&PID_5800&MI_01\6&66DE6C9&0&0001
    Service: WUDFRd

    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02331028&REV_11\4&371F484D&0&0BF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02331028&REV_11\4&371F484D&0&0BF0
    Service:

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    AC3Filter 1.63b
    Acrobat.com
    Acronis True Image WD Edition
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    Ambient Light Sensor
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    CCleaner
    CleanUp!
    Dell Mobile Broadband Manager
    Dell Touchpad
    ffdshow [rev 3154] [2009-12-09]
    Google Chrome
    Haali Media Splitter
    HDHomeRun
    Hulu Desktop
    HuluDesktopIntegration
    IDT Audio
    Intel PROSet Wireless
    Intel® Network Connections Drivers
    Intel® PROSet/Wireless WiFi Software
    Intel® TV Wizard
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    Java Auto Updater
    Java™ 6 Update 20
    Malwarebytes' Anti-Malware
    Media Browser
    Media Center Studio
    Media Player Classic - Home Cinema v. 1.3.1249.0
    Microsoft Silverlight
    Netflix in Windows Media Center
    PlayReady PC Runtime x86
    QuickTime
    Windows Media Player Firefox Plugin

    ==== Event Viewer Messages From Past Week ========

    6/22/2010 7:44:30 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.
    6/22/2010 11:54:05 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \\?\Volume{f4d96e3c-52d8-11df-b8da-806e6f6e6....
    6/22/2010 11:33:31 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
    6/22/2010 1:28:18 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The handle is invalid. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
    6/22/2010 1:27:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    6/22/2010 1:26:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    6/22/2010 1:26:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x881ec148, 0x881ec2b4, 0x82e3dd90). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062210-19687-01.
    6/21/2010 11:20:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    6/17/2010 8:19:41 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    6/17/2010 8:18:41 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/17/2010 8:18:25 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================


    #4 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:11:19 PM

    Posted 23 June 2010 - 12:01 AM

    Hi,

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #5 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:11:19 PM

    Posted 30 June 2010 - 01:56 AM

    Still there?

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #6 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:11:19 PM

    Posted 10 July 2010 - 02:18 AM

    Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users