Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with-- I don't know! Fake Antivirus/browser hijacking


  • Please log in to reply
5 replies to this topic

#1 Ipreferpi

Ipreferpi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 21 June 2010 - 07:10 PM

About 2 weeks ago i was infected with fake antivirus software. I can't remember what it was called (sorry!), but i couldn't run any programs other than IE or Firefox. I would get error messages saying "cannot run, this file is infected". I couldn't even open task manager to stop the program, so i reboot in safemode, and deleted the key from the run folder in the registry in a vain attempt that i would be able to run AVG, spybot, and/or adaware. unfortunately, i'm unable to run these programs. i'll get miscellaneous errors saying unable to connect to server, or the programs will just freeze while loading (tried running them right now, and spybot gets stuck loading & adaware cannot find server). I'm finally fessing up to myself that i can't fix this problem on my own, and i need help smile.gif

So presently, my computer freezes up a lot, crashes randomly, gets redirected to junk while searching google, and pop ups will intermittently appear. I'm not sure what information you need, but ask and ye shall receive.

I am unable to run GMER, i've tried 3 times. First time froze my computer and other 2 times i got the blue screen of death with this info:

QUOTE
The problem seems to be caused by the following file: fxldipoc.sys

PAGE_FAULT_IN_NON_PAGED_AREA

Technical Information
*** STOP: Ox00000050 (OxB4460B30, 0x00000001, 0xB44361F2, 0x00000000)
*** FXLDIPOC.SYS - Address B44361F2 base at B442A000, Datestamp 46274f8d


Here are the DDS logs, posted & attached. Thank you for your time! I really appriciate it.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 23:55:05.50 on Sun 06/20/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.123 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\ACS.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {119DBEDA-9C41-4F97-94B4-B6BCD01133CF} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [Gbocaruk] rundll32.exe "c:\windows\izojikap.dll",Startup
mRunOnce: [DelDirTree] c:\windows\uninst32.exe c:\windows\DelDir.BEN
mRunOnce: [LogiSPSetupNeedReboot] rundll32.exe
dRun: [Ggitahatewisuc] rundll32.exe "c:\windows\op9470.dll",Startup
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221789420312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\Owner\applic~1\mozilla\firefox\profiles\5ub4n2il.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Owner\application data\mozilla\firefox\profiles\5ub4n2il.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Owner\application data\mozilla\firefox\profiles\5ub4n2il.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {B01A9F4C-583F-47D7-807F-5DE3A4A46E9A} - c:\documents and settings\Owner\local settings\application data\{B01A9F4C-583F-47D7-807F-5DE3A4A46E9A}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-27 64288]
R1 ECioctl;ECioctl;c:\windows\system32\drivers\ECioctl.sys [2004-5-6 4816]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-22 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-12 135664]
S3 efipsk;efipsk;c:\docume~1\Owner\locals~1\temp\efipsk.sys [2004-1-19 31744]
S3 itcard;PC Card Fingerprint Reader;c:\windows\system32\drivers\itcard.sys [2004-10-1 15808]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]

=============== Created Last 30 ================

2010-06-21 06:54:13 0 ----a-w- c:\documents and settings\Owner\defogger_reenable
2010-06-21 06:48:34 0 d-----w- C:\My Documents
2010-06-21 06:23:28 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-21 06:11:44 141 ----a-w- c:\windows\DelDir.BEN
2010-06-20 08:15:23 0 ----a-w- c:\windows\Uxoweyojomuc.bin
2010-06-20 08:15:20 120 ----a-w- c:\windows\Njonafoqipof.dat
2010-06-20 06:30:33 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-20 06:30:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-20 05:38:38 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2005-03-12 15:53:03 56 --sh--r- c:\windows\system32\7496558C22.sys
2008-09-19 04:13:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat
2007-12-08 01:15:37 32768 --sha-w- c:\windows\temp\cookies\index.dat
2007-12-08 01:15:37 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2007-12-08 01:15:37 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 23:56:57.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:41 PM

Posted 27 June 2010 - 07:26 AM

hi,

Your post is a few days old. If you still need help simply reply to my post.

How Can I Reduce My Risk to Malware?


#3 Ipreferpi

Ipreferpi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 28 June 2010 - 12:01 AM

hi, thanks for the response smile.gif i know you guys are swamped. I do indeed still need help. Still having the same problems, and resisted all temptation to try anything on my own.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:41 PM

Posted 28 June 2010 - 06:24 PM

ok. You can get a download to use. Its called combofix. There is a short guide to read first. Read through the guide first, then apply the directions on your own machine. Post the Combofix log in reply.

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#5 Ipreferpi

Ipreferpi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 29 June 2010 - 05:44 PM

Thanks, ran it with no hang ups. here's the log smile.gif



ComboFix 10-06-29.02 - Owner 06/29/2010 15:22:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.211 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\{B01A9F4C-583F-47D7-807F-5DE3A4A46E9A}
c:\documents and settings\Owner\Local Settings\Application Data\{B01A9F4C-583F-47D7-807F-5DE3A4A46E9A}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{B01A9F4C-583F-47D7-807F-5DE3A4A46E9A}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{B01A9F4C-583F-47D7-807F-5DE3A4A46E9A}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{B01A9F4C-583F-47D7-807F-5DE3A4A46E9A}\install.rdf
c:\documents and settings\Owner\Local Settings\Application Data\ywtayntxo
c:\documents and settings\Owner\Local Settings\Application Data\ywtayntxo\tlslwbptssd.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\6822921.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\6822922.exe
c:\windows\izojikap.dll
c:\windows\op9470.dll
c:\windows\system32\42KJE738.ocx
c:\windows\system32\tmp.reg
c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))))))
.

2010-06-21 06:48 . 2010-06-24 19:50 -------- d-----w- C:\My Documents
2010-06-21 06:23 . 2010-06-21 06:23 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-20 08:15 . 2010-06-29 21:57 0 ----a-w- c:\windows\Uxoweyojomuc.bin
2010-06-20 08:15 . 2010-06-29 21:57 120 ----a-w- c:\windows\Njonafoqipof.dat
2010-06-20 06:30 . 2010-06-20 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-20 06:30 . 2010-06-20 06:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-20 05:38 . 2010-06-20 05:38 -------- d-----w- c:\program files\Trend Micro
2010-06-12 09:25 . 2010-06-12 09:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 06:37 . 2004-05-20 18:28 -------- d-----w- c:\program files\Common Files\AOL
2010-06-21 06:23 . 2009-08-15 10:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-21 06:14 . 2004-09-26 04:58 -------- d-----w- c:\program files\Common Files\Logitech
2010-06-21 06:14 . 2004-05-20 17:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-21 06:14 . 2004-09-26 04:58 -------- d-----w- c:\program files\Logitech
2010-06-05 18:50 . 2010-02-28 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-04 20:45 . 2008-09-19 05:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2005-03-12 15:53 . 2005-03-12 15:53 56 --sh--r- c:\windows\system32\7496558C22.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-02-20 22:00 88363 ----a-w- c:\windows\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-10-30 23:46 192512 ----a-w- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
2004-05-06 20:12 638976 ----a-w- c:\program files\Toshiba\E-KEY\CeEKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEPOWER]
2004-05-20 17:21 135168 ----a-w- c:\program files\Toshiba\Power Management\CePMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-01-23 08:44 101136 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
2004-03-15 18:17 53248 ----a-w- c:\program files\Toshiba\TouchPad\TPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/27/2010 11:31 PM 64288]
R1 ECioctl;ECioctl;c:\windows\system32\drivers\ECioctl.sys [5/6/2004 1:40 PM 4816]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/22/2009 10:49 PM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 10:36 AM 135664]
S3 efipsk;efipsk;\??\c:\docume~1\Owner\LOCALS~1\Temp\efipsk.sys --> c:\docume~1\Owner\LOCALS~1\Temp\efipsk.sys [?]
S3 itcard;PC Card Fingerprint Reader;c:\windows\system32\drivers\itcard.sys [10/1/2004 9:57 PM 15808]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 8:52 AM 1229232]
.
Contents of the 'Scheduled Tasks' folder

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-12 17:36]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-12 17:36]

2004-09-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-05-20 01:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = <local>
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5ub4n2il.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5ub4n2il.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5ub4n2il.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Gbocaruk - c:\windows\izojikap.dll
HKU-Default-Run-Ggitahatewisuc - c:\windows\op9470.dll
AddRemove-WinAce Archiver - c:\program files\WinAce\SXUNINST.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 15:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-29 15:39:27
ComboFix-quarantined-files.txt 2010-06-29 22:39

Pre-Run: 66,051,702,784 bytes free
Post-Run: 68,125,552,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 86CB7C09A5145FC5C2AD63286E826535


#6 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:41 PM

Posted 29 June 2010 - 08:45 PM

ok good. We will get another download that you can use and keep. Link and directions:

Please download Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users