Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange thing man, strange things


  • Please log in to reply
12 replies to this topic

#1 amaker

amaker

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 05 August 2010 - 12:01 PM

Here is an MBR log:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 191):
0x82A40000 \SystemRoot\system32\ntkrnlpa.exe
0x82A09000 \SystemRoot\system32\halmacpi.dll
0x80BBD000 \SystemRoot\system32\kdcom.dll
0x8AA2C000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8AA37000 \SystemRoot\system32\PSHED.dll
0x8AA48000 \SystemRoot\system32\BOOTVID.dll
0x8AA50000 \SystemRoot\system32\CLFS.SYS
0x8AA92000 \SystemRoot\system32\CI.dll
0x8AB3D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8ABAE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AC2B000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8AC73000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8AC7C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8AC84000 \SystemRoot\system32\DRIVERS\pci.sys
0x8ACAE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8ACB9000 \SystemRoot\System32\drivers\partmgr.sys
0x8ACCA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8ACD2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8ACDD000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8ACED000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AD38000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8AD3F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8AD4D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AD63000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8AD6C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8AD8F000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8AD99000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8ADA2000 \SystemRoot\system32\drivers\fltmgr.sys
0x8ADD6000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AE28000 \SystemRoot\system32\DRIVERS\bdfsfltr.sys
0x8AE6E000 \SystemRoot\System32\drivers\truecrypt.sys
0x8AEA3000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AFD2000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AE00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B019000 \SystemRoot\System32\Drivers\cng.sys
0x8B076000 \SystemRoot\System32\drivers\pcw.sys
0x8B084000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B08D000 \SystemRoot\system32\drivers\ndis.sys
0x8B144000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B182000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B234000 \SystemRoot\System32\drivers\tcpip.sys
0x8B37D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B3AE000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B3B7000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B3F6000 \SystemRoot\System32\Drivers\spldr.sys
0x8B200000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B1A7000 \SystemRoot\System32\Drivers\mup.sys
0x8B1B7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B1BF000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B000000 \SystemRoot\system32\DRIVERS\disk.sys
0x8AC00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8ABBC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B22D000 \SystemRoot\System32\Drivers\Null.SYS
0x8B011000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B1F1000 \SystemRoot\System32\drivers\vga.sys
0x8ABDB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AE13000 \SystemRoot\System32\drivers\watchdog.sys
0x8AE20000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8ADF8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8ADE7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8AA00000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8AA0B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9063A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90651000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9065C000 \SystemRoot\system32\drivers\afd.sys
0x906B6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x906E8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x906EF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9070E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x9071F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9072D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90740000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90750000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90791000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9079B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x907A5000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x907AA000 \SystemRoot\System32\drivers\discache.sys
0x9043A000 \SystemRoot\system32\drivers\csc.sys
0x9049E000 \SystemRoot\System32\Drivers\dfsc.sys
0x904B6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x904C4000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
0x904DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90500000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x91228000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9173D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90511000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91200000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91A18000 \SystemRoot\system32\DRIVERS\athr.sys
0x91B3B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x91B45000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x91B6A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x91B70000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x91B7A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91BC5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91BD4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91BEC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91A00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91A0D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9121F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x9054A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x90557000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90569000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x917F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90581000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x905A3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x905BB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x905D2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x905E9000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x905F3000 \SystemRoot\system32\DRIVERS\VClone.sys
0x90400000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x91A11000 \SystemRoot\system32\DRIVERS\swenum.sys
0x907B6000 \SystemRoot\system32\DRIVERS\ks.sys
0x90426000 \SystemRoot\system32\DRIVERS\umbus.sys
0x97802000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x97846000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97857000 \SystemRoot\system32\drivers\HdAudio.sys
0x978A7000 \SystemRoot\system32\drivers\portcls.sys
0x978D6000 \SystemRoot\system32\drivers\drmk.sys
0x978EF000 \SystemRoot\system32\DRIVERS\stwrt.sys
0xA9660000 \SystemRoot\System32\win32k.sys
0x97957000 \SystemRoot\System32\drivers\Dxapi.sys
0x97994000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8C43B000 \SystemRoot\System32\Drivers\bthport.sys
0x8C49F000 \SystemRoot\System32\Drivers\USBD.SYS
0x8C4A1000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8C4C5000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8C4D2000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8C4ED000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C504000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8C528000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA98C0000 \SystemRoot\System32\TSDDD.dll
0xA98F0000 \SystemRoot\System32\cdd.dll
0x8C533000 \SystemRoot\system32\drivers\luafv.sys
0x8C54E000 \SystemRoot\system32\drivers\WudfPf.sys
0x8C568000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8C578000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8C5BE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8C5CE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB22A000 \SystemRoot\system32\drivers\HTTP.sys
0xAB2AF000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAB2C8000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAB2DA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB2FD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB338000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB353000 \SystemRoot\system32\drivers\peauth.sys
0xAB3EA000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAB200000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8C5E1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x979A6000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD03B000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD08C000 \SystemRoot\system32\DRIVERS\bdfm.sys
0xAD0B0000 \SystemRoot\system32\DRIVERS\BDHV.SYS
0x76E60000 \Windows\System32\ntdll.dll
0x47F20000 \Windows\System32\smss.exe
0x770A0000 \Windows\System32\apisetschema.dll
0x000E0000 \Windows\System32\autochk.exe
0x77050000 \Windows\System32\ws2_32.dll
0x76D00000 \Windows\System32\ole32.dll
0x76FB0000 \Windows\System32\usp10.dll
0x76CA0000 \Windows\System32\shlwapi.dll
0x76BD0000 \Windows\System32\user32.dll
0x76BB0000 \Windows\System32\imm32.dll
0x76B90000 \Windows\System32\sechost.dll
0x769F0000 \Windows\System32\setupapi.dll
0x76970000 \Windows\System32\comdlg32.dll
0x75D20000 \Windows\System32\shell32.dll
0x75C40000 \Windows\System32\kernel32.dll
0x75B90000 \Windows\System32\rpcrt4.dll
0x75B40000 \Windows\System32\gdi32.dll
0x76FA0000 \Windows\System32\normaliz.dll
0x75A90000 \Windows\System32\msvcrt.dll
0x75A00000 \Windows\System32\oleaut32.dll
0x759F0000 \Windows\System32\nsi.dll
0x757F0000 \Windows\System32\iertutil.dll
0x75750000 \Windows\System32\advapi32.dll
0x756F0000 \Windows\System32\difxapi.dll
0x755F0000 \Windows\System32\wininet.dll
0x755C0000 \Windows\System32\imagehlp.dll
0x75530000 \Windows\System32\clbcatq.dll
0x753F0000 \Windows\System32\urlmon.dll
0x75320000 \Windows\System32\msctf.dll
0x75310000 \Windows\System32\psapi.dll
0x752C0000 \Windows\System32\Wldap32.dll
0x752B0000 \Windows\System32\lpk.dll
0x75220000 \Windows\System32\comctl32.dll
0x751F0000 \Windows\System32\wintrust.dll
0x751D0000 \Windows\System32\devobj.dll
0x750B0000 \Windows\System32\crypt32.dll
0x75060000 \Windows\System32\KernelBase.dll
0x75030000 \Windows\System32\cfgmgr32.dll
0x75020000 \Windows\System32\msasn1.dll

Processes (total 62):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
484 csrss.exe
556 C:\Windows\System32\wininit.exe
572 csrss.exe
612 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\svchost.exe
864 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
904 C:\Windows\System32\winlogon.exe
1000 C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
1064 C:\Windows\System32\atiesrxx.exe
1120 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
1708 C:\Windows\System32\svchost.exe
1744 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\atieclxx.exe
1916 C:\Windows\System32\spoolsv.exe
1944 C:\Windows\System32\svchost.exe
2040 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
344 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
500 C:\Program Files\Bonjour\mDNSResponder.exe
384 C:\Windows\System32\svchost.exe
2108 C:\Windows\System32\svchost.exe
2520 C:\Windows\System32\taskhost.exe
2600 C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
2644 C:\Windows\System32\dwm.exe
2700 C:\Windows\explorer.exe
2720 C:\Windows\System32\svchost.exe
2876 C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
3508 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
3696 C:\Program Files\IDT\WDM\sttray.exe
3740 C:\Program Files\iTunes\iTunesHelper.exe
3792 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3832 C:\Program Files\Windows Sidebar\sidebar.exe
3876 C:\Program Files\TrueCrypt\TrueCrypt.exe
3948 C:\Users\Adam\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
4088 C:\Program Files\Skype\Phone\Skype.exe
2060 C:\Program Files\Personal\bin\Personal.exe
2316 C:\Windows\System32\SearchIndexer.exe
3152 C:\Program Files\iPod\bin\iPodService.exe
3480 C:\Program Files\Windows Media Player\wmpnetwk.exe
3412 C:\Windows\System32\svchost.exe
4412 C:\Program Files\Skype\Plugin Manager\skypePM.exe
4952 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
5284 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
680 C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
3436 C:\Windows\System32\svchost.exe
4576 WmiPrvSE.exe
2280 C:\Windows\System32\taskeng.exe
4912 C:\Program Files\Google\Update\GoogleUpdate.exe
3640 C:\Windows\System32\SearchProtocolHost.exe
2228 C:\Windows\System32\audiodg.exe
4420 C:\Windows\System32\SearchFilterHost.exe
108 C:\Users\Adam\Downloads\MBRCheck.exe
1448 C:\Windows\System32\conhost.exe
2476 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`7ba00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4379CA37EFC3959F7AFFB8770C90A1E30E4882FE


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:13 AM

Posted 05 August 2010 - 09:46 PM

To remove the infection, run the command mbr.exe -f (note the space between the e and -f) from a command prompt. Have the user reboot the machine, otherwise the next report may still show (false) infection.

Open Windows Explorer and rename the C:\mbr.log to C:\mbr.old
Go to Start > Run and type: cmd
press Ok.
At the command prompt, type: cd \
press Enter.
At the command prompt, type: mbr.exe -f
(make sure you have a space before the e and the -f)
press Enter.
At the command prompt, type: exit
press Enter.

It will produce a new report at C:\mbr.log. Please copy/paste the results in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 amaker

amaker
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 06 August 2010 - 09:30 AM

Thank you for your reply. I have tried to find C:\mbr.log and tried to run it through command prompt with no success so I am in need of a little more instructions.

Edited by amaker, 06 August 2010 - 09:31 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:13 AM

Posted 06 August 2010 - 10:14 AM

HI,
tried to find C:\mbr.log and tried to run it through command prompt

It's not something to run,we want to locate and copy.See if you click Start ,in the search box Copy/Paste...
mbr.log
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 amaker

amaker
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 06 August 2010 - 10:27 AM

Nothing found.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:13 AM

Posted 06 August 2010 - 10:39 AM

Well then we need to move and have the MBR Rootkit removed.
Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip GMER and Include the MBR log you posted earlier..

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 amaker

amaker
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 06 August 2010 - 11:18 AM

I think I got it to work that is the original instructions, maybe, is this what you were after?



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#8 amaker

amaker
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 06 August 2010 - 11:24 AM

Am I clean?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:13 AM

Posted 06 August 2010 - 01:47 PM

That's a clean MBR log. Was this run after the one you could not find?

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.
Before you save it rename it to say zztoy.exe


alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 amaker

amaker
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 06 August 2010 - 01:56 PM

I found it after I had run your code in cmd.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:13 AM

Posted 06 August 2010 - 02:07 PM

OK, run MBAm now,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 amaker

amaker
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 06 August 2010 - 02:12 PM

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/6/2010 9:11:11 PM
mbam-log-2010-08-06 (21-11-11).txt

Scan type: Quick scan
Objects scanned: 134558
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:13 AM

Posted 06 August 2010 - 02:20 PM

Looks good. If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read: {credit quietman}
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users