Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help w/ silent virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 viceroy507

viceroy507

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 08 December 2010 - 03:14 PM

Hi everyone. Been trying to get rid of nasty little virus that doesn't really seem to do anything. I have done a few scans here and there, and malwarebytes doesn't want to seem to get rid of them, nor does an online scan w/ eset. The 3 files that I think are suspect are: C:\users\tim\appdata\roaming\dwm.exe, c:\users\tim\appdata\local\temp\csrss.exe and c:\users\tim\appdata\roaming\microsoft\conhost.exe.

Not sure if these are really the problem, but a few scans of malwarebytes and an online scan using Eset have pointed at these and a few others I didn't write down. I might possibly be able to get a log file from them if need be. My biggest problem was I going to run combofix (after I googled some of the documents in question) but ended up w/ a blue screen of death of Driver_IRQL_not_less_or_equal pointing to a file called mbr.sys. I didn't write much more than that down however bc I thought I wouldn't need to. On the hardware side it is a compaq presario f756NR Notebook. Win vista home, SP2 I believe. IDK how much more information I need/can give right now. Thanks in advance for the help. Can't/don't want to reinstall since it's not my PC. Now onto the meat of it.

DDS

DDS (Ver_10-12-05.01) - NTFSx86
Run by Tim at 11:27:57.11 on Wed 09/08/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2014.1357 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Webroot Spy Sweeper *disabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Tim\AppData\Roaming\dwm.exe
C:\Users\Tim\AppData\Roaming\Microsoft\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Tim\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.charter.net/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:59354
mURLSearchHooks: H - No File
uWinlogon: Shell=explorer.exe,c:\users\tim\appdata\roaming\dwm.exe
uWindows: Load=c:\users\tim\appdata\local\temp\csrss.exe
BHO: MRI_DISABLED - No File
BHO: Symantec Intrusion Prevention - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [svchost] c:\users\tim\appdata\roaming\microsoft\conhost.exe
mRun: [SynTPStart] "c:\program files\synaptics\syntp\SynTPStart.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [WAWifiMessage] "c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [svchost] c:\users\tim\appdata\roaming\microsoft\conhost.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMwBaAEMAOQAtAEUASwBBAFIAUwAtADYAUgBXAEcAQQAtAEEAQQBUAEMAVQAtAFYAUAA5AEYATgA"&"inst=NwA3AC0ANAAyADEANQAxADAAMAA4ADAALQBYAEwAKwAxAC0AVAA1AC0ARgBQADkAKwA2AC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNACsAMQAtAEYAOQBNADcAQQArADUA"&"prod=90"&"ver=9.0.872
StartupFolder: c:\users\tim\appdata\roaming\micros~1\windows\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo 4\MemTurbo.exe
StartupFolder: c:\users\tim\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\vongot~1.lnk - c:\windows\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\tim\appdata\roaming\mozilla\firefox\profiles\2dw69h0v.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c69d434&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59354
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\tim\appdata\roaming\mozilla\firefox\profiles\2dw69h0v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-7 363344]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-7 20952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-4 136176]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-23 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-24 00:05:34 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-10 00:35:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-10-26 22:27:53 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 22:27:51 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 22:27:50 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-15 08:01:27 -------- d-----w- C:\635a00e1aaf6e79a89b05a34
2010-10-14 22:52:07 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 22:52:05 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 22:51:11 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 22:51:10 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 22:51:10 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 22:51:10 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 22:51:10 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 22:49:48 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 22:49:46 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 22:49:42 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-09-28 22:33:24 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-17 16:50:22 17244544 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL
2010-09-14 22:16:57 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-14 22:16:55 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 22:16:52 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-14 22:16:48 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 16:00:01 -------- d-----w- c:\program files\Cobian Backup 10
2010-09-08 14:30:42 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b403bf43-447b-4f49-951e-00606349ec0f}\mpengine.dll
2010-09-08 14:22:50 89088 ----a-w- c:\windows\MBR.exe
2010-09-08 14:22:50 256512 ----a-w- c:\windows\PEV.exe
2010-09-08 14:22:49 98816 ----a-w- c:\windows\sed.exe
2010-09-08 14:22:49 161792 ----a-w- c:\windows\SWREG.exe
2010-09-08 14:19:57 -------- d-s---w- C:\ComboFix
2010-09-08 12:41:45 135680 ------w- c:\users\tim\appdata\roaming\dwm.exe
2010-09-08 01:14:39 -------- d-----w- c:\program files\ESET
2010-09-08 01:04:35 120320 ----a-w- c:\users\tim\appdata\roaming\microsoft\conhost.exe
2010-09-07 14:44:38 -------- d-----w- c:\users\tim\appdata\roaming\Malwarebytes
2010-09-07 14:44:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 14:44:33 -------- d-----w- c:\progra~2\Malwarebytes
2010-09-07 14:44:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 14:44:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 14:43:28 -------- d-----w- C:\malwarebytes
2010-08-10 22:32:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-10 22:32:11 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2010-08-10 22:32:09 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2010-08-10 22:31:59 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-10 22:31:44 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-10 22:31:43 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-10 22:31:38 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-10 22:31:32 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 17:00:21 1316864 ----a-w- c:\windows\system32\ole32.dll

============= FINISH: 11:43:13.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 viceroy507

viceroy507
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 12 December 2010 - 08:15 PM

Sorry, don't want to bump this thread, but I can't find the edit button for my original post. Basically, I was able to run combofix in safe mode (I know, I know, don't run combofix until someone has asked you) and it was able to run and it actually took care of all my problems. Was able to remove whatever I had still on my system. I ran 2 scans of malwarebytes and an online scan of eset, and nothing came up, so I am going to assume everything was cleaned up using combofix. Again, sorry for the bump, I didn't know how to edit my original post. Sorry for the actions taken, I don't want to be shunned by the bleepingcomputer.com community.

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:34 AM

Posted 12 December 2010 - 08:52 PM

Thanks for letting me know :thumbup2:

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users