Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix ran&completed - don't know how to proceed


  • This topic is locked This topic is locked
3 replies to this topic

#1 iggy1427

iggy1427

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milan, italy
  • Local time:05:15 AM

Posted 19 May 2014 - 01:34 PM

hi there,

plese consider that who's writing (me) is a sw/hw total illiterate..

 

months ago i downloaded a .exe (then uninstalled) to upload videos on youtube and from that time:

 

- at every web connection (firefox), the start page is http://istart.webssearches.com + the last web page visited at previous connection (two windows). i set up new homepage but nothing changes.

- pop ups frequently open (then disabled via settings).

- mouse stops/blocks for a second while using it.

 

i downloaded combofix and let it run. everything seems worked correctly, but now i don't know how to proceed.

here below the log i got - integral copy&paste - now saved on desktop.

if i understood well, malware etc will be removed once combofix is uninstalled and i still have to uninstall it..

 

i hope you can help me about how to proceed.

 

thanks++

iggy

 

 

 

ComboFix 14-05-19.01 - user 19/05/2014  19.13.03.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1919.1432 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\kp_0loor.pad
c:\documents and settings\user\Dati applicazioni\cacaoweb
c:\documents and settings\user\Dati applicazioni\cacaoweb\npdfile.dat
c:\documents and settings\user\Dati applicazioni\cacaoweb\replicating45CC5A1640D408B407DAC466F70A7610.cacao
c:\documents and settings\user\Dati applicazioni\cacaoweb\replicating7A0B057EAE6F89CC854F561A569308EF.cacao
c:\documents and settings\user\Dati applicazioni\cacaoweb\storage.db
c:\documents and settings\user\Dati applicazioni\Toolbar4
c:\documents and settings\user\Dati applicazioni\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\arrow_refresh.png
c:\documents and settings\user\Dati applicazioni\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\basis.xml
c:\documents and settings\user\Dati applicazioni\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\cog.png
c:\documents and settings\user\Dati applicazioni\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\computer_delete.png
c:\documents and settings\user\Dati applicazioni\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\icons.bmp
c:\documents and settings\user\Dati applicazioni\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\IMinent_Toolbar.crc
c:\documents and settings\user\Dati applicazioni\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\info.txt
c:\documents and settings\user\Dati applicazioni\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe
c:\documents and settings\user\Dati applicazioni\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe
c:\documents and settings\user\Dati applicazioni\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe
c:\documents and settings\user\Dati applicazioni\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\version.txt
c:\documents and settings\user\Impostazioni locali\Dati applicazioni\lollipop
c:\documents and settings\user\WINDOWS
c:\programmi\cacaoweb
c:\programmi\cacaoweb\cacaoweb.exe
c:\windows\IsUn0410.exe
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-04-19 al 2014-05-19  )))))))))))))))))))))))))))))))))))
.
.
2014-05-10 17:47 . 2014-05-10 17:47    10594416    ----a-w-    c:\programmi\Mozilla Firefox\icudt52.dll
2014-05-10 17:47 . 2014-05-10 17:47    1266800    ----a-w-    c:\programmi\Mozilla Firefox\icuin52.dll
2014-05-10 17:47 . 2014-05-10 17:47    965232    ----a-w-    c:\programmi\Mozilla Firefox\icuuc52.dll
2014-05-08 11:21 . 2014-05-08 11:21    188272    ----a-w-    c:\programmi\Mozilla Firefox\plugins\nppdf32.dll
2014-05-08 11:21 . 2014-05-08 11:21    188272    ----a-w-    c:\programmi\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 22:37 . 2011-04-18 20:27    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-14 22:37 . 2008-11-21 17:34    411680    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-05-14 22:37 . 2008-11-21 17:19    54832    ----a-w-    c:\windows\system32\drivers\aswrdr.sys
2014-05-13 18:17 . 2013-03-22 21:49    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-13 18:17 . 2011-07-07 16:31    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-17 16:27 . 2014-04-17 16:27    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-04-17 16:27 . 2013-03-14 17:25    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-04-17 16:27 . 2013-03-14 17:25    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-04-17 16:27 . 2013-03-14 17:25    67824    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2014-04-17 16:27 . 2011-04-18 20:27    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400107052171
2014-04-17 16:27 . 2008-11-21 17:19    54832    ----a-w-    c:\windows\system32\drivers\aswrdr.sys.1400107052171
2014-04-17 16:27 . 2008-11-21 17:19    57672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2014-04-17 16:27 . 2014-04-17 16:27    43152    ----a-w-    c:\windows\avastSS.scr
2014-04-17 16:27 . 2008-11-21 17:19    271264    ----a-w-    c:\windows\system32\aswBoot.exe
2014-03-25 01:16 . 2014-03-25 01:16    55232    ----a-w-    c:\windows\system32\drivers\tStLibG.sys
2014-03-20 10:58 . 2014-03-20 10:58    69632    ----a-r-    c:\documents and settings\user\Dati applicazioni\Microsoft\Installer\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
2014-03-20 10:58 . 2014-03-20 10:58    413696    ----a-r-    c:\documents and settings\user\Dati applicazioni\Microsoft\Installer\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
2014-03-20 10:58 . 2014-03-20 10:58    413696    ----a-r-    c:\documents and settings\user\Dati applicazioni\Microsoft\Installer\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
2014-03-20 10:58 . 2014-03-20 10:58    413696    ----a-r-    c:\documents and settings\user\Dati applicazioni\Microsoft\Installer\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}\ARPPRODUCTICON.exe
2014-03-06 17:58 . 2006-03-02 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2006-03-02 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2006-03-02 12:00    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-06 17:58 . 2006-03-02 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2006-03-02 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-05 20:36    13312    ------w-    c:\windows\system32\xp_eos.exe
2011-01-10 21:15 . 2011-01-10 21:13    38808920    ----a-w-    c:\programmi\FileFormatConverters.exe
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-17 16:27    260976    ----a-w-    c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"RIMBBLaunchAgent.exe"="c:\programmi\File comuni\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2013-05-01 421888]
"AvastUI.exe"="c:\programmi\Alwil Software\Avast5\AvastUI.exe" [2014-04-17 3873704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SupTab\SearchProtect32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50    155648    ----a-w-    c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-30 22:35    7634944    ----a-w-    c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-30 22:35    86016    ----a-w-    c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-30 22:35    1622016    ----a-w-    c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59    421888    ----a-w-    c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27    144784    ----a-w-    c:\programmi\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-26 16:23    185896    ----a-w-    c:\programmi\File comuni\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [14/03/2013 19.25.17 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [14/03/2013 19.25.17 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [18/04/2011 22.27.33 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [21/11/2008 19.34.16 411680]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [25/03/2014 3.16.42 55232]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [17/04/2014 18.27.33 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [14/03/2013 19.25.16 67824]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [01/04/2013 11.57.53 73984]
S2 gupdate1c9d27a6054c5c2;Servizio di Google Update (gupdate1c9d27a6054c5c2);c:\programmi\Google\Update\GoogleUpdate.exe [11/05/2009 22.52.19 133104]
S2 IePluginService;IePlugin Service;c:\documents and settings\All Users\Dati applicazioni\IePluginService\PluginService.exe -service --> c:\documents and settings\All Users\Dati applicazioni\IePluginService\PluginService.exe -service [?]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [05/09/2013 11.34.30 171680]
S3 Blackberry Device Manager;BlackBerry Device Manager;c:\programmi\File comuni\Research In Motion\USB Drivers\BbDevMgr.exe [18/01/2013 18.10.18 577536]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [01/04/2013 11.58.11 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [01/04/2013 11.58.40 89856]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [01/04/2013 11.58.45 66688]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [01/04/2013 11.58.52 26624]
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-22 18:17]
.
2014-05-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\Alwil Software\Avast5\AvastEmUpdate.exe [2014-04-17 16:27]
.
2014-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-11 20:51]
.
2014-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-11 20:51]
.
2014-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
- c:\windows\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2014-02-07 21:00]
.
2014-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
- c:\windows\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2014-02-07 21:00]
.
2014-05-18 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
- c:\windows\system32\xp_eos.exe [2014-03-05 23:28]
.
2014-05-08 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job
- c:\windows\system32\xp_eos.exe [2014-03-05 23:28]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1395704379&from=tugs&uid=ST3250820A_9QE5ZGBQXXXX9QE5ZGBQ
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1395704379&from=tugs&uid=ST3250820A_9QE5ZGBQXXXX9QE5ZGBQ
uSearchURL,(Default) = hxxp://it.search.yahoo.com/search?fr=mcafee&p=%s%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 85.37.17.4
FF - ProfilePath - c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\twe4r36s.default\
FF - prefs.js: browser.search.selectedEngine - Google.it
FF - prefs.js: browser.startup.homepage - hxxp://www.ecosia.org/
FF - ExtSQL: !HIDDEN! 2009-09-02 22:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=c80bc97b000000000000001d6021708b&q=
FF - user.js: extensions.Softonic.id - c80bc97b000000000000001d6021708b
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 16062
FF - user.js: extensions.Softonic.vrsn - 1.8.21.14
FF - user.js: extensions.Softonic.vrsni - 1.8.21.14
FF - user.js: extensions.Softonic.vrsnTs - 1.8.21.1410:30
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - OC
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - opencandy2013
FF - user.js: extensions.Softonic.instlRef - MOY00621
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=c80bc97b000000000000001d6021708b
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=c80bc97b000000000000001d6021708b
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{58124A0B-DC32-4180-9BFF-E0E21AE34026} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-ISUSPM - c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
HKCU-Run-cacaoweb - c:\programmi\cacaoweb\cacaoweb.exe
HKCU-Run-vm6 - c:\documents and settings\user\Dati applicazioni\M6 Processing\vm6.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-19 19:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2014-05-19  19:23:10
ComboFix-quarantined-files.txt  2014-05-19 17:23
.
Pre-Run: 185.174.990.848 byte disponibili
Post-Run: 185.997.639.680 byte disponibili
.
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - F544F007164B1A4BBC7CC85099960B17
828E02D5C4A4FBE53441EE9DBEE51F43
 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:15 AM

Posted 21 May 2014 - 09:57 AM

..
if i understood well, malware etc will be removed once combofix is uninstalled and i still have to uninstall it..
 ...

that is not true...

 

:welcome:

Hello iggy1427,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:15 AM

Posted 24 May 2014 - 04:23 AM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:15 AM

Posted 27 May 2014 - 02:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users