Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix


  • This topic is locked This topic is locked
2 replies to this topic

#1 shahil123

shahil123

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 09 June 2014 - 04:52 PM

from a recent post, i got to know about combofix, installed it and here is the log file . . . . some viruses were removed but still problems persist . . .please help
 
ComboFix 14-06-09.01 - user 06/09/2014  16:22:46.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1256.966.1033.18.991.528 [GMT 3:00]
Running from: c:\documents and settings\user\My Documents\123.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\user\Application Data\6ab
c:\documents and settings\user\Application Data\6ab\7ca6.js
c:\documents and settings\user\Application Data\Toolbar4
c:\documents and settings\user\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\6f52dca438370b63146a128c3829cc7e
c:\documents and settings\user\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\bbb9c886cf2ba534f4be36c9ba863f2f
c:\documents and settings\user\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\speedbit_icon0.2.png
c:\documents and settings\user\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\video.png
c:\documents and settings\user\Local Settings\Application Data\Microsoft\CD Burning\AUTORUN.inF
c:\documents and settings\user\My Documents\explorer.exe
C:\mxhppq.pif
c:\windows\system32\athgina.dll
D:\Autorun.inf
D:\waglbr.pif
E:\Autorun.inf
E:\mxim.pif
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-09 to 2014-06-09  )))))))))))))))))))))))))))))))
.
.
2014-06-07 22:34 . 2014-06-07 22:36 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ApplicationHistory
2014-06-07 22:32 . 2014-06-07 22:32 -------- d-----w- c:\windows\system32\URTTEMP
2014-06-07 22:04 . 2004-04-30 12:12 40960 ----a-w- c:\windows\system32\WPCA132AG.dll
2014-06-07 22:04 . 2014-06-07 22:04 -------- d-----w- c:\program files\Wireless 11abg Network Utility
2014-06-07 22:04 . 2003-10-13 12:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2014-06-07 22:04 . 2003-09-25 20:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2014-06-07 22:04 . 2003-09-25 19:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2014-06-04 20:43 . 2014-06-05 13:05 -------- d-----w- C:\FRST
2014-06-04 20:32 . 2014-06-04 20:32 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-04 10:21 . 2014-06-04 10:21 -------- d-----w- C:\OETemp
2014-06-03 20:21 . 2014-06-03 20:21 -------- d--h--w- c:\windows\PIF
2014-06-03 20:18 . 2008-03-21 09:27 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2014-06-03 20:16 . 2012-08-29 06:24 181344 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2014-06-03 20:16 . 2012-08-29 06:24 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-06-03 20:16 . 2012-08-29 06:24 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-06-03 20:16 . 2012-06-27 08:37 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2014-06-03 20:16 . 2012-06-27 08:37 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2014-06-03 20:16 . 2014-06-03 20:16 -------- dc----w- c:\windows\system32\DRVSTORE
2014-06-03 20:16 . 2014-06-03 20:16 -------- d-----w- c:\program files\SAMSUNG
2014-06-03 20:14 . 2014-06-03 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung
2014-06-03 20:03 . 2014-06-09 02:59 -------- d-----w- c:\program files\DAP
2014-06-03 20:02 . 2014-06-03 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2014-06-03 20:02 . 2014-06-03 20:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2014-06-03 20:02 . 2014-06-03 20:02 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\MFAData
2014-06-03 20:02 . 2014-06-03 20:02 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Avg2013
2014-06-02 20:51 . 2014-06-02 20:51 141824 ----a-w- c:\windows\QINST.EXE
2014-06-02 20:50 . 2014-06-09 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2014-06-02 20:50 . 1998-12-05 08:48 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2014-06-02 20:50 . 2014-06-05 16:02 -------- d-----w- c:\program files\SpeedBit Video Downloader
2014-05-28 19:18 . 2014-06-09 02:30 -------- d-----w- c:\documents and settings\user\Application Data\vlc
2014-05-27 22:13 . 2014-05-27 22:13 -------- d-----w- c:\documents and settings\user\Application Data\Baidu Security
2014-05-27 22:13 . 2014-03-11 03:14 102720 ----a-w- c:\windows\system32\drivers\BprotectEx.sys
2014-05-27 22:13 . 2014-03-11 03:14 47456 ----a-w- c:\windows\system32\drivers\Bhbase.sys
2014-05-27 22:13 . 2014-05-27 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Log
2014-05-27 22:13 . 2014-06-09 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacksSetup
2014-05-27 22:12 . 2014-05-27 22:12 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Bluestacks
2014-05-27 22:07 . 2014-05-27 22:07 -------- d-----w- c:\program files\VideoLAN
2014-05-27 22:07 . 2014-05-27 22:07 -------- d-----w- c:\documents and settings\user\Application Data\0V1L2Z2Z1T1I1L1T
2014-05-27 22:06 . 2014-06-03 19:37 -------- d-----w- c:\documents and settings\user\Application Data\baidu
2014-05-27 22:06 . 2014-05-27 22:06 -------- d-----w- c:\program files\Baidu Security
2014-05-27 22:06 . 2014-05-27 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Baidu Security
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-09 13:31 . 2014-06-09 13:31 103140 --sh--r- C:\cmyc.exe
2014-06-07 22:00 . 2004-01-01 07:53 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-03 . F0A7446342998EAA911EA535C545AA10 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[7] 2008-04-21 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie8\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7ca6"="c:\documents and settings\user\Application Data\6ab\7ca6.js" [X]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6677848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"="VTPreset.exe" [2004-02-24 114688]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-05-16 295072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 104744]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-05-31 385024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe /H [2004-1-1 737280]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoPublishingWizard"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoAutoUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\WINDOWS\\system32\\VTPreset.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\update\\realsched.exe"= c:\\Program Files\\Real\\RealPlayer\\Update\\realsched.exe
"c:\\WINDOWS\\system32\\devldr32.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\cstrike.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\WINDOWS\\System32\\WScript.exe"=
"c:\\Program Files\\Atheros\\ACU.exe"=
"c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_118_ActiveX.exe"=
"c:\\Program Files\\REALTEK RTL8187 Wireless LAN Driver and Utility\\RtWLan.exe"=
"c:\\Program Files\\Pc Dialer\\pcDialer\\pcDialer.exe"=
"c:\\Program Files\\RealNetworks\\RealDownloader\\recordingmanager.exe"=
.
R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [28/05/2014 01:13 ص 47456]
R1 BprotectEx;Baidu ProtectEx;c:\windows\system32\drivers\BprotectEx.sys [28/05/2014 01:13 ص 102720]
R2 PCFasterSvc_{PCFaster_4.0.0.0};Baidu PC Faster Service 4.0.0.0;c:\program files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [03/04/2014 06:58 ص 691184]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 07:01 م 38608]
R2 WPCA-132AG Service;WPCA-132AG Wireless PC Card;c:\program files\Wireless 11abg Network Utility\WLService.exe [08/06/2014 01:04 ص 49152]
R3 PCFApiUtil;PCFApiUtil;c:\program files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [11/03/2014 06:14 ص 119168]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [01/01/2004 11:17 ص 194304]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [01/01/2004 11:17 ص 13532]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [03/06/2014 11:16 م 83168]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [04/06/2014 11:32 م 35144]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [03/06/2014 11:16 م 181344]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [03/06/2014 11:16 م 181344]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AMSINT32
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-16 18:49]
.
2014-06-08 c:\windows\Tasks\Baidu PC Faster Update.job
- c:\program files\Baidu Security\PC Faster\4.0.0.0\Updater.exe [2014-04-02 22:27]
.
2014-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2004-01-01 09:16]
.
2014-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2004-01-01 09:16]
.
2004-01-10 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1708537768-1606980848-1417001333-1001.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29 16:03]
.
2014-06-09 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1708537768-1606980848-1417001333-1001.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29 16:01]
.
2014-06-09 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1708537768-1606980848-1417001333-1001.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29 16:01]
.
2014-06-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-1606980848-1417001333-1001.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 11:00]
.
2014-06-09 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1708537768-1606980848-1417001333-1001.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 11:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://sa.hao123.com/?tn=incore_pay_hp_01_hao123_sa
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-09 16:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_118_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_118_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2704)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe
c:\program files\Wireless 11abg Network Utility\WLanCfgAG.exe
c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
c:\windows\system32\devldr32.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2014-06-09  16:34:16 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-09 13:34
.
Pre-Run: 17,448,042,496 bytes free
Post-Run: 18,263,642,112 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 24DF6E8E10EBFC07496204328F4E3177
8F558EB6672622401DA993E1E865C861

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 AM

Posted 10 June 2014 - 02:40 AM

Hello and Welcome on board shahil123 :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Never run ComboFix without instructions from an expert!
  • Close all open Windows and disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
    File::
    C:\cmyc.exe
    c:\documents and settings\user\Application Data\6ab\7ca6.js
    
    Folder::
    c:\documents and settings\user\Application Data\0V1L2Z2Z1T1I1L1T
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "7ca6"=-
    
    DDS::
    mStart Page = hxxp://sa.hao123.com/?tn=incore_pay_hp_01_hao123_sa
    
    
  • Go to File > Save As... and save it to your Desktop named CFScript.txt.

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it will produce a log that can be found at C:\ComboFix.txt. Copy and paste the contents of this into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 AM

Posted 13 June 2014 - 08:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users