Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Combofix Log Analysis

Started by do_you_realize , Jan 11 2010 09:25 PM

  • This topic is locked This topic is locked

#1
do_you_realize
Posted 11 January 2010 - 09:25 PM

do_you_realize

    New Member

  • Member
  • Pip
  • 9 posts
I read the 'You must read this first' thread at the top of the page, and got freaked out when I read that I shouldn't have used ComboFix as it was a powerful tool and things could go wrong. Everything seems fine at the moment, but anyway, I've put the log as an attachment, and thanks to the person who helps me out on this. It says it's already deleted the infected files, but I was told to go here anyway by BleepingComputer.com. Thanks again
  • 0

Advertisements

#2
do_you_realize
Posted 11 January 2010 - 09:57 PM

do_you_realize

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix 10-01-11.01 - 01/11/2010 19:20:40.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.405 [GMT -5:00]
Running from: c:\documents and settings\\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\AegisP.inf
c:\windows\Downloaded Program Files\webinst.dll
c:\windows\system32\basotudo.dll
c:\windows\system32\bokadopi.dll
c:\windows\system32\geyofebi.dll
c:\windows\system32\gezibaju.dll
c:\windows\system32\kadidika.dll
c:\windows\system32\lidanufu.dll
c:\windows\system32\munuropi.dll
c:\windows\system32\ratofoze.dll
c:\windows\system32\vebufewo.dll
c:\windows\Tasks\jimodbih.job

.
((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-11 22:49 . 2010-01-11 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-08 02:28 . 2010-01-08 03:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-01-08 02:28 . 2010-01-08 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 00:55 . 2006-08-24 16:06 -------- d-----w- c:\program files\Symantec AntiVirus
2010-01-11 22:55 . 2006-08-24 18:43 -------- d-----w- c:\documents and settings\\Application Data\Skype
2010-01-11 22:51 . 2010-01-11 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 03:25 . 2010-01-09 07:13 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-08 03:25 . 2010-01-08 02:29 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-08 02:51 . 2007-11-21 14:55 -------- d-----w- c:\documents and settings\\Application Data\uTorrent
2010-01-08 02:28 . 2010-01-08 02:28 -------- d-----w- c:\program files\Lavasoft
2010-01-08 02:25 . 2006-08-24 16:15 -------- d-----w- c:\documents and settings\\Application Data\Lavasoft
2010-01-07 21:07 . 2010-01-11 22:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2010-01-11 22:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 03:20 . 2006-08-17 04:00 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-02 02:57 . 2007-03-19 15:49 -------- d-----w- c:\program files\iTunes
2009-12-25 19:22 . 2006-08-17 03:46 -------- d-----w- c:\program files\Java
2009-12-10 08:10 . 2007-01-11 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-15 23:36 . 2006-08-22 21:10 75424 -c--a-w- c:\documents and settings\ .\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 05:38 . 2004-08-11 22:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-11 22:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-11 22:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b15cf83d-d602-43bd-b005-1d6afaadcb39}]
1601-01-01 00:03 52736 --sha-w- c:\windows\system32\buvezoze.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Google Update"="c:\documents and settings\ .\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-18 133104]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"="WDBtnMgr.exe" [2007-03-12 339968]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-27 124656]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-13 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-13 774680]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-13 252704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-08 520024]

c:\documents and settings\ .\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-16 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"AllowMultipleTSSessions"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-16 17:58 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Documents and Settings\\ .\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Simplify Media\\SimplifyMedia.exe"=
"c:\\Documents and Settings\\ .\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\ .\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\ .\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Documents and Settings\\ .\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/7/2010 9:29 PM 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/3/2007 8:33 AM 721904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/31/2009 9:05 AM 102448]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [5/26/2006 8:01 PM 115952]
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 03:24]

2010-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2793965585-4125001162-1582932196-1006Core.job
- c:\documents and settings\ .\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-18 11:36]

2010-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2793965585-4125001162-1582932196-1006UA.job
- c:\documents and settings\ .\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-18 11:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: musicmatch.com\online
TCP: {EFC087C3-9926-4B0E-A585-0835D769A380} = 71.252.0.12,71.242.0.12
DPF: {81449547-EB5D-422E-8730-932DC5E412C8} - hxxp://www.howardstern.com/install/uvuplayer.cab
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - hxxp://147.31.32.2:8080/registration/deploy/WebInst/webinst.cab
FF - ProfilePath - c:\documents and settings\ .\Application Data\Mozilla\Firefox\Profiles\2595zsu5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
FF - plugin: c:\documents and settings\ .\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ .\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SetDefaultMIDI - MIDIDef.exe
HKLM-Run-LogitechVideo[inspector] - c:\program files\Logitech\Video\InstallHelper.exe
HKLM-Run-zifohugih - c:\windows\system32\geyofebi.dll
HKLM-Run-yesiyuputa - bokadopi.dll
SharedTaskScheduler-{55f3ab3d-c72f-4f52-bc91-3c64395076bd} - c:\windows\system32\fisepolo.dll
SharedTaskScheduler-{77cdd9b2-6f76-45a1-99ed-f1086781be9a} - c:\windows\system32\geyofebi.dll
SSODL-wumarazuv-{55f3ab3d-c72f-4f52-bc91-3c64395076bd} - c:\windows\system32\fisepolo.dll
SSODL-nuhuwokeh-{77cdd9b2-6f76-45a1-99ed-f1086781be9a} - c:\windows\system32\geyofebi.dll
AddRemove-ProInst - c:\windows\Installer\iProInst.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 20:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spdw.sys >>UNKNOWN [0x87387938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7556f28
\Driver\ACPI -> ACPI.sys @ 0xf72d0cb8
\Driver\atapi -> atapi.sys @ 0xf7265b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1096)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(7164)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\StacSV.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\WDBtnMgr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-11 20:24:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-12 01:24

Pre-Run: 19,513,810,944 bytes free
Post-Run: 21,509,529,600 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 42A5D755CCF28AC806084030677A533D
  • 0

#3
do_you_realize
Posted 12 January 2010 - 09:52 PM

do_you_realize

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Can someone please help me?
  • 0

#4
do_you_realize
Posted 12 January 2010 - 10:12 PM

do_you_realize

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I also have a HJT log and Root Repeal.
  • 0

#5
ldtate
Posted 17 January 2010 - 06:20 AM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Posted Image

We look for post with 0 replies, so when you posted to your own log, we assumed you were being helped.


DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Posted Image
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Posted Image
  • Then click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste". .
  • 0

#6
do_you_realize
Posted 17 January 2010 - 09:09 AM

do_you_realize

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Since the time I made this post, my computer has continued to suffer. Virus pop up windows began infesting my computer at a rate that I could not control. It got to the point that my computer became completely inoperable. One day, I eventually had to manually shut the computer down. When I attempted to restart the computer, a blue screen appeared which read:

"A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Disable or uninstall any anti-virus, disk defragmentation or backup utilities. Check your hard drive configuration, and check for any updated drivers. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical information:

*** STOP: 0x00000024 (0x001902FE, 0xF7949380, 0xF794907c, 0x87254805)"

When I try to start the computer in safe mode or my last known good configurations, this blue screen with the above error message still appears.

Please advise. Thanks so much for any help!
  • 0

#7
ldtate
Posted 17 January 2010 - 09:16 AM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
If you can't get it to boot the only thing I know of would be a Windows repair install.
  • 0

#8
do_you_realize
Posted 17 January 2010 - 09:21 AM

do_you_realize

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Can you tell me more about a windows repair install? How would I do it?
  • 0

#9
ldtate
Posted 17 January 2010 - 09:28 AM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
http://www.michaelst...pairinstall.htm
  • 0

#10
do_you_realize
Posted 17 January 2010 - 09:34 AM

do_you_realize

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Is there anything you would recommend if I don't have the Windows Boot CD?
  • 0

#11
ldtate
Posted 17 January 2010 - 09:37 AM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Read through this topic, mainly post #12 in your case.
http://www.geekstogo...ws-XP-t138.html
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP