Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Malware and Spyware Cleaning Guide" didnt help


  • Please log in to reply

#1
marek018

marek018

    New Member

  • Member
  • Pip
  • 7 posts
Hello there, 2 days ago i restarted my computer (normally i restart it once 1-2 months so i think its worth to mention it), i have spotted a iexplore.exe process which seems to start again every time i kill it.
I woudnt be really worried about it, if not the fact that it keeps to brining all my applications inactive ( the iexplore.exe process is on top), and it also keeps poping out with spam every few hours - both of these makes me unable to use my PC as i did before.
Ive googled my problem and in about 2 or 3 pages people are saying that after running "prevx" they get rid of their problem - I unluckily still have the problem.
I have found that someone at this forum had similar problem to my one and he got it solved - so i though that i might give you guys a bit of challange with my problem.

Just tell me which logs you need and i will try my best to post them ASAP.

Edited by marek018, 14 July 2010 - 04:05 PM.

  • 0

Advertisements


#2
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Posted Image

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.




Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users


Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.

We've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache
http://www.java.com/...lugin_cache.xml


Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
[/list]If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Posted Image
  • Then click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.


Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste". .
  • 0

#3
marek018

marek018

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for answer as my situation is getting worser - the iexplore.exe restart every few seconds so my pc is pretty much usless now , in addition to that i have a lot of adverts on my firefox and i got redirected very often, also all of my files were renamed with file extensions (for e.g my jpg files were renamed from X to X.jpg - any ideas how to rename them back again?)

As is was following the "Malware and Spyware Cleaning Guide" i was using anti-malware and i deleted ALL bad entries (no one mentioned to leave the sys restore ones) - i will post my 1st anti malware log and the one that i will receive now.

I went through all steps as you told me to and my PC still have that nasty iexplore.exe process running .

P.S my "volume control" - wave tab get moved all way to the buttom (which obviously mute my sound) every few minutes, any way to fix that as well?

Well, here are the logs - 1st one -

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4312

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2010-07-14 12:57:57
mbam-log-2010-07-14 (12-57-57).txt

Scan type: Quick scan
Objects scanned: 146020
Time elapsed: 31 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 9
Registry Data Items Infected: 8
Folders Infected: 3
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fd6b99c-a275-46ea-8fd1-3d63986e51e4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e03c740e-bb24-4d3c-b92a-6f84de1dd99c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Margotte (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzdn32 (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\.nvsvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\intime (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\reup (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\waittokillservicet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:\windows\fonts\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe "C:\Program Files\Common Files\System\svchost.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\User\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Intern) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\l0wsec (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\l0wsec\l0cal.ds (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\l0wsec\us3r.ds (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost\dat.ppg (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\cgame_mp_x86.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\[email protected]@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winzdn32.dll (Trojan.Dialer) -> Quarantined and deleted successfully.

- One made just now -

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4312

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2010-07-17 23:46:00
mbam-log-2010-07-17 (23-46-00).txt

Scan type: Quick scan
Objects scanned: 172569
Time elapsed: 55 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
You had quite a collection there.
You also had a Backdoor Bot
C:\WINDOWS\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.


Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:
  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.
  • 0

#5
marek018

marek018

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

You had quite a collection there.
You also had a Backdoor Bot
C:\WINDOWS\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.


Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.


Ok, im aware of everything, if you can help me with all visible viruses , that will be great anyway - because there is no way that i can do it by myself.
  • 0

#6
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

#7
marek018

marek018

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry for late answer - my pc was playing so muc hthat i musted to use my friend pc - well anyway, the iexplore.exe is gone !.
BUT i have 1 weird problem - My HID (Human Interface Device) Input Service isnt working, i tried to launch it from local services but it gives me error 126: the specified module cannot be found, i have a lot of hotkeys on my keyboard so without them my life would become harder , ive tried google - but without success - that HID service was ALWAYS working without any problems, but after using combofix it started to playing around.

I will scan my PC with AVG, Anti Malware, Prevx - if any of those will find virus etc. i will post logs - if not then i will ask to close the topic.

P.S combofix DID NOT produced any log so i cant paste it.

Edited by marek018, 20 July 2010 - 02:54 AM.

  • 0

#8
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Look for: C:\combofix.txt or C:\combofix\combofix.txt
  • 0

#9
marek018

marek018

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Look for: C:\<b>combofix.txt</b> or C:\combofix\<b>combofix.txt</b>


Got it now :) there you go :

ComboFix 10-07-16.02 - User 2010-07-18 17:32:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.66 [GMT 1:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\HP Image Zone .lnk
C:\Documents and Settings\User\Application Data\Desktopicon
C:\Documents and Settings\User\Application Data\msnmsgr.exe
C:\Documents and Settings\User\eula.txt
C:\Documents and Settings\User\jogl.dll
C:\Documents and Settings\User\Recent\Thumbs.db
C:\Install.exe
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard(2)
C:\Program Files\Common Files\companion wizard(2)\000.tmp
C:\WINDOWS\PCGWIN32.LI5
C:\WINDOWS\system32\439677.dll
C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\c_dll.dll
C:\WINDOWS\system32\components
C:\WINDOWS\system32\litprtuo.ini
C:\WINDOWS\xpsp1hfm.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53


((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-17 09:42:39 . 2010-07-17 09:42:39 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
2010-07-16 22:45:31 . 2010-07-16 22:45:31 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-07-16 21:40:52 . 2010-07-18 15:38:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-07-15 21:54:03 . 2010-07-17 02:50:17 -------- d-----w- C:\WINDOWS\system32\CatRoot_bak
2010-07-14 08:53:37 . 2010-07-14 08:53:37 -------- d-----w- C:\Documents and Settings\User\Application Data\Malwarebytes
2010-07-14 08:53:11 . 2010-04-29 14:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-14 08:53:09 . 2010-07-14 08:53:09 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-14 08:53:07 . 2010-04-29 14:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-14 08:53:06 . 2010-07-14 08:53:24 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-14 08:48:16 . 2010-07-14 08:49:16 -------- d-----w- C:\Program Files\ERUNT
2010-07-13 20:59:41 . 2010-07-13 20:59:41 -------- d-----w- C:\Program Files\Trend Micro
2010-07-13 17:54:26 . 2010-07-13 17:55:50 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\Orbit
2010-07-13 10:04:20 . 2010-07-13 10:04:21 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2010-07-13 01:24:38 . 2009-08-06 18:23:46 274288 ----a-w- C:\WINDOWS\system32\mucltui.dll
2010-07-13 01:02:46 . 2010-07-13 01:02:46 27656 ----a-w- C:\WINDOWS\system32\drivers\pxsec.sys
2010-07-13 01:02:46 . 2010-07-13 01:02:46 22024 ----a-w- C:\WINDOWS\system32\drivers\pxscan.sys
2010-07-13 01:02:44 . 2010-07-13 01:02:44 -------- d-----w- C:\Program Files\Prevx
2010-07-13 01:02:37 . 2010-07-18 02:31:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2010-07-10 21:18:53 . 2009-11-03 13:07:06 679936 ----a-w- C:\WINDOWS\system32\D3DX81ab.dll
2010-07-10 21:18:53 . 2009-11-03 13:07:06 1970176 ----a-w- C:\WINDOWS\system32\d3dx9.dll
2010-07-10 00:33:50 . 2010-07-15 23:09:08 -------- d-----w- C:\Program Files\Cheat Engine
2010-07-08 11:12:11 . 2010-07-08 11:12:11 -------- d-----w- C:\Program Files\NEXON
2010-07-08 09:07:22 . 2010-07-08 09:07:22 421888 ----a-w- C:\WINDOWS\NEXON_EU_DownloaderUpdater.exe
2010-07-06 18:07:48 . 2010-07-06 18:08:40 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\NFS Underground 2
2010-07-04 09:10:15 . 2010-07-04 09:10:15 -------- d-----w- C:\Program Files\Activision
2010-07-03 16:12:43 . 2010-07-03 22:42:24 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NFS Underground
2010-07-03 16:01:09 . 2010-07-11 20:53:48 -------- d-----w- C:\Program Files\EA GAMES
2010-06-30 20:08:59 . 2010-06-30 20:08:59 -------- d-----w- C:\Program Files\Rockstar Games
2010-06-30 19:39:24 . 2004-04-30 08:37:02 160640 ----a-w- C:\WINDOWS\system32\drivers\a347bus.sys
2010-06-30 19:39:24 . 2004-04-30 08:33:00 5248 ----a-w- C:\WINDOWS\system32\drivers\a347scsi.sys
2010-06-30 19:39:06 . 2010-06-30 19:39:06 -------- d-----w- C:\Program Files\Alcohol 120%
2010-06-19 20:36:57 . 2010-06-19 20:44:12 -------- d-----w- C:\Program Files\Football Manager 2009
2010-06-19 12:58:32 . 2010-06-19 13:04:07 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Sports Interactive
2010-06-18 23:09:17 . 2010-06-19 13:22:04 -------- d-----w- C:\Documents and Settings\User\Application Data\Sports Interactive
2010-06-18 22:42:43 . 2010-06-18 22:42:43 -------- d--h--w- C:\Documents and Settings\User\InstallAnywhere

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.

Is my PC clean now? - if it is can you help me with that HID thing?
  • 0

#10
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Combofix didn't finish.
Please try running it again.
  • 0

#11
marek018

marek018

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Combofix didn't finish.
Please try running it again.


Im on holiday so i dont have access to my PC now, and i wont be able to use it for next week or so - when i come back i will rerun combofix and post you the results. Just dont delete my topic because i cant answer you atm.
  • 0

#12
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP

Combofix didn't finish.
Please try running it again.


Im on holiday so i dont have access to my PC now, and i wont be able to use it for next week or so - when i come back i will rerun combofix and post you the results. Just dont delete my topic because i cant answer you atm.

:)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP