Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Scary Virus

(In Progress)
(!)

Jakubas's Avatar
Jakubas Jakubas is offline
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Aug 2010
28-Aug-2010, 05:07 PM #1
Scary Virus
My laptop that has Windows XP SP2 installed recently got a virus.
The virus disabled task manager, regedit and likes to shut down .exe extensions. Because of this virus i cant play any of my favorite MMORPGS like Maplestory XD. Ive tried a bunch of antiviruses but none of them found the virus ;( When i tried going on Panda online scan it wouldn't load the page and when I X'ed out Google Chrome the name of Google Chrome changed to Cant. I would really appreciate someones help.

I've got a HijackThis log :
Logfile of HijackThis v1.99.1
Scan saved at 11:00:42 PM, on 8/28/2010
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wpabaln.exe
C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\winwhtuxk.exe
C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\Katalog tymczasowy 1 dla RootkitRevealer.zip\RootkitRevealer.exe
C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\DO.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\chcp.com
C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe" /service (file missing)
O23 - Service: DO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\DO.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe
Jakubas's Avatar
Jakubas Jakubas is offline
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Aug 2010
28-Aug-2010, 05:25 PM #2
I've done 3 malwarebyte's Anti-Malware scans and each time I do a scan I always get the same 5 viruses which i just Quarantined and deleted. It's like they reproduce or something.
Here's my malware log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4495

Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180

8/28/2010 11:31:59 PM
mbam-log-2010-08-28 (23-31-59).txt

Scan type: Quick scan
Objects scanned: 118867
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System \DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System \DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Last edited by Jakubas; 28-Aug-2010 at 05:34 PM..
Jakubas's Avatar
Jakubas Jakubas is offline
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Aug 2010
29-Aug-2010, 04:45 AM #3
Here's the OTS scan log
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,571 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-Aug-2010, 07:35 AM #4
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully

Download ComboFix from Here or Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
Jakubas's Avatar
Jakubas Jakubas is offline
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Aug 2010
29-Aug-2010, 08:04 AM #5
ComboFix 10-08-28.02 - Dark Knight 08/29/2010 13:56:17.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.2038.1756 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Dark Knight\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DAC970NT
-------\Service_dac970nt
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,571 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-Aug-2010, 08:25 AM #6
that isn't teh full clmbofix log

#if it isn't at c:\combofix.txt then run combofix again please & post the new log it makes
Jakubas's Avatar
Jakubas Jakubas is offline
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Aug 2010
29-Aug-2010, 09:59 AM #7
Combofix got stuck at Preparing Log Report.
I've waited 1 hour and its till on the same screen.
EDIT: GOT IT TO WORK HAD TO UNISTALL MAGICISO

ComboFix 10-08-28.02 - Dark Knight 08/29/2010 16:14:19.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1045.18.2038.1748 [GMT 2:00]
Running from: c:\documents and settings\Dark Knight\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Us³ugi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DAC970NT
-------\Service_dac970nt
-------\Legacy_DAC970NT
-------\Service_dac970nt
-------\Legacy_DAC970NT
-------\Service_dac970nt
-------\Legacy_DAC970NT
-------\Service_dac970nt
-------\Legacy_DAC970NT
-------\Service_dac970nt
-------\Legacy_DAC970NT
-------\Service_dac970nt


((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-29 12:28 . 2010-08-29 12:28 -------- d-----w- C:\Download
2010-08-29 12:28 . 2010-08-29 12:28 495616 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2010-08-29 12:28 . 2010-08-29 12:28 -------- d-----w- C:\Nexon
2010-08-29 11:36 . 2010-08-29 11:36 -------- d-----w- c:\program files\BitTorrent
2010-08-29 11:36 . 2010-08-29 11:36 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\BitTorrent
2010-08-29 11:27 . 2010-08-29 11:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-29 11:27 . 2010-08-29 11:27 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\DAEMON Tools Lite
2010-08-29 11:27 . 2010-08-29 11:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2010-08-29 11:24 . 2010-08-29 11:24 -------- d-----w- c:\program files\CCleaner
2010-08-29 11:21 . 2010-08-29 11:21 -------- d-----w- c:\program files\IObit
2010-08-29 11:21 . 2010-08-29 11:21 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\IObit
2010-08-29 07:19 . 2010-08-29 07:19 -------- d-----w- c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\GamersFirst LIVE!
2010-08-29 07:19 . 2010-08-29 09:41 -------- d-----w- c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\PMB Files
2010-08-29 07:18 . 2010-08-29 09:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PMB Files
2010-08-28 20:27 . 2010-08-28 20:27 -------- d-----w- c:\program files\AhnLab
2010-08-28 20:27 . 2010-08-28 20:27 -------- d-----w- c:\documents and settings\Dark Knight\AppData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 13:27 . 2006-03-02 12:00 49376 ----a-w- c:\windows\system32\perfc015.dat
2010-08-29 13:27 . 2006-03-02 12:00 355152 ----a-w- c:\windows\system32\perfh015.dat
2010-08-28 21:19 . 2010-08-28 17:55 -------- d-----w- c:\program files\UnHackMe
2010-08-28 19:54 . 2010-08-28 17:33 -------- d-----w- c:\program files\AnVir Task Manager Pro
2010-08-28 17:56 . 2010-08-28 17:56 2 --shatr- c:\windows\winstart.bat
2010-08-28 17:37 . 2010-08-28 17:37 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\Malwarebytes
2010-08-28 17:37 . 2010-08-28 17:37 -------- dc-h--w- c:\documents and settings\All Users\Dane aplikacji\{5DC53E13-E865-430F-97A7-98ACA32FC3D8}
2010-08-28 17:36 . 2010-08-28 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-28 17:36 . 2010-08-28 17:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-08-28 17:33 . 2010-08-28 17:31 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\GetRightToGo
2010-08-28 16:49 . 2010-08-28 16:49 200 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-08-28 16:49 . 2010-08-28 16:48 -------- d-----w- c:\program files\IDT
2010-08-28 16:48 . 2010-08-28 16:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-28 16:48 . 2010-08-28 16:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-28 16:45 . 2010-08-28 16:45 -------- d-----w- c:\program files\SAGEM
2010-08-28 16:45 . 2010-08-28 16:45 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\InstallShield
2010-08-28 16:34 . 2010-08-28 16:34 -------- d-----w- c:\program files\microsoft frontpage
2010-08-28 16:33 . 2010-08-28 16:33 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-28 16:33 . 2010-08-28 16:33 -------- d-----w- c:\program files\Us?ugi online
2010-08-28 16:31 . 2010-08-28 16:31 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-04 16:23 . 2010-06-04 16:23 1548288 ----a-w- c:\windows\system32\sfcfiles.dll
2010-06-04 16:22 . 2010-06-04 16:23 305176 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-04 16:22 . 2010-06-04 16:22 991744 ----a-w- c:\windows\system32\syssetup.dll
.

------- Sigcheck -------

[-] 2010-06-04 . 64FF4E77CF31132734C42C90B4839FBA . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-29_13.23.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-03-02 12:00 . 2010-08-29 13:16 40394 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-08-29 13:27 40394 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-08-29 13:27 312172 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2010-08-29 13:16 312172 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2006-03-02 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-04-20 11:57 240408 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-04-20 11:57 211736 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-04-20 11:57 219928 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"STacSV"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"CiSvc"=3 (0x3)
"AppMgmt"=3 (0x3)
"wuauserv"=2 (0x2)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Nla"=3 (0x3)
"LmHosts"=2 (0x2)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"CryptSvc"=3 (0x3)
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Documents and Settings\\Dark Knight\\Ustawienia lokalne\\Dane aplikacji\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\Dark Knight\\Moje dokumenty\\Downloads\\OTS.exe"=
"c:\\Documents and Settings\\Dark Knight\\Moje dokumenty\\Downloads\\1v98x46e.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"56671:TCP"= 56671:TCP:Pando Media Booster
"56671:UDP"= 56671:UDP:Pando Media Booster

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/29/2010 1:27 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-688789844-725345543-1004Core.job
- c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-08-28 17:04]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-688789844-725345543-1004UA.job
- c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-08-28 17:04]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
AddRemove-GamersFirst LIVE! - c:\program files\GamersFirst\LIVE!\uninstall.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 16:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-29 16:16:30
ComboFix-quarantined-files.txt 2010-08-29 14:16

Pre-Run: 112,655,691,776 bajtów wolnych
Post-Run: 112,633,143,296 bajtów wolnych

- - End Of File - - 566043BEAAC3FFA517F3CC82DFDE17AC

Last edited by Jakubas; 29-Aug-2010 at 10:17 AM..
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,571 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-Aug-2010, 01:38 PM #8
you are gettimng help at malwarebytes forum http://forums.malwarebytes.org/index...howtopic=61504

I don't intend to duplicate the effort so thsi is now closed
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Scary Virus Attack Please Help olit Virus & Other Malware Removal 0 05-Aug-2010 02:25 PM
Scary virus! wangel110865 Windows XP 3 16-Jul-2009 08:29 AM
Scary Virus Problem andmcg5668 Virus & Other Malware Removal 7 15-Mar-2009 04:06 PM
Sexiest scary crazy babe violentbroccoli Random Discussion 2 24-Oct-2008 04:22 AM
Scary Viruses tanya Virus & Other Malware Removal 2 20-Mar-2002 03:57 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑