1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Scary Virus

Discussion in 'Virus & Other Malware Removal' started by Jakubas, Aug 28, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Jakubas

    Jakubas Thread Starter

    Joined:
    Aug 28, 2010
    Messages:
    5
    My laptop that has Windows XP SP2 installed recently got a virus.
    The virus disabled task manager, regedit and likes to shut down .exe extensions. Because of this virus i cant play any of my favorite MMORPGS like Maplestory XD. Ive tried a bunch of antiviruses but none of them found the virus ;( When i tried going on Panda online scan it wouldn't load the page and when I X'ed out Google Chrome the name of Google Chrome changed to Cant. I would really appreciate someones help.

    I've got a HijackThis log :
    Logfile of HijackThis v1.99.1
    Scan saved at 11:00:42 PM, on 8/28/2010
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Prevx\prevx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Prevx\prevx.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wpabaln.exe
    C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\winwhtuxk.exe
    C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\Katalog tymczasowy 1 dla RootkitRevealer.zip\RootkitRevealer.exe
    C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\DO.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\chcp.com
    C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe" /service (file missing)
    O23 - Service: DO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\DO.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe
     
  2. Sponsor

  3. Jakubas

    Jakubas Thread Starter

    Joined:
    Aug 28, 2010
    Messages:
    5
    I've done 3 malwarebyte's Anti-Malware scans and each time I do a scan I always get the same 5 viruses which i just Quarantined and deleted. It's like they reproduce or something.
    Here's my malware log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4495

    Windows 5.1.2600 Dodatek Service Pack 2
    Internet Explorer 6.0.2900.2180

    8/28/2010 11:31:59 PM
    mbam-log-2010-08-28 (23-31-59).txt

    Scan type: Quick scan
    Objects scanned: 118867
    Time elapsed: 4 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 5
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. Jakubas

    Jakubas Thread Starter

    Joined:
    Aug 28, 2010
    Messages:
    5
    Here's the OTS scan log
     

    Attached Files:

    • OTS.Txt
      File size:
      361.2 KB
      Views:
      1
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    50,134
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully

    Download ComboFix from Here or Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  6. Jakubas

    Jakubas Thread Starter

    Joined:
    Aug 28, 2010
    Messages:
    5
    ComboFix 10-08-28.02 - Dark Knight 08/29/2010 13:56:17.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.2038.1756 [GMT 2:00]
    Uruchomiony z: C:\Documents and Settings\Dark Knight\Pulpit\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DAC970NT
    -------\Service_dac970nt
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    50,134
    that isn't teh full clmbofix log

    #if it isn't at c:\combofix.txt then run combofix again please & post the new log it makes
     
  8. Jakubas

    Jakubas Thread Starter

    Joined:
    Aug 28, 2010
    Messages:
    5
    Combofix got stuck at Preparing Log Report.
    I've waited 1 hour and its till on the same screen.
    EDIT: GOT IT TO WORK HAD TO UNISTALL MAGICISO

    ComboFix 10-08-28.02 - Dark Knight 08/29/2010 16:14:19.7.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1045.18.2038.1748 [GMT 2:00]
    Running from: c:\documents and settings\Dark Knight\Pulpit\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Sterowniki/Us³ugi )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DAC970NT
    -------\Service_dac970nt
    -------\Legacy_DAC970NT
    -------\Service_dac970nt
    -------\Legacy_DAC970NT
    -------\Service_dac970nt
    -------\Legacy_DAC970NT
    -------\Service_dac970nt
    -------\Legacy_DAC970NT
    -------\Service_dac970nt
    -------\Legacy_DAC970NT
    -------\Service_dac970nt


    ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
    .

    2010-08-29 12:28 . 2010-08-29 12:28 -------- d-----w- C:\Download
    2010-08-29 12:28 . 2010-08-29 12:28 495616 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
    2010-08-29 12:28 . 2010-08-29 12:28 -------- d-----w- C:\Nexon
    2010-08-29 11:36 . 2010-08-29 11:36 -------- d-----w- c:\program files\BitTorrent
    2010-08-29 11:36 . 2010-08-29 11:36 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\BitTorrent
    2010-08-29 11:27 . 2010-08-29 11:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-08-29 11:27 . 2010-08-29 11:27 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\DAEMON Tools Lite
    2010-08-29 11:27 . 2010-08-29 11:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
    2010-08-29 11:24 . 2010-08-29 11:24 -------- d-----w- c:\program files\CCleaner
    2010-08-29 11:21 . 2010-08-29 11:21 -------- d-----w- c:\program files\IObit
    2010-08-29 11:21 . 2010-08-29 11:21 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\IObit
    2010-08-29 07:19 . 2010-08-29 07:19 -------- d-----w- c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\GamersFirst LIVE!
    2010-08-29 07:19 . 2010-08-29 09:41 -------- d-----w- c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\PMB Files
    2010-08-29 07:18 . 2010-08-29 09:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PMB Files
    2010-08-28 20:27 . 2010-08-28 20:27 -------- d-----w- c:\program files\AhnLab
    2010-08-28 20:27 . 2010-08-28 20:27 -------- d-----w- c:\documents and settings\Dark Knight\AppData

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-29 13:27 . 2006-03-02 12:00 49376 ----a-w- c:\windows\system32\perfc015.dat
    2010-08-29 13:27 . 2006-03-02 12:00 355152 ----a-w- c:\windows\system32\perfh015.dat
    2010-08-28 21:19 . 2010-08-28 17:55 -------- d-----w- c:\program files\UnHackMe
    2010-08-28 19:54 . 2010-08-28 17:33 -------- d-----w- c:\program files\AnVir Task Manager Pro
    2010-08-28 17:56 . 2010-08-28 17:56 2 --shatr- c:\windows\winstart.bat
    2010-08-28 17:37 . 2010-08-28 17:37 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\Malwarebytes
    2010-08-28 17:37 . 2010-08-28 17:37 -------- dc-h--w- c:\documents and settings\All Users\Dane aplikacji\{5DC53E13-E865-430F-97A7-98ACA32FC3D8}
    2010-08-28 17:36 . 2010-08-28 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-28 17:36 . 2010-08-28 17:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
    2010-08-28 17:33 . 2010-08-28 17:31 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\GetRightToGo
    2010-08-28 16:49 . 2010-08-28 16:49 200 ----a-w- c:\windows\system32\drivers\sthdae.log
    2010-08-28 16:49 . 2010-08-28 16:48 -------- d-----w- c:\program files\IDT
    2010-08-28 16:48 . 2010-08-28 16:45 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-28 16:48 . 2010-08-28 16:48 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-08-28 16:45 . 2010-08-28 16:45 -------- d-----w- c:\program files\SAGEM
    2010-08-28 16:45 . 2010-08-28 16:45 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\InstallShield
    2010-08-28 16:34 . 2010-08-28 16:34 -------- d-----w- c:\program files\microsoft frontpage
    2010-08-28 16:33 . 2010-08-28 16:33 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-08-28 16:33 . 2010-08-28 16:33 -------- d-----w- c:\program files\Us?ugi online
    2010-08-28 16:31 . 2010-08-28 16:31 21856 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-06-04 16:23 . 2010-06-04 16:23 1548288 ----a-w- c:\windows\system32\sfcfiles.dll
    2010-06-04 16:22 . 2010-06-04 16:23 305176 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2010-06-04 16:22 . 2010-06-04 16:22 991744 ----a-w- c:\windows\system32\syssetup.dll
    .

    ------- Sigcheck -------

    [-] 2010-06-04 . 64FF4E77CF31132734C42C90B4839FBA . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((( [email protected]_13.23.57 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2006-03-02 12:00 . 2010-08-29 13:16 40394 c:\windows\system32\perfc009.dat
    + 2006-03-02 12:00 . 2010-08-29 13:27 40394 c:\windows\system32\perfc009.dat
    + 2006-03-02 12:00 . 2010-08-29 13:27 312172 c:\windows\system32\perfh009.dat
    - 2006-03-02 12:00 . 2010-08-29 13:16 312172 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GamersFirst LIVE!.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\GamersFirst LIVE!.lnk
    backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2006-03-02 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-04-20 11:57 240408 ----a-w- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-04-20 11:57 211736 ----a-w- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-04-20 11:57 219928 ----a-w- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "xmlprov"=3 (0x3)
    "WmiApSrv"=3 (0x3)
    "WmdmPmSN"=3 (0x3)
    "VSS"=3 (0x3)
    "UPS"=3 (0x3)
    "upnphost"=3 (0x3)
    "SysmonLog"=3 (0x3)
    "SwPrv"=3 (0x3)
    "STacSV"=2 (0x2)
    "SCardSvr"=3 (0x3)
    "RSVP"=3 (0x3)
    "RDSessMgr"=3 (0x3)
    "RasAuto"=3 (0x3)
    "NtmsSvc"=3 (0x3)
    "NtLmSsp"=3 (0x3)
    "Netlogon"=3 (0x3)
    "MSIServer"=3 (0x3)
    "MSDTC"=3 (0x3)
    "mnmsrvc"=3 (0x3)
    "HTTPFilter"=3 (0x3)
    "dmserver"=3 (0x3)
    "dmadmin"=3 (0x3)
    "COMSysApp"=3 (0x3)
    "CiSvc"=3 (0x3)
    "AppMgmt"=3 (0x3)
    "wuauserv"=2 (0x2)
    "stisvc"=2 (0x2)
    "SSDPSRV"=3 (0x3)
    "Spooler"=2 (0x2)
    "ShellHWDetection"=2 (0x2)
    "SENS"=2 (0x2)
    "seclogon"=2 (0x2)
    "Schedule"=2 (0x2)
    "ProtectedStorage"=2 (0x2)
    "PolicyAgent"=2 (0x2)
    "Nla"=3 (0x3)
    "LmHosts"=2 (0x2)
    "HidServ"=2 (0x2)
    "helpsvc"=2 (0x2)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "CryptSvc"=3 (0x3)
    "BITS"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "UacDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\hkcmd.exe"=
    "c:\\WINDOWS\\system32\\igfxtray.exe"=
    "c:\\WINDOWS\\system32\\igfxpers.exe"=
    "c:\\Documents and Settings\\Dark Knight\\Ustawienia lokalne\\Dane aplikacji\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Documents and Settings\\Dark Knight\\Moje dokumenty\\Downloads\\OTS.exe"=
    "c:\\Documents and Settings\\Dark Knight\\Moje dokumenty\\Downloads\\1v98x46e.exe"=
    "c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
    "c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "56671:TCP"= 56671:TCP:pando Media Booster
    "56671:UDP"= 56671:UDP:pando Media Booster

    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/29/2010 1:27 PM 691696]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-688789844-725345543-1004Core.job
    - c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-08-28 17:04]

    2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-688789844-725345543-1004UA.job
    - c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-08-28 17:04]
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
    AddRemove-GamersFirst LIVE! - c:\program files\GamersFirst\LIVE!\uninstall.exe
    AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-29 16:15
    Windows 5.1.2600 Dodatek Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-08-29 16:16:30
    ComboFix-quarantined-files.txt 2010-08-29 14:16

    Pre-Run: 112,655,691,776 bajtów wolnych
    Post-Run: 112,633,143,296 bajtów wolnych

    - - End Of File - - 566043BEAAC3FFA517F3CC82DFDE17AC
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    50,134
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/946374