We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help Avira found 2 virus BOO/Sinowal.F & cant quarantine or delete
Options
Comments
-
WhiteChristmas wrote: »This is out of my experience, Olive, but I've found someone else who had a similar problem - this may be of help.
The suggested download is also recommended by the good guys over at MajorGeeks.com, so it's legit!
http://www.bleepingcomputer.com/forums/topic330913.html
I would completely agree with that:idea:0 -
Hi WhiteChristmas
Know what you mean, about being difficult to deal with, I'm fed up already, & having looked on the net at loads of people with similar problems which seem to take for ever to sort, also incl the one you have mentioned - Bleeping Computer, however when I clicked on the connection http://www.esagelab.com/files/bootkit_remover.rar
it just opened ready to run, with no website - found this about the esagelab http://safeweb.norton.com/report/show?url=www.esagelab.com detailed report here http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2004-021914-2822-99 So am a bit reluctant to try it especially as the query & solution was posted by the same new member. I've read so much stuff about some bootkit removers actually being virus/trojans themselves. Checked on WiseGeek all I could find was this http://forums.majorgeeks.com/showthread.php?p=1436932.
But am reluctant to start doing anything when both current Avira & Malwarebytes scans are all currently clear, & everything is running ok.
Would really like someone to tell me if this is correct or has the virus hidden itself so well Avira and Malwarebytes can no longer detect it?0 -
If avira did initially find it, and now it doesnt. then id assume its gone:idea:0
-
:TThanks, just what I wanted to here.
Why cant these horrible ****** people who have the intelligence to invent these virus & trojans etc use their extensive knowledge to to do some good & could actually probably earn a lot of money doing something legal !:mad: !0 -
id recommend a run with combofix though so we can determine if it is ok
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive):idea:0 -
If I'm reading it right, then your main machine is clear, but there might still be something lurking in the boot sector of that E:\ drive.
Does it have something that autoruns when you plug it in? Maybe some backup/sync program? I'm thinking along the lines of going back to safe mode, plugging it in and scanning it from there.I'm dreaming of a white Christmas.
But, if the white runs out, I'll drink the red.0 -
Have already done a couple of scans with Malwarebytes & Avira on E External drive both in Safemode & as normal mode last night & today & both came back totaly clear.
Have printed off the instructions for Combofix, presume I just deactivate Avira, but as Malwarebytes does not run in real time as its the free one, do i need to do anything with it? Also what about the Windows Firewall do I need to disable that? I believe it takes quite a while to run Combofix & so will probably do it tommorrow as I'm going out tonight.
What do you mean by snapshot pages? - sorry if I seem a bit thick!0 -
Combofix tends to take between 20 and 30 mins to run
Just turning off Avira should be fine:idea:0 -
Done as suggested, Combofix loaded & ran
Details as below:-
ComboFix 11-02-08.03 - dave 09/02/2011 13:38:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2558.2105 [GMT 0:00]
Running from: c:\documents and settings\dave\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \.picasa.ini
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020509.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020510.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020511.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020512.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020513.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020514.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020515.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020516.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020517.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020518.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020519.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020520.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020521.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020522.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020523.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020524.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020525.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020526.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020527.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020528.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020529.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020530.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020531.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020532.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020533.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020534.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020535.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020536.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020537.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020538.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020539.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020540.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020541.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020542.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020543.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020544.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020545.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020546.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020547.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020548.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020549.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020550.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020551.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020552.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020553.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020554.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020555.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020556.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020557.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020558.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020559.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020560.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020561.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020562.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020563.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020564.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020565.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020566.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020567.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020568.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020569.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020570.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020571.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020572.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020573.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020574.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020575.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020576.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020577.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020578.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020579.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020580.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020581.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020582.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020583.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020584.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020585.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020586.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020587.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020588.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020589.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020590.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020591.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020592.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020593.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020594.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020595.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020596.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020597.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020598.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020599.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020600.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020601.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020602.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020603.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020604.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020605.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020606.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020607.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020608.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020609.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020610.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020611.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020612.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020613.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020614.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020615.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020616.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \P1020617.JPG
c:\documents and settings\David\My Documents\Egypt Aug 2010 Pat & Jen \Thumbs.db
E:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.
2011-02-07 20:20 . 2011-02-07 20:20
d
w- c:\documents and settings\LocalService\Application Data\Avira
2011-02-07 15:56 . 2011-02-07 15:56
d
w- c:\documents and settings\Guest\Application Data\Malwarebytes
2011-02-07 15:25 . 2011-02-07 15:25
d-sh--w- c:\documents and settings\dave\IECompatCache
2011-02-07 13:40 . 2011-02-07 13:40 388096 ----a-r- c:\documents and settings\David\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-07 13:37 . 2011-02-07 13:37 388096 ----a-r- c:\documents and settings\dave\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-07 13:37 . 2011-02-07 13:37
d
w- c:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 18:09 . 2010-06-05 18:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-06-05 18:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 14:08 . 2010-06-05 19:11 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-23 17:09 . 2010-06-05 19:11 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2010-04-28 13:15 81920 ----a-w- c:\windows\system32\isign32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-07 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-9 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-4-28 24576]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [05/06/2010 19:11 135336]
R2 MSSQL$EONENERGYFIT;SQL Server (EONENERGYFIT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 03:27 29262680]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/05/2010 08:51 135664]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [30/07/2006 20:44 580992]
.
Contents of the 'Scheduled Tasks' folder
2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 08:51]
2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 08:51]
2011-02-09 c:\windows\Tasks\User_Feed_Synchronization-{641B0FA3-0B2D-47FD-8A6C-9EC92677A571}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
Supplementary Scan
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - [URL]file://c:\windows\Java\classes\dajava.cab[/URL]
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-UIUCU - c:\docume~1\David\LOCALS~1\Temp\UIUCU.EXE
SafeBoot-MCODS
AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 13:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\Ótжþ* ]
"DisplayName"=""
"DeviceDesc"=""
"ProviderName"=""
"MFG"="?????"
"ReinstallString"="??\01"
"DeviceInstanceIds"=multi:"n\\download\\install\\driver\\2kxp_inf\\cx_19641.inf\00"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(2776)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Other Running Processes
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-02-09 13:48:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-09 13:48
Pre-Run: 134,435,917,824 bytes free
Post-Run: 135,022,788,608 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 98563763C5EF1F5DAAF8DD5EBB72E480
Can you please confirm everything is OK or not.......?0 -
Just had a thought, from previous experience I downloaded and ran Combofix from the Administrator Account (named Dave), will this cover information from the other Users Accounts such as my husband's User Account? The problem/virus appeared via his user account. The Administrator/Dave account is only usually used for downloading stuff which requires Administator rights.
If it doesnt do I have to start again & redo it with husband's user account?
Also his Malwarebytes update box is still greyed out, the only way to update is via Administrator, where as it was possible prior to this problem. Do you think Malwarebytes is corrupted? Would it be best to uninstall & re-install?
Thanks so much for all your help!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards