republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security Cleanup > HJT Log IE7 Browser Gets Redirected

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
AuthorAll Replies


TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
kudos:5

reply to gda6

Re: HJT Log IE7 Browser Gets Redirected

Hi gda6

Several questions for you to start with.

Why did Avira not identify the trojans ealrier? Did you just install it, and you had no antivirus program previously installed, or did you have it disabled?

Did you see that your problem appears to likely have been from trying to illegaly bypass the registration of a program (WinRAR_Patch.exe)?

I see that you have PowerQuest Drive Image installed. It's an excellent image based backup and restore program. Although outdated (it won't work with Vista), Drive Image 7 works just fine with Windows XP, I use it myself. Have you considered restoring your system rather than disinfecting it? It would be the more secure way to go unless you don't have a current backup image, or you have upgraded to a SATA drive which the Powerquest boot disc won't recognize. If you do have a recent backup image, I would recommend a restore rather than disinfection. It's what I would do if it was my system. I would save any essential data files (do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files) more current than your backup, boot from the Powerquest restore disc, restore the system, and then after rebooting, replace the newer data files you saved.

If you don't want to or can't do that, we can proceed with disinfection.

Clean your Cache and Cookies in IE:
-Close all instances of Outlook Express and Internet Explorer
-Go to Control Panel > Internet Options > General tab
-Click the "Delete Cookies" button
-Next to it, Click the "Delete Files" button
-When prompted, place a check in: "Delete all offline content", click OK
Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Private Data).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
Clean other Temporary files + Recycle bin
-Go to start > run and type: cleanmgr and click ok.
-Let it scan your system for files to remove.
-Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
-Press OK to remove them.

Please download Malwarebytes' Anti-Malware from

http://www.malwarebytes.org/mbam-download.php

Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Download ComboFix© by sUBs from one of these locations:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Familiarize yourself with ComboFix before running it:
»www.bleepingcomputer.com/combofi···combofix

- Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.

- Double click on ComboFix.exe & follow the prompts.

- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.

- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply.

Please post a new HijackThis log, the log from MBAM, the log from ComboFix (combofix.txt), and note any errors encountered.

--
Proud ASAP member since 2005
to forum · permalink · 2009-06-17 06:00:38 ·

gda6

join:2004-08-28
Chicago, IL

Hello The Joker,

... or is it just Hello Joker ... ?

Okay, first to answer your questions.

0. This is my friend's computer. So, I don't know the exact history of how it got infected. But I'll do my best to describe the situation.

1. Why didn't Avira identify the trojan earlier? It was configured to virus-scan the entire hard disk on demand. For this computer, that happens infrequently. Avira was setup to detect suspicious file reads/writes on-the-fly. When my friend gave me his machine after being infected. I immediately uninstaled Avira -- and re-installed the latest version. So, the scan that I previously submitted is from the re-installed version.

2. I don't suspect that the winrar_patch.exe did something malicious. That file has been around for about a year without any ill effects.

3. The power-quest backup for this machine is 11 months old. It's too far out of date to use. Therefore, I'm going to go through the "cleaning" process. But if cleaning doesn't work -- then we'll either have to re-install windows -- or restore the 11-month-old backup.

.... okay here are the cleaning steps that I performed today.
A. Cleaned ALL IE files/history/cookies/passwords/etc.
B. Ran cleanmgr
C. Ran Malwarebytes. Log file is attached: f1_mbam....txt.
D. Reran Hijackthis. Log file is attached: f2_hijackthis....log.
E. Allowes Hijackthis to remove R0 entry.

Note: at this time I enabled most of the start-up programs
that were being blocked by msconfig.exe. The reason that
I did this is that I wanted to create a restore point. I had turned off system restore, before posting my first hijackthis log. So I needed to turn it back on to create a restore point.
I couldn't create a restore point after turning system-restore back on. Windows told me to restart the computer. After doing so; I still could not create a restore point. That is why I unblocked a lot of start-up programs. I thought maybe one of them was part of the problem. It was not. I still was not able to create a restore point.

... okay back to the clean-up activities ...

F. Ran Combofix. Log file is attached: f3_combo_fix....txt
G. Reran Hijackthis. Log file is attached: f4_hijackthis....log.

I have not tried to use the computer after these actions.
Combofix advises that I should not try to fix anything without advice from security forum.

to forum · permalink · 2009-06-17 22:43:51 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

I'm going to open those logs up for ease of viewing

Malwarebytes' Anti-Malware 1.37
Database version: 2296
Windows 5.1.2600 Service Pack 3

6/17/2009 8:40:49 AM
mbam-log-2009-06-17 (08-40-49).txt

Scan type: Quick Scan
Objects scanned: 81942
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> Quarantined and deleted successfully.

ComboFix 09-06-17.02 - Lamar 06/17/2009 20:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1633 [GMT -5:00]
Running from: c:\documents and settings\Lamar\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Lamar\Application Data\inst.exe
c:\windows\system32\drivers\SKYNETpmeevkax.sys
c:\windows\system32\SKYNETgylclswx.dat
c:\windows\system32\SKYNETkpuakgyd.dll
c:\windows\system32\SKYNETowfnanim.dll
c:\windows\system32\SKYNETqkkeuytv.dat

----- BITS: Possible infected sites -----

hxxp://binuser.fileave.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETyutgwmri

((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-06-17 13:43 . 2009-06-17 13:56 -------- d-----w- c:\temp\working
2009-06-17 13:36 . 2009-06-17 13:36 -------- d-----w- c:\documents and settings\Lamar\Application Data\Malwarebytes
2009-06-17 13:36 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 13:36 . 2009-06-17 13:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 13:36 . 2009-06-17 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-17 13:36 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 13:34 . 2009-06-17 13:34 3371384 ----a-w- c:\temp\mbam-setup.exe
2009-06-17 04:26 . 2009-06-17 04:26 -------- d-----w- c:\program files\Trend Micro
2009-06-17 04:24 . 2009-06-17 04:24 812344 ----a-w- c:\temp\HJTInstall.exe
2009-06-17 04:15 . 2009-06-17 03:09 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-17 03:09 . 2009-06-17 03:08 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-17 03:09 . 2009-06-17 03:09 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-17 03:09 . 2009-06-17 03:09 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-17 03:09 . 2009-06-17 03:09 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-17 03:09 . 2009-06-17 03:09 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-17 03:09 . 2009-06-17 03:09 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-17 03:09 . 2009-06-17 03:09 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-17 03:09 . 2009-06-17 03:09 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-17 03:08 . 2009-06-17 03:08 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-17 03:08 . 2009-06-17 03:08 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-17 03:08 . 2009-06-17 03:08 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-17 03:08 . 2009-06-17 03:08 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-17 03:08 . 2009-06-17 03:08 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-17 03:08 . 2009-06-17 03:08 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-17 03:08 . 2009-06-17 03:08 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-17 03:08 . 2009-06-17 03:08 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-17 03:08 . 2009-06-17 03:08 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-17 03:08 . 2009-06-17 03:08 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-17 03:08 . 2009-06-17 03:08 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-17 03:07 . 2009-06-17 03:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-17 03:07 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-17 03:07 . 2009-06-17 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-17 03:07 . 2009-06-17 03:07 -------- d-----w- c:\program files\Lavasoft
2009-06-17 03:06 . 2009-06-17 03:06 37452296 ----a-w- c:\temp\Ad-AwareAE.exe
2009-06-17 00:41 . 2009-06-17 02:45 -------- d-----w- c:\documents and settings\Lamar\.housecall6.6
2009-06-16 05:03 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-16 05:03 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-16 05:03 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-16 05:03 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-16 05:03 . 2009-06-16 05:03 -------- d-----w- c:\program files\Avira
2009-06-16 05:03 . 2009-06-16 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-16 04:47 . 2009-06-16 04:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-16 04:44 . 2009-06-16 04:44 30075904 ----a-w- c:\temp\avira_antivir_personal_en.exe
2009-06-16 04:39 . 2009-06-16 04:39 16409960 ----a-w- c:\temp\spybotsd162.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 04:49 . 2008-05-31 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 23:49 . 2008-06-03 20:48 -------- d-----w- c:\documents and settings\Lamar\Application Data\NewsBin
2009-06-07 15:18 . 2009-06-07 15:19 3087360 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-06-07 15:18 . 2009-06-07 15:19 1887744 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-06-04 14:18 . 2008-08-12 09:36 -------- d-----w- c:\documents and settings\Lamar\Application Data\dvdcss
2009-06-01 01:56 . 2009-02-07 03:00 -------- d-----w- c:\program files\DYMO DiscPainter
2009-05-30 21:16 . 2009-05-30 21:19 1884160 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-05-30 21:16 . 2009-05-30 21:19 372224 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-05-22 06:32 . 2008-06-05 02:24 -------- d-----w- c:\documents and settings\Lamar\Application Data\CopyToDvd
2009-05-22 06:24 . 2008-06-05 02:15 -------- d-----w- c:\program files\VSO
2009-05-12 07:34 . 2008-10-25 09:12 2595102 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-07 15:32 . 2004-08-10 17:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-10 17:51 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-10 17:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 17:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-05 18:15 . 2009-01-12 02:48 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-03-30 02:12 . 2009-03-30 03:09 60928 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-03-30 01:50 . 2009-03-30 03:09 1833472 ----a-w- c:\windows\Internet Logs\xDB20.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-01-26 902936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-17 518488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Omnipage"="c:\program files\ScanSoft\OmniPagePro11.0\opware32.exe" [2001-06-21 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"dyaaserv.exe"="c:\program files\DYMO DiscPainter\Drivers\dyaaserv.exe" [2007-11-12 177152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-06-14 16132608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/16/2009 10:09 PM 64160]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [6/3/2003 3:52 PM 123957]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [6/3/2003 3:52 PM 46900]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/16/2009 12:03 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1005904]
S3 DYUSB;DYMO DiscPainter USB Status Monitor Driver;c:\windows\system32\drivers\dyusb.sys [10/22/2007 12:07 PM 35200]
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:08]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2009-06-17 20:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-18 20:46
ComboFix-quarantined-files.txt 2009-06-18 01:46

Pre-Run: 57,662,877,696 bytes free
Post-Run: 57,822,457,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

164 --- E O F --- 2009-06-10 00:03
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2009-06-17 22:51:27 ·
Forums > Broadband Tech > Security > Security Cleanup

Friday, 01-Jun 11:27:23 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics