Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Kerjifire on August 29, 2010, 05:00:51 AM

Title: Combofix Scan, possible computer infection.
Post by: Kerjifire on August 29, 2010, 05:00:51 AM

Hey can you check out this combofix log and see if i needa check if i'm still infected.

Regards, Kerjifire.

Here is also MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4172

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/06/2010 8:34:12 PM
mbam-log-2010-06-07 (20-34-12).txt

Scan type: Quick scan
Objects scanned: 512
Time elapsed: 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


[recovering disk space - old attachment deleted by admin]

Title: Re: Combofix Scan, possible computer infection.
Post by: Crush on September 05, 2010, 11:36:54 AM

Hello, and welcome to Computer Hope Forums!

I'm Crush but, you can call me Chris too :) and I will be helping you with your Malware issues

Please note the following information about the malware forum:

• Only members of the Malware Removal Specialist user group are allowed to give advice on removing malware from your computer. Do not follow the advice of anyone without that user title.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, do this:

Reply to this topic with the word BUMP.

• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Now that we have that out of the way:

ComboFix should not be run without the guidance of a helper!
 
It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use.

See ComboFix's Disclaimer (http://"http://img.photobucket.com/albums/v666/sUBs/New_Disclaimer_090525.gif")
 
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

 Please refer to this thread for more information on why you shouldn't use ComboFix without supervision of a trained expert: http://www.bleepingcomputer.com/forums/topic273628.html (http://www.bleepingcomputer.com/forums/topic273628.html)

============

Download OTL (http://oldtimer.geekstogo.com/OTL.exe)  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

Code: [Select]

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit>Select All, Edit>Copy) the contents of these files, one at a time