Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.3
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Mar 22nd, 2010, 7:33am
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   need help		 « Previous topic | Next topic »
Pages: 1 2 3  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: need help  (Read 1649 times)
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 181
need help
« on: Apr 9th, 2009, 9:11am »		 Quote Quote  Modify Modify
i got a virus in my pc everytime i run combofix my pc restart it self
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10, on 2009-04-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\regmech.exe /H
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
 
--
End of file - 4082 bytes
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 504
Yahoo! Messenger Version 10.0.0 Build 542 Beta
YTK Enhanced Version 2.6 Build 70 Beta
Mozilla Firefox v3.5.3
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
Malwarebytes' Anti-Malware Version 1.41
TrojanHunter Version 5.2 Build 987
Netgear Router
SUPERAntiSpyware Professional Version 4.29 Build 1002
Packed Driver Detector Version 0.9
HijackThis Version 2.0 Build 2
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 181
Re: need help
« Reply #1 on: Apr 9th, 2009, 9:13am »		 Quote Quote  Modify Modify
Malwarebytes' Anti-Malware 1.36
Database version: 1958
Windows 5.1.2600 Service Pack 2
 
4/9/2009 9:52:25 AM
mbam-log-2009-04-09 (09-52-25).txt
 
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 101899
Time elapsed: 24 minute(s), 46 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
(No malicious items detected)
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
(No malicious items detected)
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 504
Yahoo! Messenger Version 10.0.0 Build 542 Beta
YTK Enhanced Version 2.6 Build 70 Beta
Mozilla Firefox v3.5.3
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
Malwarebytes' Anti-Malware Version 1.41
TrojanHunter Version 5.2 Build 987
Netgear Router
SUPERAntiSpyware Professional Version 4.29 Build 1002
Packed Driver Detector Version 0.9
HijackThis Version 2.0 Build 2
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 181
Re: need help
« Reply #2 on: Apr 9th, 2009, 9:38am »		 Quote Quote  Modify Modify
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
 
Generated 04/09/2009 at 10:33 AM
 
Application Version : 4.26.1000
 
Core Rules Database Version : 3836
Trace Rules Database Version: 1792
 
Scan type  : Complete Scan
Total Scan Time : 00:12:27
 
Memory items scanned : 309
Memory threats detected   : 0
Registry items scanned    : 3901
Registry threats detected : 0
File items scanned   : 12114
File threats detected     : 7
 
Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.adrevolver[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[2].txt
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 504
Yahoo! Messenger Version 10.0.0 Build 542 Beta
YTK Enhanced Version 2.6 Build 70 Beta
Mozilla Firefox v3.5.3
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
Malwarebytes' Anti-Malware Version 1.41
TrojanHunter Version 5.2 Build 987
Netgear Router
SUPERAntiSpyware Professional Version 4.29 Build 1002
Packed Driver Detector Version 0.9
HijackThis Version 2.0 Build 2
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 181
Re: need help
« Reply #3 on: Apr 9th, 2009, 10:18am »		 Quote Quote  Modify Modify
ok this will not get out of my pc
 
Malwarebytes' Anti-Malware 1.36
Database version: 1958
Windows 5.1.2600 Service Pack 2
 
2009-04-09 11:15:36
mbam-log-2009-04-09 (11-15-36).txt
 
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 102589
Time elapsed: 25 minute(s), 12 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
(No malicious items detected)
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
(No malicious items detected)
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 504
Yahoo! Messenger Version 10.0.0 Build 542 Beta
YTK Enhanced Version 2.6 Build 70 Beta
Mozilla Firefox v3.5.3
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
Malwarebytes' Anti-Malware Version 1.41
TrojanHunter Version 5.2 Build 987
Netgear Router
SUPERAntiSpyware Professional Version 4.29 Build 1002
Packed Driver Detector Version 0.9
HijackThis Version 2.0 Build 2
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 181
Re: need help
« Reply #4 on: Apr 9th, 2009, 11:09am »		 Quote Quote  Modify Modify
i downloading a file i thought to be clean and when i open it i starting to get spyware trojan virus and alot more so i reformatting it 13 times hope toget the virus out and it still in my pc and like i said combofix will not work it restart my pc so im geussing there a virus in my pc that causeing it
« Last Edit: Apr 9th, 2009, 11:09am by Thomas » IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 504
Yahoo! Messenger Version 10.0.0 Build 542 Beta
YTK Enhanced Version 2.6 Build 70 Beta
Mozilla Firefox v3.5.3
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
Malwarebytes' Anti-Malware Version 1.41
TrojanHunter Version 5.2 Build 987
Netgear Router
SUPERAntiSpyware Professional Version 4.29 Build 1002
Packed Driver Detector Version 0.9
HijackThis Version 2.0 Build 2
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 181
Re: need help
« Reply #5 on: Apr 9th, 2009, 11:38am »		 Quote Quote  Modify Modify
TrojanHunter Scan Report - Saved 2009-04-09 12:34
 
Found trojan file: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe/hidec.exe (RiskTool.Hidec.100)
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe/catchme.cfexe
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe/ERDNT.e_e
Found trojan file: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe/Upx.mpgbaant/hidec.exe (RiskTool.Hidec.100)
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe/Upx.mpgbaant/catchme.cfexe
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe/Upx.mpgbaant/ERDNT.e_e
Warning: Unable to unpack UPX-packed file C:\Program Files\uTorrent\uTorrent.exe
Warning: Unable to unpack UPX-packed file C:\RECYCLER\S-1-5-21-2804305642-3032790-279461358-1009\Dc2\catchme.cfexe  
Warning: Unable to unpack UPX-packed file C:\RECYCLER\S-1-5-21-2804305642-3032790-279461358-1009\Dc2\ERDNT.e_e
Found trojan file: C:\RECYCLER\S-1-5-21-2804305642-3032790-279461358-1009\Dc2\hidec.exe (RiskTool.Hidec.100)
Warning: Unable to unpack UPX-packed file C:\RECYCLER\S-1-5-21-2804305642-3032790-279461358-1009\Dc9.exe
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11 d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Micro soft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.W eb.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.X ML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5 c561934e089_b7e97e18\System.Xml.dll
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.d ll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
Warning: Unable to unpack UPX-packed file D:\cmdcons\usbuhci.sy_/usbuhci.sys
Warning: Unable to unpack UPX-packed file D:\I386\SYSTEM32\drivers\USBUHCI.SYS
Warning: Unable to unpack UPX-packed file D:\MiniNT\system32\drivers\USBUHCI.SYS
Quarantined file C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
Unable to quarantine file C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe: Scheduling file to be quarantined when computer is restarted
Quarantined file C:\RECYCLER\S-1-5-21-2804305642-3032790-279461358-1009\Dc2\hidec.exe
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 504
Yahoo! Messenger Version 10.0.0 Build 542 Beta
YTK Enhanced Version 2.6 Build 70 Beta
Mozilla Firefox v3.5.3
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
Malwarebytes' Anti-Malware Version 1.41
TrojanHunter Version 5.2 Build 987
Netgear Router
SUPERAntiSpyware Professional Version 4.29 Build 1002
Packed Driver Detector Version 0.9
HijackThis Version 2.0 Build 2
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 6605
Re: need help
« Reply #6 on: Apr 9th, 2009, 12:54pm »		 Quote Quote  Modify Modify
1.  Your Hijackthis log is not showing any infections.
 
2.  SuperAntispyware only found tracking cookies which is no big deal.  
 
3.  TrojanHunter is finding Combofix.exe stuff which is normal.  You need to remove Combofix.exe before scanning with TrojanHunter.  
 
-  You can remove Combofix and all of its stored info by going to START>RUN and typing in Combofix /u and then clicking on OK.  Let Combofix fully remove itself.  It's icon on the desktop should disappear when the removal is completed.  
 
4.  Concerning MBAM finding:
 
Quote:
Registry Data Items Infected:  
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 
Please go to the link below.  
http://forums.cnet.com/5208-6132_102-0.html?threadID=337149
 
5.  Combofix typically reboots your computer as it is performing its detection/cleaning.  
 
-  Did you download and run the latest version of Combofix?  
 
-  Please post the Combofix log after it completes.    
 
6.  Did Avira find any infections to be removed?
 
 
 
« Last Edit: Apr 9th, 2009, 12:57pm by siliconman01 » IP Logged
______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V9; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2010. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.2, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 6605
Re: need help
« Reply #7 on: Apr 9th, 2009, 12:58pm »		 Quote Quote  Modify Modify
Can't you just post the Summary report of the Avira scan? I also posted amist the Avira data you are posting.
IP Logged
______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V9; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2010. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.2, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 181
Re: need help
« Reply #8 on: Apr 9th, 2009, 1:00pm »		 Quote Quote  Modify Modify
Beginning disinfection:
C:\hp\bin\
  KillIt.exe
    [DETECTION] Contains recognition pattern of the APPL/KillApp.A application
    [NOTE]      The file was moved to '4a4a2ed4.qua'!
C:\hp\bin\
  KillWind.exe
    [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application
    [NOTE]      The file was moved to '4a4a2ed5.qua'!
C:\RECYCLER\S-1-5-21-2804305642-3032790-279461358-1009\Dc2\
  psexec.cfexe
    [NOTE]      The file was moved to '4a432edf.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP18\
  A0003059.exe
    [DETECTION] Contains recognition pattern of the APPL/MyWay.A application
    [NOTE]      The file was moved to '4a0e2e9c.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP19\
  A0003686.exe
    [DETECTION] Contains recognition pattern of the DIAL/90112 dialer
    [NOTE]      The file was moved to '4cb8c25d.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP21\
  A0006023.exe
    [NOTE]      The file was moved to '4cb42a85.qua'!
D:\I386\Apps\APP07397\src\
  HPSummer2005.exe
    [DETECTION] Contains recognition pattern of the APPL/MyWay.A application
    [NOTE]      The file was moved to '4a312ebd.qua'!
 
 
End of the scan: 2009-04-09  13:20
Used time: 24:27 Minute(s)
 
The scan has been done completely.
 
   2416 Scanned directories
 213479 Files were scanned
7 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      7 Files were moved to quarantine
      0 Files were renamed
     29 Files cannot be scanned
 213443 Files not concerned
  12462 Archives were scanned
     38 Warnings
     50 Notes
  26623 Objects were scanned with rootkit scan
      0 Hidden objects were found
« Last Edit: Apr 9th, 2009, 1:03pm by Thomas » IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 504
Yahoo! Messenger Version 10.0.0 Build 542 Beta
YTK Enhanced Version 2.6 Build 70 Beta
Mozilla Firefox v3.5.3
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
Malwarebytes' Anti-Malware Version 1.41
TrojanHunter Version 5.2 Build 987
Netgear Router
SUPERAntiSpyware Professional Version 4.29 Build 1002
Packed Driver Detector Version 0.9
HijackThis Version 2.0 Build 2
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 6605
Re: need help
« Reply #9 on: Apr 9th, 2009, 1:00pm »		 Quote Quote  Modify Modify
Why are you posting all of the Avira scan detailed data?  Did Avira find any infections?
 
Scroll back up and see my two posts.  It looks Avira found and quarantined items.
« Last Edit: Apr 9th, 2009, 1:02pm by siliconman01 » IP Logged
______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V9; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2010. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.2, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 181
Re: need help
« Reply #10 on: Apr 9th, 2009, 1:07pm »		 Quote Quote  Modify Modify
i just want find this virus and get it out
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 504
Yahoo! Messenger Version 10.0.0 Build 542 Beta
YTK Enhanced Version 2.6 Build 70 Beta
Mozilla Firefox v3.5.3
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
Malwarebytes' Anti-Malware Version 1.41
TrojanHunter Version 5.2 Build 987
Netgear Router
SUPERAntiSpyware Professional Version 4.29 Build 1002
Packed Driver Detector Version 0.9
HijackThis Version 2.0 Build 2
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 6605
Re: need help
« Reply #11 on: Apr 9th, 2009, 1:13pm »		 Quote Quote  Modify Modify
So how is your computer running now?
IP Logged
______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V9; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2010. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.2, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 181
Re: need help
« Reply #12 on: Apr 9th, 2009, 1:14pm »		 Quote Quote  Modify Modify
on Apr 9th, 2009, 12:54pm, siliconman01 wrote:
1.  Your Hijackthis log is not showing any infections.
 
2.  SuperAntispyware only found tracking cookies which is no big deal.  
 
3.  TrojanHunter is finding Combofix.exe stuff which is normal.  You need to remove Combofix.exe before scanning with TrojanHunter.  
 
-  You can remove Combofix and all of its stored info by going to START>RUN and typing in Combofix /u and then clicking on OK.  Let Combofix fully remove itself.  It's icon on the desktop should disappear when the removal is completed.  
 
4.  Concerning MBAM finding:
 
 
Please go to the link below.  
http://forums.cnet.com/5208-6132_102-0.html?threadID=337149
 
5.  Combofix typically reboots your computer as it is performing its detection/cleaning.  
 
-  Did you download and run the latest version of Combofix?  
 
-  Please post the Combofix log after it completes.    
 
6.  Did Avira find any infections to be removed?
 
 
 

 
i can not post the combofix log
 
it say it scanning for bad files then after that my pc shut it self off without combofix completeing itself
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 504
Yahoo! Messenger Version 10.0.0 Build 542 Beta
YTK Enhanced Version 2.6 Build 70 Beta
Mozilla Firefox v3.5.3
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
Malwarebytes' Anti-Malware Version 1.41
TrojanHunter Version 5.2 Build 987
Netgear Router
SUPERAntiSpyware Professional Version 4.29 Build 1002
Packed Driver Detector Version 0.9
HijackThis Version 2.0 Build 2
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 6605
Re: need help
« Reply #13 on: Apr 9th, 2009, 1:20pm »		 Quote Quote  Modify Modify
Okay,  uninstall Combofix as I explained how to earlier..  Sometimes Combofix has problems running on various computer hardware/software combinations
 
It looks like Avira found various infections and quarantined them.  
 
Did you understand the link concerning MBAM?
IP Logged
______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V9; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2010. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.2, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 181
Re: need help
« Reply #14 on: Apr 9th, 2009, 1:20pm »		 Quote Quote  Modify Modify
on Apr 9th, 2009, 1:13pm, siliconman01 wrote:
So how is your computer running now?

 
i don't think you want know what my reply to that is
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 504
Yahoo! Messenger Version 10.0.0 Build 542 Beta
YTK Enhanced Version 2.6 Build 70 Beta
Mozilla Firefox v3.5.3
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
Malwarebytes' Anti-Malware Version 1.41
TrojanHunter Version 5.2 Build 987
Netgear Router
SUPERAntiSpyware Professional Version 4.29 Build 1002
Packed Driver Detector Version 0.9
HijackThis Version 2.0 Build 2
Pages: 1 2 3  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register