Jump to content

Recommended Posts

Good evening all. i really need your help with this one. This is a co-workers DELL mini Ispiron (intel ATOM) w/ Windows7 Starter.

other than that i know nothing else so blease understand.

Malwarebytes-program_error_updating (12029, 0, WinHttpSendRequest)

Windows Updates (cannot update)-code 80072efe

Here are the logs as requested:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5363

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/29/2010 6:33:40 PM

mbam-log-2010-12-29 (18-33-40).txt

Scan type: Full scan (C:\|)

Objects scanned: 209017

Time elapsed: 42 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS

DDS (Ver_10-12-12.02) - NTFSx86

Run by Moniece at 19:08:18.01 on Wed 12/29/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.410 [GMT -8:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Dell\DellComms\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\WSED\WSED.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Battery Meter\BTMeter.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\CapsLKNotify\CapsLKNotify.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Moniece\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KDRHZJM\dds[1].com

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = Preserve

uInternet Settings,ProxyServer = http=127.0.0.1:59274

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.0.30\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [igfxExt] c:\windows\system32\IgfxExt.exe /RegServer

mRun: [WSED] c:\program files\wsed\WSED.exe

mRun: [<NO NAME>]

mRun: [bTMeter] c:\program files\battery meter\BTMeter.exe

mRun: [broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe

mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [DellComms] "c:\program files\dell\dellcomms\bin\sprtcmd.exe" /P DellComms

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware2\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\moniece\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\moniece\appdata\roaming\mozilla\firefox\profiles\4wj0vya7.default\

FF - plugin: c:\program files\microsoft silverlight\2.0.31005.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-6-26 13680]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-12-19 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-12-19 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-12-19 482432]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101215.001\IDSvix86.sys [2010-12-18 353912]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-9-14 81920]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-29 363344]

R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\dell\dellcomms\bin\sprtsvc.exe [2009-5-5 206064]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-14 143840]

R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-9-14 94720]

R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2009-9-14 635168]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-14 122880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-29 20952]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-14 165888]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-14 167936]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-12-19 48688]

S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-12-19 117640]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-19 102448]

=============== Created Last 30 ================

2010-12-30 01:47:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-30 01:47:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-30 01:47:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-29 20:24:56 -------- d-----w- c:\users\moniece\appdata\local\Mozilla

2010-12-29 20:24:43 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 8

2010-12-21 21:46:09 388096 ----a-r- c:\users\moniece\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-12-21 21:46:09 -------- d-----w- c:\program files\Trend Micro

2010-12-21 21:28:07 -------- d-----w- c:\program files\Microsoft Security Client

2010-12-21 21:27:54 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2010-12-21 21:27:54 1285000 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-12-21 21:03:38 -------- d-----w- c:\users\moniece\appdata\local\Diagnostics

2010-12-21 20:40:33 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2910c933-89e6-4254-ade6-c2dd73d544a9}\mpengine.dll

2010-12-19 19:13:38 -------- d-----w- c:\users\moniece\appdata\roaming\Malwarebytes

2010-12-19 19:06:30 -------- d-----w- c:\progra~2\Malwarebytes

2010-12-19 18:14:15 48688 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symndisv.sys

2010-12-19 18:14:15 36400 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symndis.sys

2010-12-19 18:14:15 217136 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symtdi.sys

2010-12-19 18:14:14 89904 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symfw.sys

2010-12-19 18:14:14 43696 ----a-w- c:\windows\system32\drivers\nis\1008000.029\srtspx.sys

2010-12-19 18:14:14 33072 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symids.sys

2010-12-19 18:14:14 310320 ----a-w- c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys

2010-12-19 18:14:14 308272 ----a-w- c:\windows\system32\drivers\nis\1008000.029\srtsp.sys

2010-12-19 18:14:14 259632 ----a-w- c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys

2010-12-19 18:13:52 482432 ----a-w- c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys

2010-12-19 18:13:49 -------- d-----w- c:\windows\system32\drivers\nis\1008000.029

2010-12-19 18:06:40 -------- d-----w- c:\progra~2\Symantec

2010-12-18 22:14:33 -------- d-----w- c:\users\moniece\appdata\local\SupportSoft

2010-12-18 22:12:01 -------- d-----w- c:\users\moniece\appdata\roaming\Dell

2010-12-18 22:11:30 -------- d-----w- c:\users\moniece\appdata\local\Stardock_Corporation

2010-12-18 21:56:49 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2010-12-18 21:56:26 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-12-18 21:56:15 -------- d-----w- c:\program files\Symantec

2010-12-18 21:56:15 -------- d-----w- c:\program files\common files\Symantec Shared

==================== Find3M ====================

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600 Disk: WDC_WD1600BEVT-75ZCT2 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84315555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8431b7b0]; MOV EAX, [0x8431b82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x81850458] -> \Device\Harddisk0\DR0[0x842F44D0]

3 CLASSPNP[0x8600459E] -> ntkrnlpa!IofCallDriver[0x81850458] -> [0x84223918]

5 ACPI[0x85EA53B2] -> ntkrnlpa!IofCallDriver[0x81850458] -> \IdeDeviceP0T0L0-0[0x8421C610]

\Driver\atapi[0x842F53D8] -> IRP_MJ_CREATE -> 0x84315555

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD1600BEVT-75ZCT2___________________11.01A11#5&3525fcc3&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user != kernel MBR !!!

sectors 312581806 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 19:10:21.15 ===============

Please let me know if i missed anything. ART

ark___attach.zip

Link to post
Share on other sites

Hello DJ_I_AM! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Open Notepad and copy and paste next in it:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-

Save this as fix.reg . Choose to save as All Files and place it on your desktop. It should look like this: reg.gif

Doubleclick on it and when it asks you, click Yes and then OK button.

Then reboot your computer to apply the changes.

Step 2

Please download and run WUS_Fix.exe: http://users.telenet.be/marcvn/tools/WUS_Fix.exe

This should restore the default registry settings related with BITS and Automatic updates.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

Hello DJ_I_AM! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Open Notepad and copy and paste next in it:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-

Save this as fix.reg . Choose to save as All Files and place it on your desktop. It should look like this: reg.gif

Doubleclick on it and when it asks you, click Yes and then OK button.

Then reboot your computer to apply the changes.

Step 2

Please download and run WUS_Fix.exe: http://users.telenet.be/marcvn/tools/WUS_Fix.exe

This should restore the default registry settings related with BITS and Automatic updates.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Thank you. And here are those reports

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5424

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/30/2010 1:21:05 PM

mbam-log-2010-12-30 (13-20-45).txt

Scan type: Full scan (C:\|)

Objects scanned: 208432

Time elapsed: 50 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\qnpn7rjv93lf (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

AND AFTER REMOVAL/Quarantine:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5424

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/30/2010 1:21:10 PM

mbam-log-2010-12-30 (13-21-10).txt

Scan type: Full scan (C:\|)

Objects scanned: 208432

Time elapsed: 50 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\qnpn7rjv93lf (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS Attached

THANK YOU AHEAD OF TIME FOR YOUR TIME.

Attach.zip

Link to post
Share on other sites

  • 2 weeks later...
Try again and this time use Quick Scan, please.

Sorry buddy Thanks for the help but the person was in direr need of this net book back and settled for a wipe out and clean install of her os which went well .. thanks anyways as your guys help is always appreciated! Which i could have helped you help me but the response time is to slow to be honest. ( no offense ) hey great minds aint plenty full or we would all fix our own issues..LOL Keep it up Maniac

Link to post
Share on other sites

Glad we could help. :P

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.