taken over by fake scan

View previous topic View next topic Go down

taken over by fake scan

Post by 3dsoundz on Wed 25 May 2011, 9:25 am

allof a sudden my vista pc got taken over by fake virus scan n i lost all my program icons so please help with it also i cannot scan anything on that computer

3dsoundz

Rookie Surfer
Rookie Surfer

Posts : 127
Joined : 2009-10-26
Operating System : win xp sp3

View user profile

Back to top Go down

Re: taken over by fake scan

Post by 3dsoundz on Wed 25 May 2011, 12:56 pm

did scan with mbam in safe mode, found 34 infections which i cleaned and than did system restore which helped me get some of my important software back running in regular mode. please instruct me what to do next. Thank u

3dsoundz

Rookie Surfer
Rookie Surfer

Posts : 127
Joined : 2009-10-26
Operating System : win xp sp3

View user profile

Back to top Go down

Re: taken over by fake scan

Post by DragonMaster Jay on Wed 25 May 2011, 9:36 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: taken over by fake scan

Post by 3dsoundz on Mon 30 May 2011, 12:24 pm

trying to do the scan but now problem is that out of nowhere pc keeps turning off or freeze n dosnt let combofix finish the scan, tryin to run combofix in safe mode but its not wrorking so......

3dsoundz

Rookie Surfer
Rookie Surfer

Posts : 127
Joined : 2009-10-26
Operating System : win xp sp3

View user profile

Back to top Go down

Re: taken over by fake scan

Post by 3dsoundz on Mon 30 May 2011, 1:32 pm

got the scan done in safe mode
ComboFix 11-05-29.01 - mayank 05/29/2011 21:14:46.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1469 [GMT -5:00]
Running from: c:\users\mayank\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\jusched.exe
c:\windows\system32\Microsoft
c:\windows\system32\Microsoft\Protect\S-1-5-18\0d0096d5-9ede-4a19-bace-3aa0ba7157c9
c:\windows\system32\Microsoft\Protect\S-1-5-18\0f181f86-6d62-4794-9b05-16d158f7a9e2
c:\windows\system32\Microsoft\Protect\S-1-5-18\1e00adf8-8add-4902-a56b-9f2638596875
c:\windows\system32\Microsoft\Protect\S-1-5-18\4630b327-2b69-4f21-9428-bddff60677f2
c:\windows\system32\Microsoft\Protect\S-1-5-18\482595a7-03b1-49a4-aa4f-6095b67165c1
c:\windows\system32\Microsoft\Protect\S-1-5-18\4a7a6092-2dea-477a-806c-fc6ba5afbadc
c:\windows\system32\Microsoft\Protect\S-1-5-18\6629b5e2-a20f-4ba9-917a-2078f07de3aa
c:\windows\system32\Microsoft\Protect\S-1-5-18\7396c3f2-6268-4472-b4d5-210e1950aae4
c:\windows\system32\Microsoft\Protect\S-1-5-18\7e7bcd4b-9930-4dab-b195-b4259b18fcfb
c:\windows\system32\Microsoft\Protect\S-1-5-18\812b47ff-71b3-4da4-81be-e39cfd9becb2
c:\windows\system32\Microsoft\Protect\S-1-5-18\81f3ccaf-2c87-4e66-99dd-ca7e44c6bc06
c:\windows\system32\Microsoft\Protect\S-1-5-18\85c62699-56d3-43e9-abc5-72cef74e50a2
c:\windows\system32\Microsoft\Protect\S-1-5-18\866389ac-860f-4335-ae26-96f7b39b9405
c:\windows\system32\Microsoft\Protect\S-1-5-18\97f71106-ba49-40f2-b7a3-2ec246a7265c
c:\windows\system32\Microsoft\Protect\S-1-5-18\99a168d0-6213-4a61-8038-fb2e622d167d
c:\windows\system32\Microsoft\Protect\S-1-5-18\cf762110-105d-4ea7-b522-63b3a03cf955
c:\windows\system32\Microsoft\Protect\S-1-5-18\eb74a6c2-b4f7-43a0-9046-57da0f7c9b00
c:\windows\system32\Microsoft\Protect\S-1-5-18\Preferred
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\1881eeba-dca8-4e6e-870e-3908813cb91b
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\3a73ce8c-0817-43b2-a3de-385da2bd86d5
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\42e511c7-5898-46b1-9a6d-d799be1e2ce5
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\6be6a5ea-f8ed-4920-b380-2380a6e5fe52
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\85e2fc3e-d29e-49ff-ab57-768d9f341d6f
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\bc84518f-24d5-4ab2-b04c-30737b74d02d
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\cc7dceb2-efac-4cdc-93ce-39165f2228ec
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\ce480948-583e-4ba6-88af-f374dd3fde1a
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\cfa006c9-d779-4471-86af-91cf9f129da4
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\Preferred
c:\windows\system32\Microsoft\Protect\S-1-5-20\f13252fa-9940-4fe7-8994-53a83fd6e291
c:\windows\system32\Microsoft\Protect\S-1-5-20\Preferred
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-29 23:23 . 2011-05-29 23:24 -------- d-----w- c:\users\UpdatusUser
2011-05-29 23:19 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-29 23:19 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-29 23:19 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-29 23:19 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-29 23:19 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-29 23:19 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-29 23:19 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-29 22:58 . 2011-05-29 23:24 -------- d-----w- c:\program files\NVIDIA Corporation
2011-05-29 22:57 . 2011-05-29 22:57 -------- d-----w- C:\NVIDIA
2011-05-29 22:09 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 22:09 . 2011-05-29 22:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 22:09 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 22:04 . 2011-05-29 22:04 -------- d-----w- c:\program files\SystemRequirementsLab
2011-05-29 22:01 . 2011-05-29 22:01 -------- d-----w- c:\program files\Freemake
2011-05-13 16:15 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-12 21:55 . 2011-05-12 21:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 13:17 . 2011-02-04 16:24 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-08 05:14 . 2011-05-29 23:19 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2009-10-31 00:01 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2009-10-31 00:01 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2007-07-07 04:15 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2007-07-07 04:15 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-08 03:45 . 2011-04-08 03:45 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 03:45 . 2011-04-08 03:45 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-08 03:45 . 2011-04-08 03:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 03:44 . 2011-04-08 03:44 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 03:44 . 2011-04-08 03:44 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-04-06 15:46 . 2011-04-06 15:46 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-06 15:46 . 2011-04-06 15:46 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-06 15:46 . 2011-04-06 15:46 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 15:46 . 2011-04-06 15:46 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 15:46 . 2011-04-06 15:46 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-06 15:46 . 2011-04-06 15:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-06 15:46 . 2011-04-06 15:46 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-06 15:46 . 2011-04-06 15:46 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-06 15:46 . 2011-04-06 15:46 367104 ----a-w- c:\windows\system32\html.iec
2011-04-06 15:46 . 2011-04-06 15:46 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-06 15:46 . 2011-04-06 15:46 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-06 15:46 . 2011-04-06 15:46 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-06 15:46 . 2011-04-06 15:46 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-06 15:46 . 2011-04-06 15:46 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-06 15:46 . 2011-04-06 15:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-06 15:46 . 2011-04-06 15:46 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-06 15:46 . 2011-04-06 15:46 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-06 15:46 . 2011-04-06 15:46 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-06 15:46 . 2011-04-06 15:46 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-06 15:46 . 2011-04-06 15:46 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 15:46 . 2011-04-06 15:46 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-12 21:55 . 2011-04-28 12:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-14 13:28 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 13:28 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 13:28 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 12:55 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-28 12:55 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 12:55 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 12:55 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 12:55 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-28 12:55 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-14 13:28 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 13:28 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 1783400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-10-05 55072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"CPMonitor"="c:\users\mayank\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-31 14:13 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 136176]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-03 25600]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-04-02 20376]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-31 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 14:58]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 14:58]
.
2011-05-14 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-05-14 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
.
2010-08-17 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-29 21:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1968)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
Completion time: 2011-05-29 21:23:59
ComboFix-quarantined-files.txt 2011-05-30 02:23
.
Pre-Run: 290,985,660,416 bytes free
Post-Run: 290,920,112,128 bytes free
.
- - End Of File - - 80DA876206014648769F4BC0EC68B0EF

3dsoundz

Rookie Surfer
Rookie Surfer

Posts : 127
Joined : 2009-10-26
Operating System : win xp sp3

View user profile

Back to top Go down

Re: taken over by fake scan

Post by DragonMaster Jay on Tue 31 May 2011, 5:58 am

Scan for malware

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: taken over by fake scan

Post by 3dsoundz on Wed 08 Jun 2011, 12:40 pm

DMJ sorry for not coming back with the scan result, the reason is that computer is not staying on for more than 2-3 mins even in safe mode, so please tell me the solution for that.....thank u

3dsoundz

Rookie Surfer
Rookie Surfer

Posts : 127
Joined : 2009-10-26
Operating System : win xp sp3

View user profile

Back to top Go down

Re: taken over by fake scan

Post by DragonMaster Jay on Thu 09 Jun 2011, 2:22 pm

Make sure all of the hardware inside and outside is hooked correctly, and the power supply unit is still functioning normally (fan running, plugged in correctly, etc).


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: taken over by fake scan

Post by 3dsoundz on Mon 13 Jun 2011, 2:08 am

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 6841

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/12/2011 10:05:35 AM
mbam-log-2011-06-12 (10-05-35).txt

Scan type: Quick scan
Objects scanned: 172520
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3dsoundz

Rookie Surfer
Rookie Surfer

Posts : 127
Joined : 2009-10-26
Operating System : win xp sp3

View user profile

Back to top Go down

Re: taken over by fake scan

Post by Sponsored content Today at 9:28 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum