C:\resycled\boot.com (probems with this)

View previous topic View next topic Go down

Solved C:resycledboot.com (probems with this)

Post by fendy3 on Mon Dec 29, 2008 4:36 am

Hi

I have a problem with C:\resycled\boot.com. This same problem was posted sometime ago when this problem did not existed on my laptop.

I cannot access my C drive nor my external drive as well.

Along side this problem, I have or had problems with 'Troj/Rustok-N'. I believe it still exist on my computer.

I received C:\resycled\boot.com when trying to delete 'Troj/Rustok-N' with Malwarebytes. I have a log of this scan(full) and will post it when told to do so by the person that will be assisting me on this matter.

It is my belief, that I received these terrible problems, through something that I was once strongly against(torrents or file sharing). I am regathering that same insight I once had before.

LESSON LEARN!!

You have my honesty and I hombly ask for your expertise.

Any help to resolved these problems would be most appreciated and thanks in advance.


Last edited by fendy3 on Mon Dec 29, 2008 5:03 pm; edited 2 times in total

fendy3
Novice
Novice

Posts Posts : 35
Joined Joined : 2008-12-27
OS OS : winXP, win7
Protection Protection : McAfee
Points Points : 29199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by Belahzur on Mon Dec 29, 2008 1:03 pm

Hello.
Please read here and post a Hijack This log.

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by fendy3 on Mon Dec 29, 2008 4:05 pm

Hi and thanks for responding.

Here's the hijack log below:

-----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:38 PM, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AM Browser\AM Browser.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\DeWayne Fenderson\Desktop\OTMoveIt3.exe
C:\Program Files\AM Browser\AM Browser.exe
C:\Documents and Settings\DeWayne Fenderson\Desktop\hijackgpthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

fendy3
Novice
Novice

Posts Posts : 35
Joined Joined : 2008-12-27
OS OS : winXP, win7
Protection Protection : McAfee
Points Points : 29199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by Belahzur on Mon Dec 29, 2008 4:26 pm

Hello.
I need to see what's installed on this machine.


  • Open HijackThis
  • Click "Open the Misc Tools section"
  • Click "Open Uninstall Manager"
  • Click "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by fendy3 on Mon Dec 29, 2008 4:55 pm

This is the uninstall list below:

-------------------------------------


Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AM Browser version 2.0.1
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 440x 10/100 Integrated Controller
CCScore
Conexant HDA D110 MDC V.92 Modem
DAEMON Tools Toolbar
Dell Resource CD
Dell Wireless WLAN Card
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eyeQ
FX AccuCharts
GemMaster Mystic
Global Trading System Pro
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hermes
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Intel(R) PROSet/Wireless Software
Interbank FX Trader 4 4.00
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
Java(TM) 6 Update 7
kgcbase
Kodak EasyShare software
Magic ISO Maker v5.5 (build 0273)
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
MediaDirect
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Report Viewer Redistributable 2005
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
mZConfig
netbrdg
OfotoXMI
Otto
OutlookAddinSetup
P2P_Energy Toolbar
PDF Settings
PowerISO
QuickSet
QuickTime
Safari
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SFR
SHASTA
SigmaTel Audio
skin0001
SKINXSDK
Sonic Encoders
staticcr
Synaptics Pointing Device Driver
tooltips
TorrentPrivacy 1.2.7.0
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
UseNeXT
VPRINTOL
Windows Imaging Component
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Service Pack 3
WinRAR archiver
WIRELESS

----------------------------------------------------------------------

This is what I got from hijack uninstall

fendy3
Novice
Novice

Posts Posts : 35
Joined Joined : 2008-12-27
OS OS : winXP, win7
Protection Protection : McAfee
Points Points : 29199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by Belahzur on Mon Dec 29, 2008 4:59 pm

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • J2SE Runtime Environment 5.0 Update 6
  • Java(TM) 6 Update 7
  • P2P_Energy Toolbar


You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) [You must be registered and logged in to see this link.]
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) [You must be registered and logged in to see this link.]
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Since MBAM is already on the system, lets use that.


  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by fendy3 on Mon Dec 29, 2008 9:16 pm

Sorry for taking so long to reply, another matter came up.

Here's the MBAM log below:

----------------------------------------------------------------



Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/29/2008 3:10:50 PM
mbam-log-2008-12-29 (15-10-50).txt

Scan type: Quick Scan
Objects scanned: 51596
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------

Nothing was found, even after the update and the problem still exist.

fendy3
Novice
Novice

Posts Posts : 35
Joined Joined : 2008-12-27
OS OS : winXP, win7
Protection Protection : McAfee
Points Points : 29199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by Belahzur on Mon Dec 29, 2008 9:20 pm

Hello.
The resycled malware infects external drives, so if you have any external drives or USB drives, please plug them in and do this.


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Please disable your local AV (Anti-virus) by right clicking it's icon in the tray, and exit it.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by fendy3 on Mon Dec 29, 2008 9:57 pm

Back again with Combofix log.

After running it, I am now able to access both my internal and external drives, but 'Troj/Rustok-N' still exist.

Here the Combofix log below(really long):

------------------------------------------------------------------------------------------------



ComboFix 08-12-28.04 - DeWayne Fenderson 2008-12-29 15:46:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.608 [GMT -6:00]
Running from: c:\documents and settings\DeWayne Fenderson\Desktop\ComboFix33.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
G:\Autorun.inf
G:\resycled
g:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.

2008-12-29 02:29 . 2008-12-29 02:29 d-------- C:\Rustbfix
2008-12-29 01:40 . 2008-12-29 01:40 d-------- C:\fsaua.data
2008-12-27 11:09 . 2008-12-27 11:09 d-------- c:\program files\Safari
2008-12-27 02:13 . 2008-12-27 02:13 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 02:13 . 2008-12-27 02:13 d-------- c:\documents and settings\DeWayne Fenderson\Application Data\Malwarebytes
2008-12-27 02:13 . 2008-12-27 02:13 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-27 02:13 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 02:13 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-20 15:27 . 2008-12-20 15:27 d-------- c:\program files\MagicISO
2008-12-19 15:39 . 2008-12-19 15:39 d-------- c:\documents and settings\DeWayne Fenderson\Application Data\UseNeXT
2008-12-19 15:38 . 2008-12-19 15:39 d-------- c:\program files\UseNeXT
2008-12-17 23:28 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-12-17 23:28 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2008-12-17 23:28 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-12-17 23:28 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2008-12-17 23:28 . 2008-04-13 18:09 6,144 --a------ c:\windows\system32\kbd106.dll
2008-12-17 23:28 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-12-17 23:28 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-12-17 23:28 . 2008-04-13 18:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2008-12-17 23:28 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2008-12-17 23:28 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2008-12-17 23:28 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-12-17 23:28 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2008-12-17 17:17 . 2008-12-27 02:11 d-------- c:\documents and settings\DeWayne Fenderson\Application Data\Eltima Software
2008-12-15 19:52 . 2008-12-28 21:27 d-------- c:\documents and settings\DeWayne Fenderson\Application Data\Hermes
2008-12-15 19:51 . 2008-12-15 19:52 d-------- c:\program files\Hermes
2008-12-13 18:46 . 2008-12-16 21:40 d-------- C:\Torrentprivacy
2008-12-13 17:17 . 2008-12-13 17:17 d-------- c:\program files\uTorrent
2008-12-08 01:14 . 2008-12-08 01:33 d-------- c:\documents and settings\DeWayne Fenderson\Application Data\Professional
2008-12-08 01:13 . 2008-12-08 01:13 d-------- c:\windows\Downloaded Installations
2008-12-08 01:13 . 2008-12-08 01:13 d-------- c:\program files\FX
2008-12-07 13:30 . 2008-12-07 13:30 d-------- c:\program files\Common Files\Adobe AIR
2008-12-07 13:28 . 2008-12-08 11:35 d-------- c:\program files\NOS
2008-12-07 13:28 . 2008-12-08 11:35 d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-06 20:48 . 2008-12-07 13:23 d-------- c:\documents and settings\DeWayne Fenderson\Application Data\U3
2008-12-03 17:34 . 2008-12-03 20:29 d-------- c:\program files\fxsolutions
2008-11-30 20:52 . 2008-11-30 20:52 d-------- c:\program files\Enigma Software Group
2008-11-30 20:34 . 2008-11-30 20:38 d-------- c:\documents and settings\DeWayne Fenderson\Application Data\Uniblue
2008-11-30 20:34 . 2008-11-30 20:38 d-------- c:\documents and settings\All Users\Application Data\DriverScanner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 17:05 --------- d-----w c:\program files\Java
2008-12-16 04:28 --------- d-----w c:\program files\RGB
2008-12-16 04:22 --------- d-----w c:\program files\Common Files\Adobe
2008-12-14 00:48 --------- d-----w c:\documents and settings\DeWayne Fenderson\Application Data\uTorrent
2008-11-28 21:26 --------- d-----w c:\program files\Google
2008-11-28 20:15 --------- d-----w c:\documents and settings\All Users\Application Data\GoBit Games
2008-11-28 09:29 --------- d-----w c:\program files\FXTraderLog
2008-11-28 09:22 --------- d-----w c:\program files\SQLite ODBC Driver
2008-11-27 09:01 --------- d-----w c:\program files\MSXML 4.0
2008-11-26 12:49 --------- d-----w c:\program files\iTunes
2008-11-26 12:49 --------- d-----w c:\documents and settings\DeWayne Fenderson\Application Data\Apple Computer
2008-11-26 12:49 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 12:48 --------- d-----w c:\program files\QuickTime
2008-11-26 12:48 --------- d-----w c:\program files\iPod
2008-11-26 12:48 --------- d-----w c:\program files\Bonjour
2008-11-26 12:47 --------- d-----w c:\program files\Common Files\Apple
2008-11-26 12:47 --------- d-----w c:\program files\Apple Software Update
2008-11-26 12:47 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-26 12:47 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-26 12:43 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-26 11:58 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-26 11:46 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-26 11:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 11:34 --------- d-----w c:\program files\Infinite Mind LC
2008-11-26 11:00 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-11-26 10:56 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-26 10:56 --------- d-----w c:\documents and settings\DeWayne Fenderson\Application Data\DAEMON Tools
2008-11-26 10:55 --------- d-----w c:\program files\PowerISO
2008-11-26 10:55 --------- d-----w c:\program files\AM Browser
2008-11-26 10:49 --------- d-----w c:\program files\Interbank FX Trader 4
2008-11-26 10:42 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-26 10:39 --------- d-----w c:\program files\Microsoft.NET
2008-11-26 10:05 --------- d-----w c:\documents and settings\DeWayne Fenderson\Application Data\Skinux
2008-11-26 10:03 --------- d-----w c:\program files\Kodak
2008-11-26 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2008-11-26 10:02 --------- d-----w c:\program files\Common Files\Kodak
2008-11-26 09:45 --------- d-----w c:\program files\CyberLink
2008-11-26 09:45 --------- d-----w c:\documents and settings\All Users\Application Data\Dell
2008-11-26 09:45 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-26 09:44 --------- d-----w c:\program files\Dell
2008-11-26 05:09 --------- d-----w c:\program files\Broadcom
2008-11-26 05:08 --------- d-----w c:\program files\Synaptics
2008-11-26 05:08 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-26 05:07 --------- d-----w c:\program files\CONEXANT
2008-11-26 05:06 --------- d-----w c:\program files\SigmaTel
2008-11-26 04:30 --------- d-----w c:\program files\GemMaster
2008-11-26 04:30 --------- d-----w c:\program files\EnglishOtto
2008-11-26 04:19 --------- d-----w c:\program files\microsoft frontpage
2008-11-26 04:12 --------- d-----w c:\program files\Windows Plus
2008-11-26 03:24 5 ----a-w c:\windows\system32\drivers\DELL_XPS_MM061 .MRK
2008-11-26 03:24 5 ----a-w c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK
2008-11-26 03:21 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-26 03:21 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel
2008-11-26 03:21 --------- d-----w c:\documents and settings\DeWayne Fenderson\Application Data\Intel
2008-11-26 03:21 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-11-26 03:20 --------- d-----w c:\program files\Intel
2008-11-26 03:15 --------- d-----w c:\program files\Modem Helper
2008-11-10 11:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-29 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-23 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-23 385024]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-07-07 282624]
MiniEYE-MiniREAD Launch.lnk - c:\program files\Infinite Mind LC\eyeQ\ARLaunch.exe [2008-11-26 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-23 00:46 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Torrentprivacy\\Torrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Torrentprivacy\\SSHTunel.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)


*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-24 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 18:12]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\GoBitGamesPlayer.dll - O16 -: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429}
[You must be registered and logged in to see this link.]
c:\windows\Downloaded Program Files\GoBitGamesPlayer.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-29 15:48:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxxhopavbd.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1096)
c:\windows\System32\BCMLogon.dll
c:\windows\System32\MSVCP71.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2008-12-29 15:49:13
ComboFix-quarantined-files.txt 2008-12-29 21:49:11

Pre-Run: 57,909,321,728 bytes free
Post-Run: 58,268,319,744 bytes free

216 --- E O F --- 2008-12-18 09:00:51

fendy3
Novice
Novice

Posts Posts : 35
Joined Joined : 2008-12-27
OS OS : winXP, win7
Protection Protection : McAfee
Points Points : 29199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by Belahzur on Mon Dec 29, 2008 10:06 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
msqpdxserv.sys

File::
c:\WINDOWS\system32\drivers\msqpdxxhopavbd.sys

Folder::
C:\Rustbfix

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by fendy3 on Mon Dec 29, 2008 10:30 pm

Ok I did what you have instructed me to do, but it tells me that I do not have the recovery console and then it asks if I want to install it.

I said yes. It then started to download it, but stopped shortly after and the computer said that it has to shutdown in order not to cause harm to itself.

The computer also said that it needed to do a physical memory dump and that I should restart windows in safemode.

What should I do from here?

fendy3
Novice
Novice

Posts Posts : 35
Joined Joined : 2008-12-27
OS OS : winXP, win7
Protection Protection : McAfee
Points Points : 29199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by Belahzur on Mon Dec 29, 2008 10:32 pm

Eeek.
I fear the machine may refuse to boot from this point, but see if you can get into safe mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by fendy3 on Mon Dec 29, 2008 10:46 pm

Ok, I will try to do that.

Here is what it said: IRQL_NOT_LESS_OR_EQUAL

I don't know it that means anything or not.

Also, I tried to download the recovery console from Microsoft's site and it would not download.

It said, "This program cannot display the webpage".

Let me try to get into safemode and try the fix.

By the way, it still reboots, as you can see. Smile

fendy3
Novice
Novice

Posts Posts : 35
Joined Joined : 2008-12-27
OS OS : winXP, win7
Protection Protection : McAfee
Points Points : 29199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by Belahzur on Mon Dec 29, 2008 10:56 pm

Glad it still boots.
Don't use combofix, we'll try something else.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :processes
    explorer.exe

    :services
    msqpdxserv.sys

    :files
    c:\WINDOWS\system32\drivers\msqpdxxhopavbd.sys
    C:\Rustbfix

    :reg
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]



  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by fendy3 on Mon Dec 29, 2008 11:35 pm

Belahzur!!! You are Da Man!! Hooray! Right On!

You and I are friends 4life. My Buddy

Cheers Mate Cheers to you!

It worked as you can see. Thanks so much for your help.

If theres anything that I can do for you, please let me know.

Also, if I'm suppose to leave you some feed back, I will do it, just tell me how and where and who to post it.

You'z need me bump someone off Boss? (Gunsmoke)


Thanks again for your expertise. Problem solved!:victory:

fendy3
Novice
Novice

Posts Posts : 35
Joined Joined : 2008-12-27
OS OS : winXP, win7
Protection Protection : McAfee
Points Points : 29199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by Belahzur on Mon Dec 29, 2008 11:44 pm

Haha.
We can plan world takeover. LMBO or ROFL

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by fendy3 on Mon Dec 29, 2008 11:54 pm

Take over the world, huh? Let me think ...............

When do we start. LOL Banner

Here's the OTMoveIt log below:

---------------------------------------------------
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service msqpdxserv.sys .
========== FILES ==========
c:\WINDOWS\system32\drivers\msqpdxxhopavbd.sys moved successfully.
C:\Rustbfix moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys\\ deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_8c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12292008_171544
Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_8c.dat not found!

fendy3
Novice
Novice

Posts Posts : 35
Joined Joined : 2008-12-27
OS OS : winXP, win7
Protection Protection : McAfee
Points Points : 29199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by Belahzur on Tue Dec 30, 2008 12:03 am

Looks good.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by fendy3 on Tue Dec 30, 2008 12:54 am

Ok, thanks for all the help. It was most appreciated.

Also, thanks again for your expertise and lotz of thanks for your patience with a newby like me.

You guys really don't have to do this, but I am glad you care enough to help the little guys like me.

DeWayne

fendy3
Novice
Novice

Posts Posts : 35
Joined Joined : 2008-12-27
OS OS : winXP, win7
Protection Protection : McAfee
Points Points : 29199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: C:\resycled\boot.com (probems with this)

Post by Doctor Inferno on Sat Feb 14, 2009 4:02 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104594
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum