You're the second person today to tell me there is a Rootkit in Combofix! I can't figure out why you think this. This line just identifies what's running:
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-30 18:43
It is part of the Combofix program. If you look at the end of that section, you'll see that nothing was found. You did have a rogue program installed> it has been removed in Combofix:
Home Antivirus 2010 is a rogue anti-virus program. It will create fake files throughout your computer using random names, then a scan with the programs picks up these fake files and tells you they have to be remove- but the scam is that you are told you have to buy the program in order to remove them!
====================
Custom CFScript
[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
c:\program files\Viewpoint\Common\ViewpointService.exe
Folder::
Registry::
Driver::
Viewpoint Manager Service
FCopy::
C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\Windows\System32\drivers\atapi.sys
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
Please download HijackThis from
here.
- Save it to a permanent folder (such as C:\HJT).
- Next, open HijackThis, and select Do a system scan and save a logfile.
- A Notepad document will open. Please post the contents of that document.
Please paste the HJT log into the next reply and attach the new Comboscript report.
Edit: I meant to include this. You should remove the earlier versions of these 2 programs:
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Player 10
Windows Media Player 11
And you should also update the Adobe reader from v7 to v9.xx:
Visit this
Adobe Reader site and make sure you have the most current update.
Uninstall any earlier updates as they are vulnerabilities.