BleepingComputer.com: icity scour google firefox redirect

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

icity scour google firefox redirect DDS scan complete

#1 User is offline   maltesemanTS 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 24-June 11

Posted 24 June 2011 - 12:10 PM

Two issues:

1) My Start Menu folders are all empty but my programs still shown up in add/remove programs.

2) IE and Firefox browsers get redirected through icity, scour, etc when clicking on a google search engine result.

Please help. thanks.

DDS scan complete:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Jerry at 9:57:40 on 2011-06-24
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.190 [GMT -7:00]
.
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security Netbook Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security Netbook Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\igfxext.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\PrintIsolationHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{0614C2EA-FE0A-4AD4-AC7D-4E8B619BC1EE} : DhcpNameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{0614C2EA-FE0A-4AD4-AC7D-4E8B619BC1EE}\2423937303 : DhcpNameServer = 24.94.163.32
TCP: Interfaces\{0614C2EA-FE0A-4AD4-AC7D-4E8B619BC1EE}\2456C6B696E6F574F505C65737F5D494D4F4F5537353439333 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0614C2EA-FE0A-4AD4-AC7D-4E8B619BC1EE}\76575637477796669602D623 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{0614C2EA-FE0A-4AD4-AC7D-4E8B619BC1EE}\C496C6C69656C414E4 : DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{BC5B23E3-2827-47C0-88BF-E98B166A2B7E} : DhcpNameServer = 192.168.0.1 205.171.3.65
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jerry\appdata\roaming\mozilla\firefox\profiles\n8rq248z.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\SymDS.sys [2011-6-11 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\SymEFA.sys [2011-6-11 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-16 810616]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\ipsdefs\20110623.002\IDSvix86.sys [2011-6-23 367736]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\Ironx86.sys [2011-6-11 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1206000.01d\symnets.sys [2011-6-11 296568]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\norton utilities 15\tools\disk doctor\DiskDoctorSrv.exe [2011-4-10 1029480]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccSvcHst.exe [2011-6-11 130008]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-11-15 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.3.198\ccSvcHst.exe [2010-11-15 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-12 105592]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-11-15 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-15 277536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [2006-11-7 46976]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-11-15 189984]
S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2011-4-10 128248]
S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2011-4-10 108800]
.
=============== Created Last 30 ================
.
2011-06-24 16:56:51 70144 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL
2011-06-24 16:52:08 -------- d-----w- c:\windows\system32\SPReview
2011-06-24 16:29:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-24 03:48:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-24 03:48:25 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-24 03:48:12 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-24 02:07:03 -------- d-----w- c:\users\jerry\appdata\local\Mozilla
2011-06-22 10:19:20 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-22 05:08:43 -------- d-----w- c:\windows\system32\EventProviders
2011-06-21 10:00:25 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-21 09:58:23 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-20 20:24:47 -------- d-----w- c:\users\jerry\appdata\local\Microsoft Help
2011-06-17 03:44:26 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-17 03:44:26 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 03:44:26 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 03:44:20 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 03:44:20 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 03:44:20 1286016 ----a-w- c:\windows\system32\drivers\tcpip(101).sys
2011-06-17 03:44:08 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 03:44:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-17 03:43:35 599552 ----a-w- c:\windows\system32\msfeeds(107).dll
2011-06-17 03:43:33 67072 ----a-w- c:\windows\system32\mshtmled(108).dll
2011-06-17 03:43:33 185856 ----a-w- c:\windows\system32\iepeers(106).dll
2011-06-17 03:43:20 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 03:43:20 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20(100).sys
2011-06-17 03:43:20 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 03:43:20 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-12 11:46:35 -------- d-----w- c:\users\jerry\appdata\local\{A8419178-98DA-4EF4-A20D-2B89C24A1E18}
2011-06-11 17:23:19 744568 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\SymEFA.sys
2011-06-11 17:23:19 516216 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-06-11 17:23:19 50168 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
2011-06-11 17:23:19 340088 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\SymDS.sys
2011-06-11 17:23:19 296568 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
2011-06-11 17:23:18 136312 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\Ironx86.sys
2011-06-11 17:22:32 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D
2011-06-11 17:02:52 -------- d-----w- C:\NIS
2011-06-11 17:00:34 5422868 ----a-w- c:\users\jerry\NIS-NETBOOK-ESD-18-6-0-29-EN.exe
2011-06-11 15:32:35 -------- d--h--w- c:\users\jerry\appdata\local\NPE
2011-06-11 15:31:32 2558968 ---ha-w- c:\users\jerry\NPE.exe
2011-06-10 12:27:05 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e3ef5f98-b4a7-4935-8b87-8aae15af79bc}\mpengine.dll
2011-06-04 12:36:57 -------- d--h--w- c:\users\jerry\appdata\roaming\SupportSoft
2011-06-04 12:31:18 -------- d-----w- c:\program files\common files\supportsoft
2011-06-03 11:51:35 -------- d--h--w- c:\users\jerry\appdata\local\{67F300BF-A7DC-4D9E-AFFA-BC6C1CB0B175}
2011-06-03 11:51:35 -------- d--h--w- c:\users\jerry\appdata\local\{435D62A6-89F4-4B17-AEDB-C06875A2716D}
2011-06-01 11:05:23 -------- d-----w- c:\users\jerry\appdata\local\ElevatedDiagnostics
2011-06-01 10:35:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-11 17:23:41 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump(98).sys
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
.
============= FINISH: 9:59:59.80 ===============

This post has been edited by maltesemanTS: 24 June 2011 - 12:24 PM

#2 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,397
  • Joined: 16-May 10
  • Gender:Male

Posted 25 June 2011 - 04:43 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Any underlined text in my posts indicates a clickable link.
  • If you have any questions at all, please stop and ask before proceeding.

Posted Image Download unhide.exe saving it to your desktop
  • Right click on unhide.exe and select Run as administrator
  • Reboot

Posted Image Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it



  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If you have trouble running GEMR:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode

Please include the following in your next post:
  • GMER log
  • The Attach.txt log from DDS

This post has been edited by RPMcMurphy: 25 June 2011 - 04:43 PM

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#3 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,397
  • Joined: 16-May 10
  • Gender:Male

Posted 30 June 2011 - 08:32 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users