Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Troj_vundo


  • This topic is locked This topic is locked
2 replies to this topic

#1 jayfunk13

jayfunk13

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 25 December 2008 - 03:21 AM

I'm running on windows xp, I have AVG antivirus and also ad-aware. Trend micro online scan recognized it but couldn't clean it and Vundofix didn't find a problem. I downloaded SDfix but haven't done anything with it yet. here is the DDS psuedo HJT report. Thanks

DDS (Version 1.1.0) - NTFSx86
Run by Owner at 0:11:13.39 on Thu 12/25/2008
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.242 [GMT -8:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: *On-access scanning enabled* (Updated)
FW: *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\Owner.YOUR-02CDD5AF77\Desktop\dds.scr
C:\Documents and Settings\Owner.YOUR-02CDD5AF77\Desktop\dds.scr
C:\WINDOWS\system32\sort.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.yahoo.com/?fr=fptb-divx
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {21976b5a-957c-47c8-9375-0616fb5840b5} - c:\windows\system32\hodusura.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: {b8fbbb03-6aaf-4539-8d0d-11544708f938} - c:\windows\system32\awtsTNeD.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [GetModule32] c:\program files\getmodule\GetModule32.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [pubodazuda] Rundll32.exe "c:\windows\system32\yobiseha.dll",s
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [2cf162ce] rundll32.exe "c:\windows\system32\senifetu.dll",b
mRun: [CPM2fc25152] Rundll32.exe "c:\windows\system32\miduzige.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: AVGRSSTX.DLL c:\windows\system32\libomawi.dll c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\miduzige.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\awtsTNeD
LSA: Notification Packages = scecli c:\windows\system32\libomawi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\kri87p8w.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\owner.your-02cdd5af77\application data\mozilla\firefox\profiles\kri87p8w.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-21 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-21 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-21 26824]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-21 90632]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-21 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-21 231704]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-11-14 200576]
R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575nd5.sys [2005-11-22 69692]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\google\google desktop search\GoogleDesktop.exe" [2008-11-25 30192]

=============== Created Last 30 ================

2008-12-24 23:58 <DIR> --d----- c:\program files\Trend Micro
2008-12-24 23:28 <DIR> --d----- C:\SDFix
2008-12-24 22:57 <DIR> --d----- c:\program files\Exterminate It!
2008-12-24 21:52 <DIR> --d----- c:\program files\Lavasoft
2008-12-24 18:11 1,603,512 ---sh--- c:\windows\system32\utefines.ini
2008-12-24 17:57 <DIR> --d----- C:\VundoFix Backups
2008-12-24 16:25 <DIR> --d----- c:\documents and settings\owner.your-02cdd5af77\.housecall6.6
2008-12-24 15:42 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\s_6149_fHx8fHx8fDEyNDI3OTg5NTh8_
2008-12-24 15:42 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\Rapid Antivirus
2008-12-24 15:35 83,968 a------- c:\windows\system32\~.exe
2008-12-24 06:11 1,603,494 ---sh--- c:\windows\system32\ohuladoh.ini
2008-12-23 23:17 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2008-12-23 23:17 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-12-23 23:17 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys
2008-12-23 23:17 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2008-12-23 18:11 1,603,458 ---sh--- c:\windows\system32\owipofam.ini
2008-12-23 14:08 56 a---h--- c:\windows\system32\ezsidmv.dat
2008-12-23 14:04 <DIR> --d----- c:\program files\Skype
2008-12-23 12:10 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2008-12-23 12:10 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2008-12-23 12:09 10,880 ac------ c:\windows\system32\dllcache\ndisip.sys
2008-12-23 12:09 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2008-12-23 12:09 16,384 ac------ c:\windows\system32\dllcache\ipsink.ax
2008-12-23 12:09 15,360 ac------ c:\windows\system32\dllcache\streamip.sys
2008-12-23 12:09 16,384 a------- c:\windows\system32\ipsink.ax
2008-12-23 12:09 15,360 a------- c:\windows\system32\drivers\StreamIP.sys
2008-12-23 12:09 11,136 ac------ c:\windows\system32\dllcache\slip.sys
2008-12-23 12:09 11,136 a------- c:\windows\system32\drivers\SLIP.sys
2008-12-23 12:09 19,328 ac------ c:\windows\system32\dllcache\wstcodec.sys
2008-12-23 12:09 19,328 a------- c:\windows\system32\drivers\WSTCODEC.SYS
2008-12-23 12:09 85,376 ac------ c:\windows\system32\dllcache\nabtsfec.sys
2008-12-23 12:09 85,376 a------- c:\windows\system32\drivers\NABTSFEC.sys
2008-12-23 12:07 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-23 06:11 1,603,458 ---sh--- c:\windows\system32\afisenud.ini
2008-12-22 18:11 1,603,449 ---sh--- c:\windows\system32\ijozuzuj.ini
2008-12-21 22:56 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-21 21:07 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-21 21:07 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2008-12-21 21:07 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-21 21:07 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-21 21:07 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-21 21:06 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\AVGTOOLBAR
2008-12-21 21:06 <DIR> --d----- c:\program files\AVG
2008-12-21 21:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-21 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-21 20:11 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-21 20:11 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\SUPERAntiSpyware.com
2008-12-21 20:09 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-21 18:10 1,603,449 ---sh--- c:\windows\system32\ekoruyof.ini
2008-12-21 17:54 13,370 a--sh--- c:\windows\system32\DeNTstwa.ini2
2008-12-21 17:54 35,204 a--sh--- c:\windows\system32\DeNTstwa.ini
2008-12-21 17:48 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\GetModule
2008-12-21 11:46 7,552 ac------ c:\windows\system32\dllcache\sonypvu1.sys
2008-12-21 11:46 7,552 a------- c:\windows\system32\drivers\SONYPVU1.SYS
2008-12-17 11:02 <DIR> --d----- c:\windows\ie8updates
2008-12-04 16:51 2 a------- c:\windows\msoffice.ini
2008-12-02 15:14 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-02 15:14 1,409 a------- c:\windows\QTFont.for
2008-12-02 11:26 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\RegClean
2008-11-29 00:40 <DIR> --d----- c:\program files\Veoh Networks
2008-11-28 15:04 5,632 a------- c:\windows\system32\ptpusb.dll
2008-11-28 15:04 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2008-11-28 15:04 159,232 a------- c:\windows\system32\ptpusd.dll
2008-11-28 15:04 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-11-26 09:52 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\PA-Prospector
2008-11-25 01:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PokerAcademyPro2

==================== Find3M ====================

2008-12-24 18:11 98,910 a--sh--- c:\windows\system32\miduzige.dll
2008-12-24 18:11 84,564 a--sh--- c:\windows\system32\senifetu.dll
2008-12-24 06:11 97,925 a--sh--- c:\windows\system32\tudoniga.dll
2008-12-24 06:11 84,604 -------- c:\windows\system32\hodaluho.dll
2008-12-23 18:11 98,076 a--sh--- c:\windows\system32\jupayobu.dll
2008-12-23 06:11 62,011 a--sh--- c:\windows\system32\tatunulo.dll
2008-12-23 06:11 84,098 -------- c:\windows\system32\dunesifa.dll
2008-12-23 06:11 95,959 a--sh--- c:\windows\system32\rukosabo.dll
2008-12-18 16:28 2,242 a------- c:\docume~1\owner~1.you\applic~1\wklnhst.dat
2008-11-16 23:21 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-14 23:21 17,801 a------- c:\windows\system32\drivers\AegisP.sys
2008-11-14 23:16 8,552 a------- c:\windows\system32\drivers\asctrm.sys
2008-10-28 14:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-28 14:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-28 14:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-28 14:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-28 14:35 684,032 a------- c:\windows\system32\DivX.dll
2008-10-23 05:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-03 02:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-23 06:11 62,011 a--sh--- c:\windows\system32\hodusura.dll
2008-09-23 06:11 62,011 a--sh--- c:\windows\system32\libomawi.dll
2008-09-22 06:10 1,694 a--sh--- c:\windows\system32\sefufusi.dll
2008-09-23 06:11 62,011 a--sh--- c:\windows\system32\yobiseha.dll
2008-09-22 06:10 1,694 a--sh--- c:\windows\system32\zerunuwa.dll

============= FINISH: 0:11:48.70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 05 January 2009 - 06:56 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 12 January 2009 - 03:06 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users