Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vundo!grb infection. Help needed...


  • This topic is locked This topic is locked
3 replies to this topic

#1 dsr2k

dsr2k

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 07 April 2009 - 11:31 PM

Here is the dds.txt log:



DDS (Ver_09-03-16.01) - NTFSx86
Run by BHAVANI at 0:23:08.93 on Wed 04/08/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.846 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\dsrao\Default\softwares\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\McAfee\MSC\mcshell.exe
D:\dsrao\Default\softwares\Maxthon2\Maxthon.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Documents and Settings\BHAVANI\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchURL = hxxp://realsearch.cc/?a=2
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -

d:\dsrao\default\softwares\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} -

c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} -

c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {c4182d9a-5a1a-4cd7-ac2d-09db7f251522} - c:\windows\system32\fimeyufo.dll
TB: {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} -

c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4FF75C0C-5145-4B48-AB9B-FD5487AE0C0A} - No File
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [Windows Update Client ] c:\windows\system32\wuclient.exe
uRun: [SFP] c:\program files\common files\verizon online\sfp\vzSFPWin.EXE /s
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [BitTorrent] "d:\dsrao\default\softwares\bittorrent.exe" --force_start_minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SmileboxTray] "c:\documents and settings\bhavani\application data\smilebox\SmileboxTray.exe"
uRun: [system tool] c:\windows\sysguard.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] LogiTray.exe
mRun: [LogitechGalleryRepair] ISStart.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [XPSP2 Firewall] c:\windows\system32\xpsp2fw.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works

shared\WkUFind.exe
mRun: [HP Software Update] d:\hp software update\HPWuSchd2.exe
mRun: [Adobe Photo Downloader] "d:\dsrao\default\softwares\3.0\apps\apdproxy.exe"
mRun: [HPHUPD08] d:\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec

shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec

shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\dsrao\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ALUAlert] c:\program files\symantec\liveupdate\ALuNotify.exe
mRun: [CPM03750f34] Rundll32.exe "c:\windows\system32\misohusa.dll",a
mRun: [wemobinewe] Rundll32.exe "c:\windows\system32\yihigiyo.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk -

d:\dsrao\default\softwares\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - d:\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop

messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony

corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony

corporation\picture package\picture package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program

files\winzip\WZQKPICK.EXE
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
uPolicies-system: NoDispScrSavPage = 1 (0x1)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS
IE: Download all by Net Transport - c:\program files\xi\nettransport 2\NTAddList.html
IE: Download by Net Transport - c:\program files\xi\nettransport 2\NTAddLink.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: gs.com\remoteplus
Trusted Zone: plaxo.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: {0000000A-0000-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} -

hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/26.30/uploader2.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139255080640
DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.snapfish.com/SnapfishUpload.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -

hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38110.633900463
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -

hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} -

hxxp://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/livetv.ocx
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -

hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

hxxp://download.abacast.com/download/files/abasetup161.cab
DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -

hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,25
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} -

hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\misohusa.dll,c:\windows\system32\pedigeju.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\misohusa.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\misohusa.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll
LSA: Notification Packages = scecli c:\windows\system32\pedigeju.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bhavani\applic~1\mozilla\firefox\profiles\jiewhx6w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search/?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search/?fr=ffds1&p=
FF - component: c:\documents and settings\bhavani\application

data\mozilla\firefox\profiles\jiewhx6w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\go

ogletoolbar.dll
FF - component: c:\documents and settings\bhavani\application

data\mozilla\firefox\profiles\jiewhx6w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\me

trics.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium,

2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do

proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\activex.js -

pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default",

"chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",

"chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh", false);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-10 201320]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2000-6-8 50176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe

[2008-12-12 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-10 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-10 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe

[2007-10-23 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-10 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-10 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-10 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-10 33832]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-10 40488]
S2 OracleServiceBHAVANI;OracleServiceBHAVANI;d:\oracle\ora92\bin\oracle.exe bhavani -->

d:\oracle\ora92\bin\ORACLE.EXE BHAVANI [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-6

283904]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-4 43392]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2004-12-10 30336]

=============== Created Last 30 ================


==================== Find3M ====================

2009-04-07 12:29 61,440 a--sh--- c:\windows\system32\rarinepi.exe
2009-04-07 00:37 61,440 a--sh--- c:\windows\system32\rakupijo.exe
2009-04-06 12:28 61,440 a--sh--- c:\windows\system32\putayila.exe
2009-04-06 00:28 61,440 a--sh--- c:\windows\system32\fijiveni.exe
2009-04-05 11:34 61,440 a--sh--- c:\windows\system32\kuzeduhu.exe
2009-04-04 23:34 61,440 a--sh--- c:\windows\system32\zafufovi.exe
2009-04-04 11:35 61,440 a--sh--- c:\windows\system32\jahamure.exe
2009-04-04 03:53 12,829 ac------ c:\windows\mozver.dat
2009-04-03 23:19 61,440 a--sh--- c:\windows\system32\revulazo.exe
2009-04-03 11:19 61,440 a--sh--- c:\windows\system32\vapiraji.exe
2009-04-02 23:18 61,440 a--sh--- c:\windows\system32\wovahuzo.exe
2009-04-02 23:18 87,552 -------- c:\windows\system32\misohusa.dll
2009-03-29 23:22 87,608 a------- c:\docume~1\bhavani\applic~1\inst.exe
2009-03-29 23:22 47,360 a------- c:\docume~1\bhavani\applic~1\pcouffin.sys
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-01-10 23:28 724,992 a------- c:\windows\iun6002.exe
2008-09-07 04:26 128 ac------ c:\documents and settings\bhavani\delself.bat
2006-06-16 12:51 560 ac------ c:\docume~1\bhavani\applic~1\ViewerApp.dat
2005-11-05 01:41 784 ac------ c:\docume~1\bhavani\applic~1\mpauth.dat
2005-02-06 12:07 56 ---shr-- c:\windows\system32\EAB588AB84.sys

============= FINISH: 0:24:20.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 dsr2k

dsr2k
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 08 April 2009 - 11:07 AM

Hi there,

could some one please help.

thanks

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 17 April 2009 - 06:43 AM

Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 22 April 2009 - 11:50 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users