Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

etrust itm rpc service unable to start


  • This topic is locked This topic is locked
2 replies to this topic

#1 jpramo

jpramo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 11 June 2009 - 06:01 PM

Hi


My Computer got wricked by the trojan , virus,SVChost.exe Due to which my "etrust itm rpc service " of CA is not starting unable to start that service from services.svc .Can you help me in resolving please
find the log file


DDS (Ver_09-05-14.01) - NTFSx86
Run by iE54 at 23:47:06.07 on 11/06/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.283 [GMT 1:00]

AV: eTrust ITM *On-access scanning enabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
AV: avast! antivirus 4.8.1335 [VPS 090319-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
svchost.exe "C:\WINDOWS\system32\alrsvcx.exe"
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.5\OLAP\bin\msmdsrv.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.6\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\CA\Unicenter DSM\Bin\caf.exe
C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CA\Unicenter DSM\Bin\cfsmsmd.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CA\Unicenter DSM\bin\cfSysTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\CA\Unicenter DSM\Bin\ccnfagent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\CA\Unicenter DSM\Bin\cfnotsrvd.exe
C:\Program Files\CA\Unicenter DSM\Bin\ccsmagtd.exe
C:\Program Files\CA\Unicenter DSM\Bin\rcHost.exe
C:\Program Files\CA\Unicenter DSM\Bin\amswmagt.exe
C:\WINDOWS\regedit.exe
C:\Program Files\CA\Unicenter DSM\PMAgent\capmuamagt.exe
C:\Program Files\CA\Unicenter DSM\Bin\cfftplugin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\ie54\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer provided by Tesco HSC
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://uk.yahoo.com
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyServer = 192.168.29.200:80
uInternet Settings,ProxyOverride = 172.*;192.168.*;128.*;*.tesco.org;*.tsl;220.227.123.45;vpn.ocsethsc.net;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CAF_SystemTray] "c:\program files\ca\unicenter dsm\bin\cfSysTray.exe"
mRun: [DsmSxplog] "c:\program files\ca\unicenter dsm\bin\sxpstub.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Realtime Monitor] "c:\program files\ca\etrustitm\realmon.exe" -s
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Pointsec Tray] c:\program files\pointsec\pointsec for pc\P95Tray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
dRun: [kell] c:\program files\manson\liser.exe
dRun: [reader_s] c:\windows\system32\config\systemprofile\reader_s.exe
dRun: [ie54] c:\documents and settings\ie54\ie54.exe /i
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe
uPolicies-explorer: NoHardwareTab = 1 (0x1)
uPolicies-explorer: NoDFSTab = 1 (0x1)
uPolicies-explorer: RecycleBinSize = 10 (0xa)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: DisallowCpl = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\microsoft office communicator\communicator.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\windows\system32\betsp.dll
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Notify: CAF - c:\program files\ca\unicenter dsm\bin\cfwlogon.dll
Notify: igfxcui - igfxdev.dll
Notify: rcHostExt - c:\program files\ca\unicenter dsm\bin\rcLoginExt.dll
Notify: ytnbfq - ytnbfq.dll
AppInit_DLLs: c:\progra~1\manson\liser.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ie54\applic~1\mozilla\firefox\profiles\8hr4ai10.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2008-10-15 217024]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-11 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-11 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-11 138680]
R2 CA-MessageQueuing;CA Message Queuing Server;c:\program files\ca\sharedcomponents\cam\bin\cam.exe [2008-7-15 172032]
R2 caf;CA Unicenter DSM r11 Common Application Framework.;c:\program files\ca\unicenter dsm\bin\CAF.exe [2008-7-4 193800]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-13 199384]
R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2008-10-15 621120]
R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2008-10-15 150080]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.6\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-13 14552]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-5-31 14976]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2007-11-1 399032]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-11 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-11 352920]
R3 rcSmCard;rcSmCard;c:\windows\system32\drivers\rcSmCard.sys [2006-6-10 26128]
R3 rcVidCap;rcVidCap;c:\windows\system32\drivers\rcVidMpt.sys [2006-5-4 9872]
S2 CA-MessageQueuingNtLmSsp;CA Message Queuing Server CA-MessageQueuingNtLmSsp;c:\windows\system32\alrsvcx.exe srv --> c:\windows\system32\alrsvcx.exe srv [?]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\system32\drivers\vpnva.sys [2007-11-1 24176]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2009-06-11 23:03 2,359,296 a------- c:\windows\system32\xerces-c_2_6.dll
2009-06-11 22:36 <DIR> --d----- c:\docume~1\ie54\applic~1\Malwarebytes
2009-06-11 22:36 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 22:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-11 22:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 22:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-11 21:22 67,584 a------- c:\windows\system32\10.tmp
2009-06-11 18:43 <DIR> --d----- c:\program files\Exterminate It!
2009-06-11 18:36 4,206,984 a------- C:\intsall.exe
2009-06-11 17:18 16,896 a------- c:\windows\system32\ytnbfq.dll
2009-06-11 08:39 42,596 ----h--- c:\documents and settings\ie54\ie54.exe
2009-06-10 23:45 67,584 a------- c:\windows\system32\17.tmp
2009-06-10 23:45 0 a------- c:\windows\system32\16.tmp
2009-06-10 23:39 80 a------- c:\windows\system32\15.tmp
2009-06-10 20:25 23,040 a--sh--- c:\windows\system32\activedsk.dll
2009-06-10 20:08 1,983 a--s---- c:\windows\system32\1105075867.dat
2009-06-10 20:08 59,904 ---shr-- c:\windows\system32\alrsvcx.exe
2009-06-10 19:15 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-10 19:01 <DIR> --d----- c:\windows\dhcp
2009-06-10 19:00 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-06-10 19:00 <DIR> --dshr-- c:\program files\Manson
2009-06-10 18:58 10 a------- c:\documents and settings\ie54\RUNME.bat
2009-06-10 16:04 956,928 -c------ c:\windows\system32\dllcache\msdtctm.dll
2009-06-10 16:04 161,792 -c------ c:\windows\system32\dllcache\msdtcuiu.dll
2009-06-10 16:04 91,648 -c------ c:\windows\system32\dllcache\mtxoci.dll
2009-06-10 16:04 66,560 -c------ c:\windows\system32\dllcache\mtxclu.dll
2009-06-10 16:04 58,880 -c------ c:\windows\system32\dllcache\msdtclog.dll
2009-06-10 16:03 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-10 16:03 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-10 16:01 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-10 16:01 1,846,784 -c------ c:\windows\system32\dllcache\win32k.sys
2009-06-10 14:50 361,600 -c------ c:\windows\system32\dllcache\tcpip.sys
2009-06-10 14:50 245,248 -c------ c:\windows\system32\dllcache\mswsock.dll
2009-06-10 14:50 225,856 -c------ c:\windows\system32\dllcache\tcpip6.sys
2009-06-10 14:50 147,968 -c------ c:\windows\system32\dllcache\dnsapi.dll
2009-06-10 14:50 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2009-06-10 14:49 354,304 -c------ c:\windows\system32\dllcache\winhttp.dll
2009-06-10 14:48 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-10 14:48 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-06-10 14:48 286,720 -c------ c:\windows\system32\dllcache\gdi32.dll
2009-06-10 14:47 81,920 -c------ c:\windows\system32\dllcache\ieencode.dll
2009-06-10 14:47 666,112 -c------ c:\windows\system32\dllcache\wininet.dll
2009-06-10 14:47 619,520 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-06-10 14:47 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-06-10 14:47 3,068,416 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-06-10 14:45 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-10 14:45 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-10 14:45 237,056 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-10 14:45 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-10 14:43 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-10 14:29 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-10 13:40 <DIR> --d----- c:\docume~1\ie54\applic~1\Cisco
2009-06-10 13:36 360 a------- c:\windows\system32\betsp.inf
2009-06-10 13:36 10 a------- c:\windows\system32\betsp.ver
2009-06-10 13:36 8,704 a----r-- c:\windows\system32\betorder.dll
2009-06-10 13:36 69,187 a------- c:\windows\system32\betsp.dll
2009-06-10 13:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Aventail
2009-06-10 13:36 <DIR> --d----- c:\docume~1\ie54\applic~1\Aventail
2009-06-09 20:19 <DIR> --d----- c:\docume~1\ie54\applic~1\Uniblue
2009-06-06 11:46 <DIR> --d----- c:\docume~1\ie54\applic~1\UnicenterRemoteControl
2009-06-04 23:50 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-04 23:50 <DIR> --d----- c:\program files\DivX
2009-06-04 23:24 <DIR> --d----- c:\program files\DNA
2009-06-04 23:24 <DIR> --d----- c:\docume~1\ie54\applic~1\DNA
2009-06-04 23:24 <DIR> --d----- c:\program files\AskSearch
2009-06-04 23:00 <DIR> --d----- c:\documents and settings\ie54\LocalLow
2009-06-04 23:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-05-31 20:08 34,816 a------- c:\windows\system32\DEVLOAD.EXE
2009-05-31 20:08 14,976 a------- c:\windows\system32\drivers\SBKUPNT.SYS
2009-05-31 20:08 2,799 a------- c:\windows\SKLANG.INI
2009-05-31 20:08 328,192 a------- c:\windows\IsUninst.exe
2009-05-31 09:58 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-05-30 10:45 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-05-30 10:45 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-30 10:44 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-05-30 09:29 <DIR> --d----- c:\program files\Yahoo!
2009-05-26 22:32 <DIR> --d----- c:\program files\VideoLAN
2009-05-26 15:53 <DIR> --d----- c:\docume~1\ie54\applic~1\ICAClient
2009-05-25 08:33 352,256 a------- c:\windows\system32\IJL151.dll
2009-05-22 09:00 0 a------- c:\windows\frontpg.ini
2009-05-22 09:00 <DIR> --d----- c:\windows\IIS Temporary Compressed Files
2009-05-22 08:57 <DIR> --d----- c:\windows\system32\Logfiles
2009-05-22 08:57 <DIR> --d----- C:\Inetpub
2009-05-22 07:13 <DIR> --ds---- c:\documents and settings\ie54\UserData
2009-05-21 15:53 <DIR> --d-h--- c:\windows\system32\WLANProfiles
2009-05-21 13:59 <DIR> --d----- C:\IE54
2009-05-21 13:58 <DIR> --d----- c:\program files\RSA SecurID Token for Windows
2009-05-21 13:57 <DIR> --d----- c:\program files\RSA SecurID Token Common
2009-05-21 13:48 <DIR> --d----- c:\docume~1\ie54\applic~1\Citrix
2009-05-21 13:48 <DIR> --d----- c:\docume~1\ie54\applic~1\CiscoCAA
2009-05-21 13:46 <DIR> --d----- c:\docume~1\ie54\applic~1\Intel
2009-05-21 13:46 <DIR> --d----- c:\docume~1\ie54\applic~1\CA
2009-05-21 13:46 <DIR> --d----- c:\documents and settings\ie54
2009-05-21 13:27 <DIR> --d----- c:\program files\SQLXML 4.0
2009-05-21 13:22 <DIR> --d----- c:\program files\Microsoft Analysis Services
2009-05-21 12:57 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-05-21 12:56 <DIR> --d----- c:\program files\Microsoft Device Emulator
2009-05-21 12:56 <DIR> --d----- c:\program files\Microsoft SQL Server 2005 Mobile Edition
2009-05-21 12:33 <DIR> --d----- c:\program files\HTML Help Workshop
2009-05-21 12:33 <DIR> --d----- c:\program files\common files\Business Objects
2009-05-21 12:33 <DIR> --d----- c:\program files\CE Remote Tools
2009-05-21 12:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PreEmptive Solutions
2009-05-21 12:33 <DIR> --d----- c:\program files\common files\Merge Modules
2009-05-21 12:31 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-05-21 12:03 <DIR> --d----- c:\program files\Pointsec
2009-05-21 12:03 512 a------- C:\BOOT_SAV.BOT
2009-05-21 12:03 2,097,152 ---shr-- C:\PROT_INS.SYS
2009-05-21 12:03 6 a------- C:\VOL_CHAR.DAT
2009-05-21 12:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pointsec
2009-05-21 11:56 1,736,297 a------- c:\windows\system32\hsc.scr
2009-05-21 11:53 <DIR> --d----- c:\windows\SchCache
2009-05-21 11:49 12,304 -------- c:\windows\cfig50wnt.sys

==================== Find3M ====================

2009-06-10 19:00 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-05-01 19:30 3,391,488 a------- c:\windows\system32\GPhotos.scr

============= FINISH: 23:47:46.57 ===============


Thank You
Pramod

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:30 AM

Posted 20 June 2009 - 05:43 PM

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are always
very busy and we do are best to keep up. If you no longer require any help could you let me no
please, so this topic can be closed.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
First I would like to see a new log since alot could have changed since your origional post.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:30 AM

Posted 24 June 2009 - 06:19 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users