Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32/Olmarik.MF trojan


  • Please log in to reply
1 reply to this topic

#1 comma

comma

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 14 October 2009 - 10:52 AM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1.9.2009 16:53:09
System Uptime: 14.10.2009 17:05:57 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5GPL
Processor: Intel® Pentium® 4 CPU 3.00GHz | Socket 775 | 3010/200mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | Socket 775 | 3010/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 59 GiB total, 41,673 GiB free.
D: is FIXED (NTFS) - 94 GiB total, 28,389 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_19\4&37FD0741&0&00E1
Manufacturer: Marvell
Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_19\4&37FD0741&0&00E1
Service: yukonwxp

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Ahead Nero Burning ROM
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Display Driver
CDex extraction audio
CyberLink PowerDVD 8
ESET NOD32 Antivirus
GOM Player
High Definition Audio Driver Package - KB888111
Java™ 6 Update 15
K-Lite Codec Pack 4.1.6 (Full)
Malwarebytes' Anti-Malware
Marsu-Fix
Marvell Miniport Driver
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 programski dodatak za preslovljavanje
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.3)
MSVCRT
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
PerfectDisk
PowerCinema
Pro Evolution Soccer 2009
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows XP (KB958644)
Segoe UI
Spybot - Search & Destroy
TeamSpeak 2 RC2
Total Commander Ultima Prime 3.7.0.0
TP-LINK Client Installation Program
Unity Web Player
Update for Windows XP (KB932823-v3)
WebFldrs XP
Winamp
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip 12.0

==== Event Viewer Messages From Past Week ========

8.10.2009 23:30:56, error: Schannel [36881] - The certificate received from the remote server has expired. The SSL connection request has failed. The attached data contains the server certificate.
8.10.2009 12:20:34, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
8.10.2009 12:20:34, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00147871D86A has been denied by the DHCP server 10.50.51.1 (The DHCP Server sent a DHCPNACK message).
8.10.2009 12:12:04, error: Dhcp [1002] - The IP address lease 10.50.50.10 for the Network Card with network address 00147871D86A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8.10.2009 1:47:47, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
8.10.2009 1:46:21, error: DCOM [10001] - Unable to start a DCOM Server: {380689D0-AFAA-47E6-B80E-A33436FE314B} as /. The error: "%8" Happened while starting this command: "C:\Program Files\Windows Live\Contacts\wlcomm.exe" -Embedding
8.10.2009 1:15:01, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 8185634d, parameter3 f89914d0, parameter4 f89911cc.
7.10.2009 22:16:29, error: Service Control Manager [7028] - The zmuest Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
14.10.2009 2:15:00, error: DCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "%8" Happened while starting this command: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding
14.10.2009 17:01:46, error: PlugPlayManager [11] - The device Root\LEGACY_QEIDADC\0000 disappeared from the system without first being prepared for removal.
14.10.2009 16:36:37, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep IntelIde
14.10.2009 0:40:05, error: DCOM [10000] - Unable to start a DCOM Server: {D0F0AD6B-ECCC-401E-8E71-C4363D41399C}. The error: "%8" Happened while starting this command: C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.exe -Embedding
13.10.2009 9:05:17, error: DCOM [10000] - Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error: "%8" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding
13.10.2009 15:48:58, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.
13.10.2009 15:48:58, error: Service Control Manager [7000] - The Eset Nod32 Boot service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11.10.2009 17:35:56, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00147871D86A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10.10.2009 17:57:05, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf1e0267, parameter3 b4d3bbc4, parameter4 00000000.

==== End Of File ===========================


DDS (Ver_09-10-13.01) - NTFSx86
Run by Portiri at 17:25:40,59 on sre 14.10.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.90 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Portiri\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [calc] rundll32.exe c:\docume~1\portiri\ntuser.dll,_IWMPEvents@0
mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [calc] rundll32.exe c:\docume~1\locals~1\ntuser.dll,_IWMPEvents@0
dRun: [mserv] c:\windows\system32\config\systemprofile\application data\seres.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\portiri\applic~1\mozilla\firefox\profiles\pqv8bao6.default\

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-3-13 33800]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-5-15 61424]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-3-13 472320]
R2 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2005-1-4 237635]
S2 ACSAlerter;TP-LINK Configuration Service ACSAlerter;c:\windows\temp\iqiwcaeteq.exe service --> c:\windows\temp\iqiwcaeteq.exe service [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S4 zmuest;zmuest;c:\windows\system32\drivers\mltspj.sys [2009-9-15 75648]

=============== Created Last 30 ================

2009-10-14 16:21 <DIR> --d----- c:\docume~1\portiri\applic~1\Malwarebytes
2009-10-14 16:21 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-14 16:21 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-14 16:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 16:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-13 20:32 128,384 a------- c:\windows\system32\drivers\atinavxx.sys
2009-10-13 20:32 98,304 a------- c:\windows\system32\atinavpp.ax
2009-10-13 17:13 568 a---h--- c:\windows\nod32fixtemdono.reg
2009-10-13 17:13 159,770 a------- c:\windows\Marsu-Fix Uninstaller.exe
2009-10-13 17:13 <DIR> --d----- c:\program files\Marsu-Fix
2009-10-13 17:11 <DIR> --d----- c:\program files\ESET
2009-10-13 12:06 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-12 14:24 16 a------- c:\windows\system32\api.dat
2009-10-08 01:39 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-10-05 22:57 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-10-05 22:55 <DIR> --d----- c:\program files\Skype
2009-09-29 20:44 5,632 a------- c:\windows\system32\ptpusb.dll
2009-09-29 20:44 159,232 a------- c:\windows\system32\ptpusd.dll
2009-09-29 20:44 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-09-29 20:44 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-09-28 14:42 89,184 a------- c:\windows\system32\drivers\imagedrv.sys
2009-09-28 14:42 57,344 a------- c:\windows\system32\ImageDrive.cpl
2009-09-28 14:42 569,344 a------- c:\windows\system32\imagr5.dll
2009-09-28 14:42 544,768 a------- c:\windows\system32\imagx5.dll
2009-09-28 14:42 283,920 a------- c:\windows\system32\ImagXpr5.dll
2009-09-28 14:42 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-09-28 14:42 38,912 a------- c:\windows\system32\picn20.dll
2009-09-22 04:46 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-20 14:59 <DIR> --d----- c:\windows\system32\Adobe
2009-09-20 04:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\KONAMI
2009-09-20 04:20 251,672 a------- c:\windows\system32\xactengine2_5.dll
2009-09-20 04:20 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-09-20 04:18 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-09-20 04:17 <DIR> --d----- c:\program files\KONAMI
2009-09-19 21:35 12,650 a------- c:\windows\wininit.ini
2009-09-19 21:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-19 17:51 5,702 a---h--- c:\windows\nod32restoretemdono.reg
2009-09-18 07:26 <DIR> --d----- c:\program files\TS
2009-09-15 14:53 19,729 a------- c:\docume~1\portiri\applic~1\onamanywa.bat
2009-09-15 14:53 18,915 a------- c:\windows\olexoguz.inf
2009-09-15 14:53 18,552 a------- c:\windows\yramosyg.ban
2009-09-15 14:53 17,778 a------- c:\program files\common files\kypuhuku.bat
2009-09-15 14:53 15,892 a------- c:\windows\system32\yryxysu.ban
2009-09-15 14:53 15,654 a------- c:\windows\rijocujic._sy
2009-09-15 14:53 14,916 a------- c:\windows\azux.dll
2009-09-15 14:53 12,289 a------- c:\windows\system32\aluzuwijen._sy
2009-09-15 14:53 12,094 a------- c:\program files\common files\apamawel.bat
2009-09-15 14:53 10,260 a------- c:\windows\hotoxuk.bat
2009-09-15 14:38 75,648 a------- c:\windows\system32\drivers\mltspj.sys

==================== Find3M ====================

2009-09-16 06:51 15,278 a------- c:\program files\common files\gexaqet.dl
2009-09-15 14:53 19,678 a------- c:\program files\common files\ebatukahe.dl
2009-09-15 14:53 19,401 a------- c:\program files\common files\atac.lib
2009-09-15 14:53 18,930 a------- c:\program files\common files\adaxo.ban
2009-09-01 22:18 29,480 a------- c:\windows\system32\msxml3a.dll
2009-09-01 22:18 505,128 a------- c:\windows\system32\msvcp71.dll
2009-09-01 22:18 353,576 a------- c:\windows\system32\msvcr71.dll
2009-09-01 18:50 73,728 a------- c:\windows\ALCFDRTM.EXE
2009-09-01 18:45 294,912 a------- c:\windows\HideWin.exe
2009-09-01 18:43 21,275 a------- c:\windows\system32\drivers\AegisP.sys
2009-09-01 17:02 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-01 16:48 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-21 17:55 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-07-21 17:54 325,120 a------- c:\windows\system32\ati2dvag.dll
2009-07-21 17:44 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-07-21 17:44 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-07-21 17:43 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-07-21 17:43 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-07-21 17:43 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-07-21 17:42 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-07-21 17:40 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-07-21 17:35 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-07-21 17:32 11,845,632 a------- c:\windows\system32\atioglxx.dll
2009-07-21 17:32 3,818,272 a------- c:\windows\system32\ati3duag.dll
2009-07-21 17:17 2,670,720 a------- c:\windows\system32\ativvaxx.dll
2009-07-21 17:17 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-07-21 17:17 887,724 a------- c:\windows\system32\ativva6x.dat
2009-07-21 17:01 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-07-21 16:57 475,136 a------- c:\windows\system32\atikvmag.dll
2009-07-21 16:55 126,976 a------- c:\windows\system32\atiadlxx.dll
2009-07-21 16:54 17,408 a------- c:\windows\system32\atitvo32.dll
2009-07-21 16:53 45,056 a------- c:\windows\system32\aticalrt.dll
2009-07-21 16:53 45,056 a------- c:\windows\system32\aticalcl.dll
2009-07-21 16:52 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-07-21 16:52 3,227,648 a------- c:\windows\system32\aticaldd.dll
2009-07-21 16:48 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-07-21 10:40 593,920 -------- c:\windows\system32\ati2sgag.exe

============= FINISH: 17:26:04,35 ===============


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/14 17:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB8417000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A5C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB5281000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Portiri\ntuser.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\calc.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Portiri\Start Menu\Programs\Startup\scandisk.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Portiri\Start Menu\Programs\Startup\scandisk.lnk
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.lnk
Status: Invisible to the Windows API!

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:32 PM

Posted 15 October 2009 - 05:53 AM

Hi,

First of all, please update MalwareBytes, because the databaseversion may be outdated.
  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users