Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Security Tool Malware


  • This topic is locked This topic is locked
5 replies to this topic

#1 crizcyel

crizcyel

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 15 February 2010 - 05:29 PM

My computer is infected with the Security Tool malware. I tried removing it by following the steps that i found in this forum, but still it was not removed. I hope someone can help me. Many Thanks.!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Criz at 5:55:59.19 on Tue 02/16/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.1.1033.18.1790.1078 [GMT 8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Users\Criz\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [97914737] c:\programdata\97914737\97914737.exe
uRun: [CTFMON] c:\windows\temp\_ex-08.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\criz\appdata\roaming\micros~1\windows\startm~1\programs\startup\306313.lnk - c:\users\criz\appdata\local\temp\nvscv.exe
StartupFolder: c:\users\criz\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8B0C8CF4-17F3-42D5-8D62-95F2E8339C26} - hxxp://symantec.softmall.com.tw/ftcdm/ftcdm.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {FDED01F9-5813-4811-AEEA-F4689C156934} = 58.69.254.135 124.104.135.74
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\criz\appdata\roaming\mozilla\firefox\profiles\506neypv.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\criz\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\criz\appdata\roaming\facebook\npfbplugin_1_0_1.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-6 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-6 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-6 360584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-6 285392]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 GarenaPEngine;GarenaPEngine;c:\users\criz\appdata\local\temp\KZE1026.tmp [2010-2-15 25616]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-2-7 100736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-15 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2010-02-15 14:01:08 0 d-----w- c:\programdata\97914737
2010-02-15 12:53:08 0 d-----w- c:\users\criz\appdata\roaming\Malwarebytes
2010-02-15 12:53:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 12:53:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-15 12:53:02 0 d-----w- c:\programdata\Malwarebytes
2010-02-15 12:53:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-11 10:29:58 0 d-----w- c:\users\criz\appdata\roaming\funkitron
2010-02-10 04:51:51 0 d-----w- c:\users\criz\appdata\roaming\Facebook
2010-02-10 02:26:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-02-09 13:14:35 0 d-----w- c:\programdata\PMB Files
2010-02-07 14:44:49 0 d-----w- c:\program files\Garena
2010-02-07 04:51:45 0 d-----w- c:\program files\Games 2
2010-02-07 02:56:38 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-02-07 02:56:38 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-02-07 02:56:38 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-02-07 02:56:38 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-02-05 15:09:42 0 d-----w- C:\Runup PH
2010-02-04 23:35:24 0 d-----w- c:\program files\THQICE
2010-02-04 16:04:42 0 d-----w- c:\program files\Pando Networks
2010-02-04 04:46:49 791552 ----a-w- c:\windows\system32\drivers\sylqt.sys
2010-02-04 04:39:14 0 d-----w- c:\users\criz\appdata\roaming\Ludia
2010-02-04 04:39:14 0 d-----w- c:\programdata\Ludia
2010-02-04 04:34:30 0 d-----w- c:\programdata\Slapdash Games
2010-02-04 04:34:07 0 d-----w- c:\windows\Yard Sale Hidden Treasures - Lucky Junction
2010-02-04 04:28:15 0 d-----w- c:\users\criz\appdata\roaming\MastersOfMystery2
2010-02-03 02:20:47 0 d-----w- c:\programdata\GameHouse
2010-02-03 02:20:42 0 d-----w- c:\programdata\Trymedia
2010-02-02 07:33:38 0 d-----w- c:\users\criz\appdata\roaming\Playrix Entertainment
2010-02-01 18:10:13 0 d-----w- c:\programdata\iWin Games
2010-02-01 18:07:40 0 d-----w- c:\programdata\AWEM
2010-02-01 03:33:51 0 d-----w- c:\programdata\JollyBear
2010-02-01 03:33:50 0 d---a-w- c:\programdata\TEMP
2010-02-01 02:27:07 0 d-----w- c:\programdata\Playrix Entertainment
2010-02-01 01:00:41 0 d-----w- c:\users\criz\appdata\roaming\iMaxGen
2010-01-31 16:47:44 0 d-----w- c:\program files\BabyCabal
2010-01-31 16:38:15 0 d-----w- c:\program files\e-Games
2010-01-31 15:51:17 524288 --sha-w- c:\users\criz\ntuser.dat{66ffe049-0e80-11df-acb8-00235ac84913}.TMContainer00000000000000000002.regtrans-ms
2010-01-31 15:51:16 65536 --sha-w- c:\users\criz\ntuser.dat{66ffe049-0e80-11df-acb8-00235ac84913}.TM.blf
2010-01-31 15:51:16 524288 --sha-w- c:\users\criz\ntuser.dat{66ffe049-0e80-11df-acb8-00235ac84913}.TMContainer00000000000000000001.regtrans-ms
2010-01-31 13:22:52 0 d-----w- c:\programdata\Sandlot Games
2010-01-31 12:20:49 0 d-----w- c:\programdata\3 Blokes Studios
2010-01-31 12:18:45 0 d-----w- c:\programdata\Magical Forest
2010-01-31 12:10:25 0 d-----w- c:\programdata\XLab
2010-01-31 12:03:57 0 d-----w- c:\programdata\MysteryChronicles
2010-01-31 10:11:40 0 d-----w- c:\program files\kellygame games
2010-01-31 10:09:08 0 d-----w- c:\program files\Wild Tribe
2010-01-31 10:05:36 0 d-----w- c:\windows\Virtual Families
2010-01-31 10:02:23 0 d-----w- c:\windows\Drugstore Mania
2010-01-31 10:01:37 0 d-----w- c:\windows\Coconut Queen
2010-01-31 10:01:37 0 d-----w- c:\program files\Coconut Queen
2010-01-31 09:59:14 0 d-----w- c:\program files\Westward IV - All Aboard
2010-01-31 09:58:14 0 d-----w- c:\windows\Megaplex Madness Now Playing
2010-01-31 09:58:14 0 d-----w- c:\program files\Megaplex Madness Now Playing
2010-01-31 09:56:16 0 d-----w- c:\program files\Games
2010-01-31 09:55:27 0 d-----w- c:\windows\Gotcha Celebrity Secrets
2010-01-31 09:55:27 0 d-----w- c:\program files\Gotcha Celebrity Secrets
2010-01-31 09:54:27 0 d-----w- c:\windows\Fishdom Frosty Splash
2010-01-31 09:54:27 0 d-----w- c:\program files\Fishdom Frosty Splash
2010-01-31 09:53:18 0 d-----w- c:\windows\Big City Adventure - New York
2010-01-31 09:53:17 0 d-----w- c:\program files\Big City Adventure - New York
2010-01-31 09:50:28 0 d-----w- c:\programdata\PlayFirst
2010-01-31 09:50:15 0 d-----w- c:\program files\Cybertek Games
2010-01-31 09:41:27 0 d-----w- c:\windows\Mystery Chronicles Murder Among Friends
2010-01-31 09:41:27 0 d-----w- c:\program files\Mystery Chronicles Murder Among Friends
2010-01-31 09:36:32 0 d-----w- c:\windows\4 Elements
2010-01-31 09:36:32 0 d-----w- c:\program files\4 Elements
2010-01-31 09:34:44 0 d-----w- c:\program files\Wedding Dash
2010-01-31 09:32:12 0 d-----w- c:\programdata\Pets Fun House
2010-01-31 09:31:28 0 d-----w- C:\PetsFunHouse
2010-01-31 09:30:29 0 d-----w- C:\games
2010-01-31 09:30:00 0 d-----w- c:\program files\Magical Forest
2010-01-31 09:26:48 0 d-----w- c:\program files\Youdagames
2010-01-31 09:26:28 0 d-----w- c:\users\criz\appdata\roaming\Youdagames
2010-01-31 09:25:35 0 d-----w- c:\windows\Jane's Hotel
2010-01-31 09:25:35 0 d-----w- c:\program files\Jane's Hotel
2010-01-31 09:22:56 0 d-----w- c:\program files\LeeGTs Games
2010-01-31 09:11:52 85056 ----a-w- c:\windows\uninstall.dat
2010-01-31 09:11:52 574464 ----a-w- c:\windows\uninstall.exe
2010-01-31 09:11:52 323 ----a-w- c:\windows\uninstall.xml
2010-01-31 09:11:22 0 d-----w- c:\windows\The Princess Bride Game
2010-01-31 09:11:22 0 d-----w- c:\program files\The Princess Bride Game
2010-01-31 09:09:41 0 d-----w- c:\windows\Bigfish Games - Road to Riches - Precracked
2010-01-31 08:59:09 0 d-----w- c:\users\criz\appdata\roaming\Valusoft
2010-01-31 08:59:09 0 d-----w- c:\programdata\Valusoft
2010-01-31 08:49:30 0 d-----w- c:\windows\Cake Mania 3
2010-01-31 08:49:30 0 d-----w- c:\program files\Cake Mania 3
2010-01-29 13:21:32 0 d-----w- c:\programdata\Apple Computer
2010-01-29 13:20:44 0 d-----w- c:\programdata\Apple
2010-01-28 13:36:47 0 d-----w- c:\program files\GameClub
2010-01-28 13:36:42 0 d-----w- c:\program files\GameClub Launcher
2010-01-27 00:47:50 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 00:47:49 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-25 03:45:54 0 d-----w- c:\program files\Tales of Pirates Online
2010-01-25 00:11:42 0 d-----w- c:\program files\Altis Gates
2010-01-23 05:18:12 0 d-----w- c:\program files\GodsWar Online
2010-01-22 09:28:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-22 09:28:28 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-01-22 09:18:46 0 d-----w- c:\program files\Level Up Games
2010-01-21 23:54:58 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 09:56:44 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-01-18 12:49:44 0 d-----w- c:\program files\Bonjour
2010-01-18 12:44:20 0 d-----w- c:\program files\common files\Macrovision Shared
2010-01-18 02:05:15 0 d-----r- c:\program files\Skype
2010-01-18 02:05:11 0 d-----w- c:\programdata\Skype
2010-01-17 09:11:14 9488 ----a-w- c:\windows\system32\tssoft32.acm
2010-01-17 09:11:14 16144 ----a-w- c:\windows\system32\tsd32.dll
2010-01-17 09:11:14 0 d-----w- c:\program files\Bytescribe
2010-01-17 06:20:34 0 d-----w- c:\users\criz\appdata\roaming\LimeWire
2010-01-17 06:01:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-17 05:48:59 0 d-----w- c:\program files\LimeWire

==================== Find3M ====================

2010-01-08 03:18:02 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-06 12:59:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-06 12:59:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-06 12:59:21 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-06 12:46:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-08 11:40:12 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40:12 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32:02 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 5:56:48.11 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:50 AM

Posted 19 February 2010 - 05:12 AM

Hi crizcyel,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum and apologies for the dely. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

If the issue is not yet resolved please provide me with feedback about the current condition of your computer and fresh logs.

#3 crizcyel

crizcyel
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 21 February 2010 - 02:26 AM

hello farbar,

First, I wanna thank you for welcoming me to this forum. I would like to apologize as well for not updating this topic because the malware has been removed. thumbup.gif
I just repeated the instruction found in this forum, and luckily it was finally removed. Thank you so much for your interest in helping me. However, I would still like to ask, if how I can avoid being infected again by security tool or other malwares. And where do those malwares commonly came from? I mean, where could I possibly got them?

Again, I am thanking you and this forum because it helped me a lot in saving my computer. smile.gif I am looking forward for your response.

Also. I would like to know if I should still refrain from updating my windows and other applications. Thank you very much.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:50 AM

Posted 21 February 2010 - 08:10 AM

I'm glad the issue is resolved and thank you for taking time to let me know. thumbup2.gif

Please consult this article on How To Prevent Malware.

Of course you may update Windows or do whatever you might think is appropriate. My request not to change anything was just for the period we were dealing with removing malware if your system was still infected.

Happy Surfing crizcyel. smile.gif

Edited by farbar, 23 February 2010 - 09:04 AM.
Spelling


#5 crizcyel

crizcyel
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 23 February 2010 - 04:31 AM

Thank you so much again for your help and your willingness to help me.



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:50 AM

Posted 23 February 2010 - 04:13 PM

You are most welcome. smile.gif

This thread will now be closed since the issue seems to be resolved.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users