Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Tool still active 2


  • This topic is locked This topic is locked
3 replies to this topic

#1 teller1

teller1

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 19 May 2010 - 09:55 AM

Ok, my friend's computer is infected with Security Tool. I tried the uninstall procedure listed on this site, and rkill failed to run. Then tried to run dds.scr and it was unable to run. Then tried rsit, but it was unable to run. I finally had to go to safe mode to run rsit. Here's the log:

Logfile of random's system information tool 1.07 (written by random/random)
Run by melissa at 2010-05-19 10:45:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 140 GB (92%) free of 153 GB
Total RAM: 1015 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:45:14 AM, on 5/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\melissa\Desktop\RSIT.exe
C:\Program Files\trend micro\melissa.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cwcu_pdc/attendance/ess.aew/default
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [18833326] C:\DOCUME~1\ALLUSE~1\APPLIC~1\18833326\18833326.exe
O4 - HKLM\..\Run: [sniffer] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ERS-Connect ] "C:\PROGRA~1\ERSCON~1\ERSCON~1.EXE" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: AFS Evision Check Research - https://broker.cumec.org/EvCheck.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.comwide.com
O17 - HKLM\Software\..\Telephony: DomainName = www.comwide.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C4F9B11-0A4F-4936-8933-ADB7EDE94782}: NameServer = 192.168.1.10,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA00DC6D-D934-43A4-ADE9-8CF536546F71}: NameServer = 192.168.1.10,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFD68A7-839E-4E1D-AB30-66D26E4C760D}: NameServer = 192.168.1.10,4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.comwide.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C4F9B11-0A4F-4936-8933-ADB7EDE94782}: NameServer = 192.168.1.10,4.2.2.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.comwide.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C4F9B11-0A4F-4936-8933-ADB7EDE94782}: NameServer = 192.168.1.10,4.2.2.1
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CRI Remote Admin Manager (CRISocketService) - Creditor Resources, Inc. - c:\cfw32\prgms\services\crisocketservice.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9448 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68FF9E0F-2E96-4467-87FA-1A8B9734C7E7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-05 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{68FF9E0F-2E96-4467-87FA-1A8B9734C7E7}
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-11 16267776]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-07 141848]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-07 137752]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-07-10 1036288]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2007-08-08 831488]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-05 148888]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-06-02 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-06-23 85696]
"WinSys2"=C:\WINDOWS\system32\winsys2.exe [2009-10-12 208896]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143360]
"18833326"=C:\DOCUME~1\ALLUSE~1\APPLIC~1\18833326\18833326.exe [2010-05-14 904208]
"sniffer"=C:\WINDOWS\Temp\_ex-08.exe [2010-05-14 250880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ERS-Connect "=C:\PROGRA~1\ERSCON~1\ERSCON~1.EXE [2009-04-22 1142784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-04-29 5248312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-09-07 166424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-20 525824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2002-06-10 131584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l []

C:\Documents and Settings\melissa\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-06-23 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2006-02-14 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE"="C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Disabled:pcAnywhere Host Service"
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe"="C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

======List of files/folders created in the last 1 months======

2010-05-19 10:45:05 ----D---- C:\rsit
2010-05-19 10:45:05 ----D---- C:\Program Files\trend micro
2010-05-19 10:44:29 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-19 10:07:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-05-19 10:05:46 ----SHD---- C:\Config.Msi
2010-05-19 10:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-05-19 10:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-05-19 10:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-05-19 10:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-05-19 10:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-05-19 10:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-05-19 10:04:29 ----D---- C:\WINDOWS\system32\KB905474
2010-05-19 10:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-05-19 10:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-05-19 10:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-05-19 10:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-05-19 10:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-05-19 10:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-05-19 10:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-05-19 10:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-05-19 10:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-05-19 10:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-05-19 10:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-05-19 10:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-05-19 10:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-05-19 10:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-05-19 10:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-05-19 10:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-05-19 10:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-19 10:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-05-19 10:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-05-19 10:01:28 ----D---- C:\Program Files\MSXML 4.0
2010-05-19 10:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-05-19 10:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-05-14 10:59:29 ----HD---- C:\WINDOWS\PIF
2010-05-14 09:49:40 ----A---- C:\WINDOWS\system32\wpcap.dll
2010-05-14 09:49:40 ----A---- C:\WINDOWS\system32\Packet.dll
2010-05-14 09:45:24 ----D---- C:\Documents and Settings\melissa\Application Data\Malwarebytes
2010-05-14 09:45:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-14 09:45:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-14 09:39:17 ----D---- C:\Documents and Settings\All Users\Application Data\18833326
2010-05-12 12:09:01 ----D---- C:\Documents and Settings\melissa\Application Data\Yahoo!
2010-05-12 11:57:42 ----D---- C:\Documents and Settings\melissa\Application Data\Adobe
2010-05-12 11:44:19 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2010-05-12 11:42:28 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-05-12 11:41:19 ----D---- C:\Program Files\Yahoo!
2010-05-12 11:16:35 ----D---- C:\Documents and Settings\melissa\Application Data\Sun
2010-05-12 11:16:17 ----D---- C:\Documents and Settings\melissa\Application Data\OpenOffice.org
2010-05-12 11:12:15 ----D---- C:\Program Files\ERS Connect
2010-05-12 11:11:45 ----A---- C:\WINDOWS\msicpl.ini
2010-05-12 11:11:14 ----ASH---- C:\Documents and Settings\melissa\Application Data\desktop.ini
2010-05-12 11:11:13 ----D---- C:\Documents and Settings\melissa\Application Data\Macromedia
2010-05-12 11:11:13 ----D---- C:\Documents and Settings\melissa\Application Data\Identities
2010-05-12 11:11:13 ----D---- C:\Documents and Settings\melissa\Application Data\Google
2010-05-12 11:11:12 ----SD---- C:\Documents and Settings\melissa\Application Data\Microsoft
2010-05-12 11:11:12 ----D---- C:\Documents and Settings\melissa\Application Data\Symantec
2010-05-12 11:11:12 ----D---- C:\Documents and Settings\melissa\Application Data\Microsoft Web Folders
2010-05-12 10:57:34 ----D---- C:\WINDOWS\system32\AGEIA
2010-05-12 10:57:34 ----D---- C:\Program Files\AGEIA Technologies
2010-05-12 10:56:36 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2010-05-12 10:56:17 ----D---- C:\Program Files\NVIDIA Corporation
2010-05-12 10:56:14 ----RA---- C:\WINDOWS\system32\MadCHook.dll
2010-05-12 10:56:12 ----RA---- C:\WINDOWS\system32\smdll.dll
2010-05-12 10:56:11 ----RA---- C:\WINDOWS\system32\d3dx9_28.dll
2010-05-12 10:56:08 ----RA---- C:\WINDOWS\system32\d3dx9_27.dll
2010-05-12 10:56:04 ----RA---- C:\WINDOWS\system32\msvcr80.dll
2010-05-12 10:56:02 ----RA---- C:\WINDOWS\system32\Auxiliary.dll
2010-05-12 10:56:01 ----RA---- C:\WINDOWS\system32\WinSys2.exe
2010-05-12 10:55:59 ----RA---- C:\WINDOWS\system32\msicpl.dll

======List of files/folders modified in the last 1 months======

2010-05-19 10:45:05 ----RD---- C:\Program Files
2010-05-19 10:44:29 ----D---- C:\WINDOWS
2010-05-19 10:43:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-19 10:43:01 ----D---- C:\WINDOWS\security
2010-05-19 10:43:00 ----D---- C:\Program Files\Symantec AntiVirus
2010-05-19 10:42:31 ----D---- C:\WINDOWS\Temp
2010-05-19 10:42:16 ----SHD---- C:\WINDOWS\CSC
2010-05-19 10:29:00 ----D---- C:\WINDOWS\Prefetch
2010-05-19 10:17:50 ----D---- C:\WINDOWS\Microsoft.NET
2010-05-19 10:17:48 ----RSD---- C:\WINDOWS\assembly
2010-05-19 10:15:02 ----D---- C:\WINDOWS\system32
2010-05-19 10:15:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-19 10:10:42 ----D---- C:\WINDOWS\AppPatch
2010-05-19 10:08:00 ----HD---- C:\WINDOWS\inf
2010-05-19 10:07:54 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-19 10:06:33 ----SHD---- C:\WINDOWS\Installer
2010-05-19 10:06:16 ----D---- C:\WINDOWS\WinSxS
2010-05-19 10:05:08 ----A---- C:\WINDOWS\imsins.BAK
2010-05-19 10:05:06 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-05-19 10:05:06 ----D---- C:\WINDOWS\system32\drivers
2010-05-19 10:04:30 ----SD---- C:\WINDOWS\Tasks
2010-05-19 10:04:20 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-19 10:03:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-19 10:03:19 ----D---- C:\Program Files\Movie Maker
2010-05-19 10:01:48 ----D---- C:\Program Files\Outlook Express
2010-05-19 10:01:10 ----D---- C:\WINDOWS\system32\en-US
2010-05-19 10:01:10 ----D---- C:\Program Files\Internet Explorer
2010-05-19 10:01:02 ----D---- C:\WINDOWS\ie7updates
2010-05-18 14:39:10 ----A---- C:\WINDOWS\hpbafd.ini
2010-05-14 10:10:29 ----A---- C:\WINDOWS\CFW32USR.INI
2010-05-12 17:17:03 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-05-12 12:04:18 ----A---- C:\WINDOWS\ODBC.INI
2010-05-12 11:57:53 ----SHD---- C:\System Volume Information
2010-05-12 11:42:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-05-12 11:30:31 ----SHD---- C:\RECYCLER
2010-05-12 11:13:57 ----D---- C:\Program Files\InfoTronics, Inc
2010-05-12 11:11:29 ----A---- C:\WINDOWS\OEWABLog.txt
2010-05-12 11:11:11 ----D---- C:\Documents and Settings
2010-05-12 11:09:42 ----D---- C:\WINDOWS\system32\config
2010-05-12 11:02:36 ----D---- C:\Program Files\McAfee
2010-05-12 10:57:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-05-12 10:56:49 ----D---- C:\WINDOWS\Help
2010-04-30 11:51:08 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2005-11-21 11008]
S1 awecho;awecho; C:\WINDOWS\system32\drivers\awechomd.sys [2005-10-10 7552]
S1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-11-17 11165]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 42752]
S1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-22 267192]
S2 procguard;procguard; \??\C:\WINDOWS\system32\drivers\procguard.sys []
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-02-08 308736]
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-06-19 103424]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2006-04-07 67584]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-10-12 4387328]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091105.003\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091105.003\navex15.sys []
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2010-05-14 50704]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-22 17976]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-08 105472]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 awhost32;Symantec pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2006-02-14 106496]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-06-02 185968]
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-06-02 161392]
S2 CRISocketService;CRI Remote Admin Manager; c:\cfw32\prgms\services\crisocketservice.exe [2003-06-18 32768]
S2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-06-23 19648]
S2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-05 152984]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
S2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-06-23 124608]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-06-23 1715904]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-06-02 83568]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-01-19 2041536]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-22 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:53 PM

Posted 21 May 2010 - 10:16 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.


Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • mbam log
  • Gmer log
  • New Rsit log.txt

Thanks

unite.jpg


#3 teller1

teller1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 24 May 2010 - 08:00 AM

Sorry, my friend took their computer to be rebuilt yesterday. Tkanks for your help anyway.

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:53 PM

Posted 25 May 2010 - 08:41 AM

No problem, thanks for letting me know thumbup2.gif

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users