Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart Engine Virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 totallyterry

totallyterry

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 22 October 2010 - 08:10 PM

I'm trying to follow the instructions I was sent but one of the files is too big to attach. What should I do now? I'm including all of the other reports.


DDS (Ver_10-10-21.02) - NTFSx86
Run by Terry Buse at 16:25:05.00 on Fri 10/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.51 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\Terry Buse\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://search.live.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://www.msn.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: {0001222d-7613-4b51-80dd-e15e5892ee61} - c:\windows\system32\camocx32.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: 18577ff4: {735dcfb2-b6a1-08ca-8f23-226391244ba7} - c:\windows\system32\divx_xx1132.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-908B-27FCD4A32E85} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {90C61707-C8F8-43DB-A25C-C1F4B18EE41E} - No File
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mExplorerRun: [RTHDBPL] c:\docume~1\terryb~1\locals~1\temp\13.tmp
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 0 = msseces.exe
uPolicies-disallowrun: 1 = MSASCui.exe
uPolicies-disallowrun: 2 = ekrn.exe
uPolicies-disallowrun: 3 = egui.exe
uPolicies-disallowrun: 4 = avgnt.exe
uPolicies-disallowrun: 5 = avcenter.exe
uPolicies-disallowrun: 6 = avscan.exe
uPolicies-disallowrun: 7 = avgfrw.exe
uPolicies-disallowrun: 8 = avgui.exe
uPolicies-disallowrun: 9 = avgtray.exe
uPolicies-disallowrun: 10 = avgscanx.exe
uPolicies-disallowrun: 11 = avgcfgex.exe
uPolicies-disallowrun: 12 = avgemc.exe
uPolicies-disallowrun: 13 = avgchsvx.exe
uPolicies-disallowrun: 14 = avgcmgr.exe
uPolicies-disallowrun: 15 = avgwdsvc.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: doginhispen.com
Trusted Zone: whataboutadog.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272910660906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.164.126,93.188.160.206
TCP: {654B109E-4F4A-4409-BB6E-01F7F3B25ABD} = 93.188.164.126,93.188.160.206
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe

Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 74.55.76.231 www.google.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-8 24652]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]

=============== Created Last 30 ================

2010-10-22 00:33:25 -------- d-----w- c:\docume~1\terryb~1\locals~1\applic~1\Threat Expert
2010-10-19 02:54:50 -------- d-sh--w- c:\docume~1\terryb~1\applic~1\Smart Engine
2010-10-19 02:47:51 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SMRGHE
2010-10-19 02:35:22 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\a792b9
2010-10-19 00:45:45 200704 ----a-w- c:\windows\Vbelya.exe
2010-10-18 03:40:21 6084944 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{d17c40ec-9778-4632-8bd6-33ce2f6e7c39}\mpengine.dll
2010-10-15 23:21:05 -------- d-----w- c:\docume~1\terryb~1\applic~1\HTSK
2010-10-15 23:16:48 11017752 ----a-w- c:\program files\InstallHTSK.exe
2010-10-13 01:07:03 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 01:07:00 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 01:03:00 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-10-19 23:49:58 13063352 ----a-w- c:\program files\mssefullinstall-x86fre-en-us-xp.exe
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-20 02:15:56 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-16 01:49:09 16847824 ----a-w- c:\program files\avc-free.exe
2010-08-07 01:47:06 44468672 ----a-w- c:\program files\Evernote_3.5.5.2672.exe
2010-08-02 00:07:54 141 ----a-w- c:\documents and settings\terry buse\udpcrawl.tmp
2010-07-30 04:16:52 0 ---ha-w- c:\documents and settings\terry buse\ngxkwksyzg.tmp
2010-07-29 03:03:18 203776 --sh--w- c:\windows\system32\unrar.exe
2010-07-10 03:32:34 24225048 ----a-w- c:\program files\TuneUpInst-1.6.9.exe
2010-06-26 17:15:32 19356934 ----a-w- c:\program files\videora-xbox360-504-setup.exe
2010-06-26 00:05:15 818200 ----a-w- c:\program files\RealPlayerSPGold.exe
2010-06-25 02:16:04 9393167 ----a-w- c:\program files\fhvc.exe
2010-06-19 22:06:58 10112919 ----a-w- c:\program files\free-dvd-ripper-setup.exe
2010-06-19 20:51:49 18540656 ----a-w- c:\program files\agree-free-rip-dvd-to-avi-wmv-ripper.exe
2010-06-19 20:22:57 10381184 ----a-w- c:\program files\CheetahDVDBurner.exe
2010-06-19 20:01:14 2977913 ----a-w- c:\program files\FlyDVDCopier49.exe
2010-06-19 19:20:11 6499666 ----a-w- c:\program files\VDownloaderSetup.exe
2010-06-19 18:43:39 2967978 ----a-w- c:\program files\Topviewsoft_FreeDVDRipper.exe
2010-05-15 00:18:56 2592840 ----a-w- c:\program files\OrbitDownloaderSetup3005.exe
2010-03-18 02:14:05 2577824 ----a-w- c:\program files\OrbitDownloaderSetup.exe
2010-02-06 23:18:35 498296 ----a-w- c:\program files\BitZipperH2009.v4521364.TrialSetup-en-pl-techpro.exe
2009-12-05 03:17:19 3096366 ----a-w- c:\program files\YouTubeDownloaderSetup253b.exe
2009-11-22 22:20:03 1990904 ----a-w- c:\program files\setup_basketball_playbook_010.exe
2009-09-09 20:57:59 4114552 ----a-w- c:\program files\extensionfile.v5_10501.exe
2009-09-06 19:52:03 3096261 ----a-w- c:\program files\youtubedownloader.exe
2009-08-17 18:59:58 4181608 ----a-w- c:\program files\abiword_8798.exe
2009-08-01 21:18:38 421346 ----a-w- c:\program files\Lame_v3.98.2_for_Audacity_on_Windows.exe
2009-08-01 21:08:40 7989419 ----a-w- c:\program files\audacity-win-unicode-1.3.8.exe
2009-05-23 01:06:44 106942640 ----a-w- c:\program files\SMC_4_256.exe
2009-05-16 15:38:03 11655023 ----a-w- c:\program files\TVersitySetup_1_5_0_0.exe
2009-05-15 00:46:34 9601912 ----a-w- c:\program files\videoraxbox360converter_Installer.exe
2009-04-11 00:34:15 25569440 ----a-w- c:\program files\setup.exe
2009-03-28 16:23:13 7722680 ----a-w- c:\program files\fcrsetup.exe
2009-02-19 23:21:42 10001469 ----a-w- c:\program files\tvc.exe
2009-01-06 01:17:02 2131320 ----a-w- c:\program files\wzipse31.exe
2009-01-06 00:59:17 10511712 ----a-w- c:\program files\winzip120.exe
2008-09-25 02:00:01 240536 ----a-w- c:\program files\k9-webprotection.exe
2008-08-12 03:58:52 46995544 ----a-w- c:\program files\mm4wm_lite_enu.exe
2008-08-09 21:00:03 27024112 ----a-w- c:\program files\PowerPointViewer.exe
2008-07-08 14:31:22 14287528 ----a-w- c:\program files\Install_AIM.exe
2008-06-28 14:04:45 9722720 ----a-w- c:\program files\spybotsd152.exe
2007-08-10 17:39:50 972730 ----a-w- c:\program files\bvort42.exe
2006-09-17 02:31:18 449727 ----a-w- c:\program files\aspi_v470.exe
2006-09-17 02:25:08 288433 ----a-w- c:\program files\aspi.exe
2006-09-17 01:42:59 1110148 ----a-w- c:\program files\cdtomp3freeware.exe
2006-09-17 01:27:38 1184625 ----a-w- c:\program files\AltoMP3_install.exe
2006-09-09 17:35:43 1573203 ----a-w- c:\program files\waveatmp3_setup.exe
2006-09-09 01:36:24 745744 ----a-w- c:\program files\smartwavconvertersetup.exe
2006-06-27 23:07:52 1813986 ----a-w- c:\program files\jppcrtr.exe
2006-03-22 00:45:44 15487432 ----a-w- c:\program files\DivXPlay.exe
2006-02-04 05:11:07 2028640 ----a-w- c:\program files\sp1aexpress_usa.exe
2005-11-17 23:02:37 9055312 ----a-w- c:\program files\ssfsetup1_1830093517.exe
2005-11-10 22:54:10 6860424 ----a-w- c:\program files\MicrosoftAntiSpywareInstall.exe
2005-11-06 20:26:33 1258905 ----a-w- c:\program files\aresp2psetup.exe
2005-10-31 03:05:20 5460528 ----a-w- c:\program files\sdsetup.exe
2005-08-02 19:13:53 8879336 ----a-w- c:\program files\RAM_3513d_E.exe
2005-02-19 23:49:50 3818184 -c--a-w- c:\program files\agentenu200-652.exe
2005-01-31 02:10:48 7741352 -c--a-w- c:\program files\DivX521XP2K.exe
2004-07-21 21:52:37 10864355 -c--a-w- c:\program files\smsv3.exe
2004-07-13 00:24:01 1372160 -c--a-w- c:\program files\ChknFt.exe
2004-06-17 00:20:46 2377178 -c--a-w- c:\program files\WinDom362.exe
2004-06-01 20:46:56 484984 -c--a-w- c:\program files\msgr6suite.exe
2003-11-30 05:04:07 9134648 -c--a-w- c:\program files\AdbeRdr60_enu.exe

============= FINISH: 16:28:19.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 PM

Posted 22 October 2010 - 09:33 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Do not Attach logs unless I ask you to.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 PM

Posted 24 October 2010 - 11:23 PM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 PM

Posted 28 October 2010 - 04:03 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users