Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected with System Tools 2011

  • This topic is locked This topic is locked
2 replies to this topic

#1 Bunnycomman0


  • Members
  • 3 posts
  • Local time:10:09 PM

Posted 23 January 2011 - 10:07 PM

Hello, the computer is infected with "System Tools 2011". Malwarebytes and Windows Defender have currently been running for about an hour and so far they haven't picked up anything, so no dice there I guess. I tried following the instructions, but when I run the "Rk-Killer" in any of its various executables, a "security warning" pops up saying that the publisher could not be verified, and am I sure I want to run this software? Clicking "yes" gets black screen for a second or two then back to another popup. Booted computer in Safe Mode with Networking but back of screen is not black and does not display "Safe Mode" at the corners.

DDS file

DDS (Ver_10-12-12.02) - NTFSx86
Run by James at 21:28:15.29 on Sun 01/23/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1555 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Defender\msascui .exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\James\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "f:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [NetSweeperAgent] c:\progra~1\tvoblo~1\nsfx.exe
mRun: [NetSweeperLSPReset] "c:\program files\tvo blockit\instlsp.exe" -a -z "msafd tcpip" -n "liger" -d "c:\windows\system32\liger.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\liger.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229889993296
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229948964531
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\james\applic~1\mozilla\firefox\profiles\tvk7wfi2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\james\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R1 MpKsl2afa5080;MpKsl2afa5080;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{807f69ec-bc12-475d-9039-6880fdad67b3}\MpKsl2afa5080.sys [2011-1-23 28752]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-10-19 23096]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-7 38224]
S1 MpKsl97232ac2;MpKsl97232ac2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{807f69ec-bc12-475d-9039-6880fdad67b3}\MpKsl97232ac2.sys [2011-1-23 28752]
S2 gupdate1ca0b373d0dde0a;Google Update Service (gupdate1ca0b373d0dde0a);c:\program files\google\update\GoogleUpdate.exe [2009-7-22 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\james\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\james\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2008-10-19 3768]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-10-19 208896]
S4 nsfxsrv;nsfx service;c:\program files\tvo blockit\nsfxsrv.exe [2008-12-12 45056]

=============== Created Last 30 ================

2011-01-24 02:28:13 98816 ----a-w- c:\temp\8.tmp\SED.DAT
2011-01-24 02:28:13 518144 ----a-w- c:\temp\8.tmp\SWREG.DAT
2011-01-24 02:28:13 256512 ----a-w- c:\temp\8.tmp\PEV.DAT
2011-01-24 02:28:12 89088 ----a-w- c:\temp\8.tmp\MBR.DAT
2011-01-24 02:14:11 98816 ----a-w- c:\temp\rarsfx4\sed.exe
2011-01-24 02:14:11 31232 ----a-w- c:\temp\rarsfx4\nircmd.exe
2011-01-24 02:14:11 30720 ----a-w- c:\temp\rarsfx4\nircmdc.exe
2011-01-24 02:14:11 254976 ----a-w- c:\temp\rarsfx4\pev.exe
2011-01-24 02:14:11 161792 ----a-w- c:\temp\rarsfx4\swreg.exe
2011-01-24 02:14:10 31232 ----a-w- c:\temp\rarsfx4\nird\iexplore.exe
2011-01-24 02:14:10 254976 ----a-w- c:\temp\rarsfx4\procs\iexplore.exe
2011-01-24 02:14:10 1536 ----a-w- c:\temp\rarsfx4\h\iexplore.exe
2011-01-24 02:09:55 98816 ----a-w- c:\temp\rarsfx3\sed.exe
2011-01-24 02:09:55 161792 ----a-w- c:\temp\rarsfx3\swreg.exe
2011-01-24 02:09:54 31232 ----a-w- c:\temp\rarsfx3\nircmd.exe
2011-01-24 02:09:54 30720 ----a-w- c:\temp\rarsfx3\nircmdc.exe
2011-01-24 02:09:54 254976 ----a-w- c:\temp\rarsfx3\procs\iexplore.exe
2011-01-24 02:09:54 254976 ----a-w- c:\temp\rarsfx3\pev.exe
2011-01-24 02:09:53 31232 ----a-w- c:\temp\rarsfx3\nird\iexplore.exe
2011-01-24 02:09:53 1536 ----a-w- c:\temp\rarsfx3\h\iexplore.exe
2011-01-24 02:08:14 98816 ----a-w- c:\temp\rarsfx2\sed.exe
2011-01-24 02:08:14 161792 ----a-w- c:\temp\rarsfx2\swreg.exe
2011-01-24 02:08:13 31232 ----a-w- c:\temp\rarsfx2\nircmd.exe
2011-01-24 02:08:13 30720 ----a-w- c:\temp\rarsfx2\nircmdc.exe
2011-01-24 02:08:13 254976 ----a-w- c:\temp\rarsfx2\procs\iexplore.exe
2011-01-24 02:08:13 254976 ----a-w- c:\temp\rarsfx2\pev.exe
2011-01-24 02:08:12 31232 ----a-w- c:\temp\rarsfx2\nird\iexplore.exe
2011-01-24 02:08:12 1536 ----a-w- c:\temp\rarsfx2\h\iexplore.exe
2011-01-24 02:08:00 719873 ----a-w- c:\temp\content.ie5\m532nk3f\WiNlOgOn[1].exe
2011-01-24 02:07:07 98816 ----a-w- c:\temp\rarsfx1\sed.exe
2011-01-24 02:07:07 161792 ----a-w- c:\temp\rarsfx1\swreg.exe
2011-01-24 02:07:06 31232 ----a-w- c:\temp\rarsfx1\nircmd.exe
2011-01-24 02:07:06 30720 ----a-w- c:\temp\rarsfx1\nircmdc.exe
2011-01-24 02:07:06 254976 ----a-w- c:\temp\rarsfx1\pev.exe
2011-01-24 02:07:05 31232 ----a-w- c:\temp\rarsfx1\nird\iexplore.exe
2011-01-24 02:07:05 254976 ----a-w- c:\temp\rarsfx1\procs\iexplore.exe
2011-01-24 02:07:05 1536 ----a-w- c:\temp\rarsfx1\h\iexplore.exe
2011-01-24 02:06:46 719873 ----a-w- c:\temp\content.ie5\xj3etoje\uSeRiNiT[1].exe
2011-01-24 02:05:47 98816 ----a-w- c:\temp\rarsfx0\sed.exe
2011-01-24 02:05:47 31232 ----a-w- c:\temp\rarsfx0\nircmd.exe
2011-01-24 02:05:47 30720 ----a-w- c:\temp\rarsfx0\nircmdc.exe
2011-01-24 02:05:47 254976 ----a-w- c:\temp\rarsfx0\pev.exe
2011-01-24 02:05:47 161792 ----a-w- c:\temp\rarsfx0\swreg.exe
2011-01-24 02:05:46 31232 ----a-w- c:\temp\rarsfx0\nird\iexplore.exe
2011-01-24 02:05:46 254976 ----a-w- c:\temp\rarsfx0\procs\iexplore.exe
2011-01-24 02:05:46 1536 ----a-w- c:\temp\rarsfx0\h\iexplore.exe
2011-01-24 02:05:21 719873 ----a-w- c:\temp\content.ie5\m532nk3f\iExplore[1].exe
2011-01-24 01:59:05 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{415f8c00-d92d-4672-b3f3-ac9ad9585d70}\mpengine.dll
2011-01-24 01:40:10 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{807f69ec-bc12-475d-9039-6880fdad67b3}\MpKsl2afa5080.sys
2011-01-23 22:35:56 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{807f69ec-bc12-475d-9039-6880fdad67b3}\MpKsl97232ac2.sys
2011-01-23 22:33:06 1093 ----a-w- c:\temp\content.ie5\m532nk3f\pack[2].exe
2011-01-23 22:33:00 1093 ----a-w- c:\temp\content.ie5\m532nk3f\pack[1].exe
2011-01-23 17:04:14 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{807f69ec-bc12-475d-9039-6880fdad67b3}\mpengine.dll
2011-01-08 16:59:25 -------- d-----w- c:\docume~1\james\locals~1\applic~1\Yahoo
2011-01-08 16:52:59 -------- d-----w- c:\program files\Yahoo!
2010-12-28 14:27:26 -------- d-----w- C:\ProgramData
2010-12-28 14:27:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Electronic Arts
2010-12-28 03:48:42 -------- d-----w- c:\program files\Microsoft WSE

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2007-06-20 19:16:30 15732984 ----a-w- c:\program files\Google_Earth_BZXD.exe

============= FINISH: 21:31:42.78 ===============

Attached Files

BC AdBot (Login to Remove)


#2 Casey_boy


    Bleeping physicist

  • Malware Response Team
  • 7,765 posts
  • Gender:Male
  • Location:UK
  • Local time:03:09 AM

Posted 30 January 2011 - 11:10 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

Thanks and again sorry for the delay.


If I have been helping you and I do not reply within 48hours, feel free to send me a PM.

* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *

#3 Blade


    Strong in the Bleepforce

  • Site Admin
  • 12,790 posts
  • Gender:Male
  • Location:US
  • Local time:10:09 PM

Posted 07 February 2011 - 09:59 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users