Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

icity scour google firefox redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 maltesemanTS

maltesemanTS

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 24 June 2011 - 12:10 PM

Two issues:

1) My Start Menu folders are all empty but my programs still shown up in add/remove programs.

2) IE and Firefox browsers get redirected through icity, scour, etc when clicking on a google search engine result.

Please help. thanks.

DDS scan complete:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Jerry at 9:57:40 on 2011-06-24
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.190 [GMT -7:00]
.
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security Netbook Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security Netbook Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\igfxext.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\PrintIsolationHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{0614C2EA-FE0A-4AD4-AC7D-4E8B619BC1EE} : DhcpNameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{0614C2EA-FE0A-4AD4-AC7D-4E8B619BC1EE}\2423937303 : DhcpNameServer = 24.94.163.32
TCP: Interfaces\{0614C2EA-FE0A-4AD4-AC7D-4E8B619BC1EE}\2456C6B696E6F574F505C65737F5D494D4F4F5537353439333 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0614C2EA-FE0A-4AD4-AC7D-4E8B619BC1EE}\76575637477796669602D623 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{0614C2EA-FE0A-4AD4-AC7D-4E8B619BC1EE}\C496C6C69656C414E4 : DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{BC5B23E3-2827-47C0-88BF-E98B166A2B7E} : DhcpNameServer = 192.168.0.1 205.171.3.65
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jerry\appdata\roaming\mozilla\firefox\profiles\n8rq248z.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\SymDS.sys [2011-6-11 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\SymEFA.sys [2011-6-11 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-16 810616]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\ipsdefs\20110623.002\IDSvix86.sys [2011-6-23 367736]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\Ironx86.sys [2011-6-11 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1206000.01d\symnets.sys [2011-6-11 296568]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\norton utilities 15\tools\disk doctor\DiskDoctorSrv.exe [2011-4-10 1029480]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccSvcHst.exe [2011-6-11 130008]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-11-15 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.3.198\ccSvcHst.exe [2010-11-15 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-12 105592]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-11-15 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-15 277536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [2006-11-7 46976]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-11-15 189984]
S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2011-4-10 128248]
S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2011-4-10 108800]
.
=============== Created Last 30 ================
.
2011-06-24 16:56:51 70144 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL
2011-06-24 16:52:08 -------- d-----w- c:\windows\system32\SPReview
2011-06-24 16:29:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-24 03:48:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-24 03:48:25 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-24 03:48:12 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-24 02:07:03 -------- d-----w- c:\users\jerry\appdata\local\Mozilla
2011-06-22 10:19:20 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-22 05:08:43 -------- d-----w- c:\windows\system32\EventProviders
2011-06-21 10:00:25 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-21 09:58:23 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-20 20:24:47 -------- d-----w- c:\users\jerry\appdata\local\Microsoft Help
2011-06-17 03:44:26 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-17 03:44:26 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 03:44:26 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 03:44:20 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 03:44:20 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 03:44:20 1286016 ----a-w- c:\windows\system32\drivers\tcpip(101).sys
2011-06-17 03:44:08 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 03:44:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-17 03:43:35 599552 ----a-w- c:\windows\system32\msfeeds(107).dll
2011-06-17 03:43:33 67072 ----a-w- c:\windows\system32\mshtmled(108).dll
2011-06-17 03:43:33 185856 ----a-w- c:\windows\system32\iepeers(106).dll
2011-06-17 03:43:20 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 03:43:20 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20(100).sys
2011-06-17 03:43:20 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 03:43:20 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-12 11:46:35 -------- d-----w- c:\users\jerry\appdata\local\{A8419178-98DA-4EF4-A20D-2B89C24A1E18}
2011-06-11 17:23:19 744568 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\SymEFA.sys
2011-06-11 17:23:19 516216 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-06-11 17:23:19 50168 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
2011-06-11 17:23:19 340088 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\SymDS.sys
2011-06-11 17:23:19 296568 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
2011-06-11 17:23:18 136312 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\Ironx86.sys
2011-06-11 17:22:32 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D
2011-06-11 17:02:52 -------- d-----w- C:\NIS
2011-06-11 17:00:34 5422868 ----a-w- c:\users\jerry\NIS-NETBOOK-ESD-18-6-0-29-EN.exe
2011-06-11 15:32:35 -------- d--h--w- c:\users\jerry\appdata\local\NPE
2011-06-11 15:31:32 2558968 ---ha-w- c:\users\jerry\NPE.exe
2011-06-10 12:27:05 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e3ef5f98-b4a7-4935-8b87-8aae15af79bc}\mpengine.dll
2011-06-04 12:36:57 -------- d--h--w- c:\users\jerry\appdata\roaming\SupportSoft
2011-06-04 12:31:18 -------- d-----w- c:\program files\common files\supportsoft
2011-06-03 11:51:35 -------- d--h--w- c:\users\jerry\appdata\local\{67F300BF-A7DC-4D9E-AFFA-BC6C1CB0B175}
2011-06-03 11:51:35 -------- d--h--w- c:\users\jerry\appdata\local\{435D62A6-89F4-4B17-AEDB-C06875A2716D}
2011-06-01 11:05:23 -------- d-----w- c:\users\jerry\appdata\local\ElevatedDiagnostics
2011-06-01 10:35:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-11 17:23:41 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump(98).sys
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
.
============= FINISH: 9:59:59.80 ===============

Edited by maltesemanTS, 24 June 2011 - 12:24 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 25 June 2011 - 04:43 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Any underlined text in my posts indicates a clickable link.
  • If you have any questions at all, please stop and ask before proceeding.
Posted Image Download unhide.exe saving it to your desktop
  • Right click on unhide.exe and select Run as administrator
  • Reboot
Posted Image Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If you have trouble running GEMR:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode
Please include the following in your next post:
  • GMER log
  • The Attach.txt log from DDS

Edited by RPMcMurphy, 25 June 2011 - 04:43 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 30 June 2011 - 08:32 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users