WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Message I get from the icon to System Tool malware after removing the malware.

2 posters

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.26th November 2010, 7:59 pm

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.28th November 2010, 8:37 pm

more_horiz
Hi,

How is your computer running now?

............................................................................................

I'm livin' life in the fast lane.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.29th November 2010, 1:02 am

more_horiz
On my anti maleware software, malewarebytes, it still finds a rootkit agent on the quick scan. I alway remove it but as soon as the computer starts up again it is back. When I did one of the scans I was told too, I believe the combo.ex one, my computer beep and it did say it had found my Master Boot to be infected. I have wonder if I did the log correctly for that scan since afterwards I couldn't get on the net and ende up retarting the comp and the scan started again and I took that log, after that I had started saving the logs ahead of time so I can get them back to paste up if I had to restart. Down below I'm pasting my log from the anit malware program, malewarebytes just incase it might help.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.29th November 2010, 1:03 am

more_horiz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5067

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/28/2010 4:55:42 PM
mbam-log-2010-11-28 (16-55-42).txt

Scan type: Quick scan
Objects scanned: 146618
Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\Drivers\ckavutdwa.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.29th November 2010, 1:03 am

more_horiz
Even though it get deleted, it is always back when i start up the computer.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.30th November 2010, 5:40 pm

more_horiz
Hey,

I am going to have to get a little help on this one. It seems to bypass everything I throw at it.

............................................................................................

I'm livin' life in the fast lane.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.30th November 2010, 5:55 pm

more_horiz
Alrighty and yeah, this thing has been a pain Sad tearing

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.4th December 2010, 11:36 pm

more_horiz
Hi,

My apologies for the delay.

Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

=============

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.

............................................................................................

I'm livin' life in the fast lane.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyTDSSKiller log5th December 2010, 3:03 am

more_horiz
2010/12/04 18:59:26.0705 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/04 18:59:26.0705 ================================================================================
2010/12/04 18:59:26.0705 SystemInfo:
2010/12/04 18:59:26.0705
2010/12/04 18:59:26.0705 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/04 18:59:26.0705 Product type: Workstation
2010/12/04 18:59:26.0705 ComputerName: MIKEPC
2010/12/04 18:59:26.0705 UserName: Imy
2010/12/04 18:59:26.0705 Windows directory: C:\Windows
2010/12/04 18:59:26.0705 System windows directory: C:\Windows
2010/12/04 18:59:26.0705 Processor architecture: Intel x86
2010/12/04 18:59:26.0705 Number of processors: 2
2010/12/04 18:59:26.0705 Page size: 0x1000
2010/12/04 18:59:26.0705 Boot type: Normal boot
2010/12/04 18:59:26.0705 ================================================================================
2010/12/04 18:59:27.0298 Initialize success
2010/12/04 18:59:31.0697 ================================================================================
2010/12/04 18:59:31.0697 Scan started
2010/12/04 18:59:31.0697 Mode: Manual;
2010/12/04 18:59:31.0697 ================================================================================
2010/12/04 18:59:35.0519 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/04 18:59:36.0080 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/04 18:59:36.0533 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/04 18:59:37.0188 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/04 18:59:37.0750 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/04 18:59:38.0530 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/04 18:59:39.0107 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/12/04 18:59:39.0622 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/04 18:59:40.0448 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2010/12/04 18:59:41.0353 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/12/04 18:59:41.0915 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2010/12/04 18:59:42.0445 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/04 18:59:42.0804 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/12/04 18:59:43.0584 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/12/04 18:59:44.0286 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/04 18:59:44.0707 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/04 18:59:45.0550 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/04 18:59:45.0924 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/04 18:59:46.0876 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/04 18:59:47.0468 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/12/04 18:59:48.0404 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/04 18:59:49.0496 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/04 18:59:49.0918 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/04 18:59:50.0308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/04 18:59:51.0025 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/04 18:59:51.0665 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/04 18:59:52.0211 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/04 18:59:53.0006 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/04 18:59:53.0506 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/04 18:59:54.0956 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/04 18:59:55.0643 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/04 18:59:56.0735 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\Windows\system32\drivers\cfwids.sys
2010/12/04 18:59:57.0156 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/04 18:59:57.0172 Suspicious service (NoAccess): ckavutdwa
2010/12/04 18:59:57.0749 ckavutdwa (15f02f21a907aab0ad140eb628a13b17) C:\Windows\system32\drivers\ckavutdwa.sys
2010/12/04 18:59:57.0764 Suspicious file (NoAccess): C:\Windows\system32\drivers\ckavutdwa.sys. md5: 15f02f21a907aab0ad140eb628a13b17
2010/12/04 18:59:57.0764 ckavutdwa - detected Locked service (1)
2010/12/04 18:59:58.0170 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/04 18:59:58.0607 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/04 18:59:59.0168 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2010/12/04 18:59:59.0574 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/04 19:00:00.0245 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/04 19:00:00.0713 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/04 19:00:01.0165 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/04 19:00:01.0774 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/04 19:00:02.0476 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/04 19:00:03.0224 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/04 19:00:03.0817 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/04 19:00:04.0550 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/04 19:00:05.0174 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/04 19:00:05.0689 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
2010/12/04 19:00:05.0861 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
2010/12/04 19:00:06.0110 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/04 19:00:06.0510 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/04 19:00:06.0956 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/04 19:00:07.0283 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/04 19:00:08.0266 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/04 19:00:09.0171 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/04 19:00:09.0639 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/04 19:00:09.0982 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/04 19:00:10.0559 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/04 19:00:10.0903 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/04 19:00:11.0402 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/04 19:00:11.0885 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/04 19:00:12.0260 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/04 19:00:12.0728 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/04 19:00:13.0087 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/04 19:00:13.0399 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/04 19:00:14.0101 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/04 19:00:14.0522 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/04 19:00:15.0005 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/04 19:00:15.0645 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/04 19:00:15.0863 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/04 19:00:17.0049 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
2010/12/04 19:00:17.0470 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/04 19:00:18.0172 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/04 19:00:18.0609 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/04 19:00:19.0295 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/04 19:00:20.0731 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/04 19:00:22.0197 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/04 19:00:22.0337 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/04 19:00:22.0618 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/04 19:00:22.0837 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/12/04 19:00:22.0930 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/04 19:00:23.0273 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/04 19:00:23.0554 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/04 19:00:23.0819 JL2005C (d0cf54a5e47110e1d13728f75c54c620) C:\Windows\system32\Drivers\jl2005c.sys
2010/12/04 19:00:24.0116 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/04 19:00:24.0350 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/04 19:00:24.0802 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/04 19:00:25.0348 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/04 19:00:25.0442 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/04 19:00:25.0707 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/04 19:00:25.0972 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/04 19:00:26.0237 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/04 19:00:26.0627 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/04 19:00:26.0705 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/04 19:00:26.0768 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\Windows\system32\drivers\mfeapfk.sys
2010/12/04 19:00:27.0080 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\Windows\system32\drivers\mfeavfk.sys
2010/12/04 19:00:27.0532 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\Windows\system32\drivers\mfebopk.sys
2010/12/04 19:00:27.0829 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\Windows\system32\drivers\mfefirek.sys
2010/12/04 19:00:28.0047 mfehidk (32f7298664874715ce469a79078853c4) C:\Windows\system32\drivers\mfehidk.sys
2010/12/04 19:00:28.0203 mfenlfk (e920bfd5837aed4aef903cf1c7d3949e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/12/04 19:00:28.0687 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\Windows\system32\drivers\mferkdet.sys
2010/12/04 19:00:29.0217 mfewfpk (dcfbf068951fb4086c6aef99c6330516) C:\Windows\system32\drivers\mfewfpk.sys
2010/12/04 19:00:29.0841 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/04 19:00:30.0496 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/04 19:00:30.0995 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/04 19:00:31.0729 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/04 19:00:32.0228 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/04 19:00:32.0633 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/04 19:00:33.0039 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/04 19:00:33.0429 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/04 19:00:33.0694 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/04 19:00:33.0913 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/04 19:00:34.0115 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/04 19:00:34.0412 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/04 19:00:35.0005 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2010/12/04 19:00:35.0878 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/04 19:00:36.0299 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/04 19:00:36.0799 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/04 19:00:37.0875 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/04 19:00:39.0014 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/04 19:00:39.0373 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/04 19:00:39.0934 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/04 19:00:40.0293 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/04 19:00:40.0683 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/04 19:00:40.0886 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/04 19:00:41.0026 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/04 19:00:41.0307 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/04 19:00:41.0479 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/04 19:00:41.0525 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/04 19:00:41.0681 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/04 19:00:41.0744 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/04 19:00:42.0056 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/04 19:00:42.0181 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/04 19:00:42.0664 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/04 19:00:43.0132 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/04 19:00:43.0397 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/04 19:00:43.0647 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/04 19:00:44.0021 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/04 19:00:44.0131 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/04 19:00:45.0145 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/04 19:00:46.0127 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/04 19:00:46.0283 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/12/04 19:00:46.0377 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/12/04 19:00:46.0767 NWADI (9edf6fd48a9eb4afdf225eb9c5111df6) C:\Windows\system32\drivers\nwadienum.sys
2010/12/04 19:00:47.0063 NWDellModem (1a859f70728cad712f90f9953667ad7f) C:\Windows\system32\DRIVERS\nwdelmdm.sys
2010/12/04 19:00:47.0313 NWDellPort (1a859f70728cad712f90f9953667ad7f) C:\Windows\system32\DRIVERS\nwdelser.sys
2010/12/04 19:00:47.0531 NWDellPort2 (1a859f70728cad712f90f9953667ad7f) C:\Windows\system32\drivers\nwdelser2.sys
2010/12/04 19:00:47.0828 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/04 19:00:48.0171 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/04 19:00:48.0249 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/04 19:00:48.0327 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/04 19:00:48.0545 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2010/12/04 19:00:48.0733 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/04 19:00:48.0795 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/12/04 19:00:49.0091 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/04 19:00:49.0310 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/04 19:00:49.0809 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/04 19:00:50.0293 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/04 19:00:50.0761 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/04 19:00:51.0182 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/04 19:00:52.0040 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/04 19:00:52.0664 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/04 19:00:53.0069 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/04 19:00:54.0193 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/04 19:00:55.0097 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/04 19:00:55.0784 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/04 19:00:56.0314 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/04 19:00:56.0767 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/04 19:00:57.0079 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/04 19:00:57.0437 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/04 19:00:58.0217 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/12/04 19:00:58.0795 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/04 19:00:59.0512 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/04 19:01:00.0183 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/12/04 19:01:00.0760 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/12/04 19:01:01.0587 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/12/04 19:01:02.0195 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
2010/12/04 19:01:02.0492 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/04 19:01:02.0554 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/04 19:01:03.0038 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/04 19:01:03.0459 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/04 19:01:03.0833 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/04 19:01:04.0301 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/04 19:01:04.0723 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/04 19:01:05.0331 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2010/12/04 19:01:05.0705 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/04 19:01:06.0173 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/04 19:01:06.0517 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/04 19:01:06.0829 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/12/04 19:01:06.0907 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/04 19:01:07.0203 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/04 19:01:07.0312 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/04 19:01:07.0484 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/04 19:01:07.0593 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/04 19:01:07.0811 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/04 19:01:07.0874 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/04 19:01:08.0139 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
2010/12/04 19:01:08.0435 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/04 19:01:08.0607 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/04 19:01:08.0685 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/04 19:01:08.0763 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/04 19:01:08.0872 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/04 19:01:09.0512 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/04 19:01:09.0824 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/04 19:01:09.0980 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/04 19:01:10.0370 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/04 19:01:11.0025 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/04 19:01:11.0431 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/04 19:01:11.0867 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/04 19:01:12.0429 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/04 19:01:12.0850 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/04 19:01:13.0178 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/04 19:01:13.0802 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/04 19:01:14.0348 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/04 19:01:14.0909 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/04 19:01:15.0284 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/04 19:01:15.0502 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/04 19:01:15.0580 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/04 19:01:16.0079 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/04 19:01:16.0360 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/04 19:01:16.0875 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/04 19:01:17.0749 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/04 19:01:18.0326 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/04 19:01:18.0778 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/04 19:01:19.0605 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/04 19:01:20.0151 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/04 19:01:20.0666 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/04 19:01:20.0993 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/04 19:01:21.0383 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/04 19:01:21.0742 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/12/04 19:01:22.0023 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/04 19:01:22.0491 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2010/12/04 19:01:22.0803 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/04 19:01:23.0115 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/04 19:01:23.0427 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/04 19:01:23.0708 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/04 19:01:24.0332 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/04 19:01:24.0472 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/04 19:01:24.0519 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/04 19:01:24.0644 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2010/12/04 19:01:24.0878 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/04 19:01:24.0940 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/04 19:01:25.0268 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/04 19:01:25.0517 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2010/12/04 19:01:25.0689 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/04 19:01:25.0845 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/04 19:01:25.0907 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/04 19:01:26.0095 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/04 19:01:26.0204 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/04 19:01:26.0360 ================================================================================
2010/12/04 19:01:26.0360 Scan finished
2010/12/04 19:01:26.0360 ================================================================================
2010/12/04 19:01:26.0391 Detected object count: 1
2010/12/04 19:01:59.0276 Locked service(ckavutdwa) - User select action: Skip

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyMBR Log5th December 2010, 3:11 am

more_horiz
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1720
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 163):
0x82A1B000 \SystemRoot\system32\ntkrnlpa.exe
0x82DD4000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x805B2000 \SystemRoot\system32\drivers\klmdb.sys
0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80695000 \SystemRoot\system32\drivers\acpi.sys
0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EC000 \SystemRoot\system32\drivers\pci.sys
0x80713000 \SystemRoot\System32\Drivers\ckavutdwa.sys
0x807D2000 \SystemRoot\System32\drivers\partmgr.sys
0x807E1000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807E4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x807EE000 \SystemRoot\system32\drivers\volmgr.sys
0x8340C000 \SystemRoot\System32\drivers\volmgrx.sys
0x83456000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8345D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8346B000 \SystemRoot\system32\drivers\pciide.sys
0x83472000 \SystemRoot\System32\drivers\mountmgr.sys
0x83482000 \SystemRoot\system32\drivers\iastorv.sys
0x83522000 \SystemRoot\system32\drivers\iastor.sys
0x835E0000 \SystemRoot\system32\drivers\atapi.sys
0x805C4000 \SystemRoot\system32\drivers\ataport.SYS
0x83608000 \SystemRoot\system32\drivers\fltmgr.sys
0x8363A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8364A000 \SystemRoot\system32\drivers\mfehidk.sys
0x836A7000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x836B1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88A02000 \SystemRoot\system32\drivers\ndis.sys
0x88B0D000 \SystemRoot\system32\drivers\msrpc.sys
0x88B38000 \SystemRoot\system32\drivers\NETIO.SYS
0x88C0A000 \SystemRoot\System32\drivers\tcpip.sys
0x88CF4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88E03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F13000 \SystemRoot\system32\drivers\volsnap.sys
0x88F4C000 \SystemRoot\System32\Drivers\spldr.sys
0x88F54000 \SystemRoot\System32\Drivers\mup.sys
0x88F63000 \SystemRoot\System32\drivers\ecache.sys
0x88F8A000 \SystemRoot\system32\drivers\disk.sys
0x88F9B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88FBC000 \SystemRoot\system32\drivers\crcdisk.sys
0x88FE8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88FF3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88FD2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8D00A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D95B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8D95D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x88DCD000 \SystemRoot\System32\drivers\watchdog.sys
0x88DD9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x88B73000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88DE4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x83722000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DC04000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8DD06000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8DD16000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8DD26000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8DD34000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8DD4E000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8DD5C000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8DD70000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8DDC1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DDD4000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x88DF3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88BB1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88BBC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8DC00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88C00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x837AF000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DE0E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8DE4F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DE5A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DE71000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8DE7C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8DE9F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8DEAE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8DEC2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8DED7000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x8DEDD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DEED000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8DEEF000 \SystemRoot\system32\DRIVERS\ks.sys
0x8DF19000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DF23000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8DF30000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8DF65000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DF76000 \SystemRoot\system32\drivers\stwrt.sys
0x8DFCB000 \SystemRoot\system32\drivers\portcls.sys
0x88BD4000 \SystemRoot\system32\drivers\drmk.sys
0x8E20F000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8E24C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8E406000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8E4BA000 \SystemRoot\system32\drivers\modem.sys
0x8E4C7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E4D0000 \SystemRoot\System32\Drivers\Null.SYS
0x8E4D7000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E4DE000 \SystemRoot\System32\drivers\vga.sys
0x8E4EA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E50B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E513000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E51B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E526000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E534000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E53D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E553000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8E57A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E58E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E34F000 \SystemRoot\system32\drivers\afd.sys
0x8E5C0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E5D6000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x8E5E4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E397000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E3AA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E5F2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E3E6000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E801000 \SystemRoot\system32\drivers\mfeavfk.sys
0x8E825000 \SystemRoot\system32\drivers\mfefirek.sys
0x8E870000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E887000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E889000 \SystemRoot\system32\DRIVERS\nwdelmdm.sys
0x8E8A0000 \SystemRoot\system32\DRIVERS\nwdelser.sys
0x8E8B7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E8C4000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x976A0000 \SystemRoot\System32\win32k.sys
0x8E982000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E98C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x978C0000 \SystemRoot\System32\TSDDD.dll
0x978E0000 \SystemRoot\System32\cdd.dll
0x8E99B000 \SystemRoot\system32\drivers\luafv.sys
0x88D0F000 \SystemRoot\system32\drivers\spsys.sys
0x8E9BE000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x8E9EE000 \SystemRoot\system32\DRIVERS\elagopro.sys
0x837DE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9BC06000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9BC30000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9BC3A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9BC4D000 \SystemRoot\system32\drivers\HTTP.sys
0x9BCBA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9BCD7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9BCF0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9BD05000 \SystemRoot\system32\drivers\mrxdav.sys
0x9BD26000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9BD45000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9BD7E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9BD96000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D605000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D66B000 \SystemRoot\system32\DRIVERS\elaunidr.sys
0x9D66D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9D671000 \SystemRoot\system32\drivers\peauth.sys
0x9D74F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9D777000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D781000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D78D000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9D7B9000 \SystemRoot\system32\drivers\cfwids.sys
0x9D7C5000 \SystemRoot\system32\drivers\mfeapfk.sys
0x9D7DB000 \SystemRoot\system32\drivers\mfebopk.sys
0x9D7E6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77000000 \Windows\System32\ntdll.dll

Processes (total 91):
0 System Idle Process
4 System
556 C:\Windows\System32\smss.exe
632 csrss.exe
684 C:\Windows\System32\wininit.exe
700 csrss.exe
732 C:\Windows\System32\services.exe
764 C:\Windows\System32\lsass.exe
772 C:\Windows\System32\lsm.exe
916 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\nvvsvc.exe
984 C:\Windows\System32\winlogon.exe
1028 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\audiodg.exe
1352 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\SLsvc.exe
1400 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\nvvsvc.exe
1608 C:\Windows\System32\svchost.exe
1764 C:\Windows\System32\WLTRYSVC.EXE
1776 C:\Windows\System32\BCMWLTRY.EXE
1796 C:\Windows\System32\wlanext.exe
1880 C:\Windows\System32\spoolsv.exe
1924 C:\Windows\System32\svchost.exe
464 C:\Windows\System32\AEstSrv.exe
572 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
608 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
640 C:\Program Files\Bonjour\mDNSResponder.exe
724 C:\Windows\System32\dlcccoms.exe
1124 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
1548 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
1976 C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
2056 C:\Windows\System32\svchost.exe
2076 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
2204 C:\Program Files\Verizon\VSP\ServicepointService.exe
2224 C:\Windows\System32\stacsv.exe
2260 C:\Windows\System32\svchost.exe
2296 C:\Windows\System32\svchost.exe
2348 C:\Windows\System32\SearchIndexer.exe
2400 C:\Windows\System32\drivers\XAudio.exe
2428 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2448 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
2488 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
3000 C:\Windows\System32\taskeng.exe
3032 C:\Windows\System32\dwm.exe
3096 C:\Windows\explorer.exe
3112 C:\Windows\System32\taskeng.exe
3364 C:\Windows\System32\rundll32.exe
3836 WmiPrvSE.exe
2284 C:\Program Files\DellTPad\Apoint.exe
1432 C:\Program Files\DellTPad\ApMsgFwd.exe
2320 C:\Windows\System32\WLTRAY.EXE
2760 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3360 C:\Program Files\DellTPad\hidfind.exe
1932 C:\Program Files\DellTPad\ApntEx.exe
3468 C:\Program Files\Dell\MediaDirect\PCMService.exe
3304 C:\Program Files\Napster\napster.exe
1128 C:\Program Files\Java\jre6\bin\jusched.exe
1152 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
3580 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3428 C:\Windows\System32\rundll32.exe
820 C:\Program Files\iTunes\iTunesHelper.exe
1348 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2936 C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
3440 C:\Program Files\McAfee.com\Agent\mcagent.exe
2712 C:\Windows\ehome\ehtray.exe
2968 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
3132 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1020 C:\Program Files\Mediafly\Mediafly SyncClient\Mediafly.SyncClient.App.exe
2700 C:\Program Files\Windows Media Player\wmpnscfg.exe
1464 C:\Windows\ehome\ehmsas.exe
4116 C:\Program Files\Dell\QuickSet\quickset.exe
4124 C:\Program Files\Windows Media Player\wmpnetwk.exe
4564 WmiPrvSE.exe
4588 WmiPrvSE.exe
4676 C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
4832 C:\Program Files\iPod\bin\iPodService.exe
5236 C:\Program Files\Internet Explorer\iexplore.exe
5296 C:\Program Files\Internet Explorer\iexplore.exe
5528 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
2108 C:\Windows\System32\SearchProtocolHost.exe
2436 C:\Windows\System32\SearchFilterHost.exe
5084 C:\Windows\System32\msfeedssync.exe
4352 C:\Program Files\Internet Explorer\iexplore.exe
6072 C:\Windows\System32\dllhost.exe
892 dllhost.exe
3168 dllhost.exe
5400 C:\Users\Imy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`84f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1646GSX, Rev: LB112D

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.5th December 2010, 3:13 am

more_horiz
After the TDSSKiller, I actually went back and ran the scan again and picked delete this time before the MBR scan but I forgot to copy the log when I did that.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.6th December 2010, 1:02 am

more_horiz
Hi,

1. Please download The Avenger by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code:

Registry keys to replace with dummy:
HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .

............................................................................................

I'm livin' life in the fast lane.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyAvenger Log8th December 2010, 1:58 pm

more_horiz
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\system\ControlSet001\Services\ckavutdwa" not found!
Replacement with dummy of registry key "HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.9th December 2010, 5:44 pm

more_horiz
Hi,

Please run ComboFix and post a fresh log here.

............................................................................................

I'm livin' life in the fast lane.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyCombofix Log10th December 2010, 7:38 pm

more_horiz
ComboFix 10-12-09.04 - Imy 12/10/2010 11:05:05.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1140 [GMT -8:00]
Running from: c:\users\Imy\Desktop\commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\zip.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_monitor


((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.

2010-12-10 19:17 . 2010-12-10 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-10 18:46 . 2010-12-10 18:47 -------- d-----w- C:\commy30863c
2010-11-26 17:50 . 2010-11-26 17:50 -------- d-----w- c:\program files\ESET
2010-11-26 17:50 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-22 00:43 . 2010-12-08 13:51 0 ----a-w- C:\backup.reg
2010-11-20 15:36 . 2010-12-08 13:51 574 ----a-w- C:\cleanup.bat
2010-11-14 15:16 . 2010-11-14 15:53 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-13 15:43 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-12 18:51 . 2010-11-12 19:10 -------- d-----w- C:\Commy
2010-11-10 22:25 . 2010-12-10 19:21 -------- d-----w- c:\users\Imy\AppData\Local\temp
2010-11-10 20:41 . 2010-11-10 20:41 -------- d-----w- C:\_OTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-31 17:49 . 2010-10-31 17:42 8280880 ----a-w- c:\users\Imy\FreeDVDDecrypter.exe
2010-10-31 17:32 . 2010-10-31 17:32 1117491 ----a-w- c:\users\Imy\dvdshrink32setup.exe
2010-09-13 13:56 . 2010-10-13 13:22 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-20 21:32 . 2008-07-25 23:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-07-30 23:45 . 2008-04-12 17:06 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-30 23:45 . 2008-04-12 17:06 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-30 23:45 . 2008-04-12 17:06 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-09-04 21:09 . 2010-09-21 19:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-07-30 23:45 . 2008-04-12 17:06 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-30 23:45 . 2008-04-12 17:06 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Mediafly SyncClient"="c:\program files\Mediafly\Mediafly SyncClient\Mediafly.SyncClient.App.exe" [2009-07-21 988672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-20 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-01-19 323280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-21 202256]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-13 1195920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

2;2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R1 svzdjvhl;svzdjvhl;c:\windows\system32\drivers\svzdjvhl.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca9e93133c12a;Google Update Service (gupdate1ca9e93133c12a);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 133104]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-20 30192]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-09-04 84264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-12-06 92288]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-09-04 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-09-04 164808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-28 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-09-04 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-09-04 141792]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2010-03-16 689392]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-09-04 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-09-04 312904]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\nwdelmdm.sys [2007-12-06 92288]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\DRIVERS\nwdelser.sys [2007-12-06 92288]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-12-10 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=16148&l=dis
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - hxxp://racing.youbet.com/wr_9_3/controls/YBUICtrl.cab
DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - hxxps://video.globalwageringservice.com/canvid/canvidplayer8.cab
FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://bing.zugo.com/?cfg=2-80-0-1m2SN
FF - prefs.js: keyword.URL - hxxp://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-80-0-1m2SN&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 11:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\S-1-5-21-2913991826-235692695-175414458-1000\Software\SecuROM\License information*]
"datasecu"=hex:27,71,f3,b3,d8,b2,dc,cf,3d,98,05,b7,16,cc,93,97,a4,47,90,01,ff,
31,54,b9,04,07,85,b3,75,47,6e,20,cb,e5,8f,56,98,29,61,98,0e,71,5f,6c,48,df,\
"rkeysecu"=hex:94,c3,24,e1,fc,ed,c3,f2,3e,03,25,20,fa,3a,7c,63

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3476)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcccoms.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Common Files\McAfee\Core\mchost.exe
.
**************************************************************************
.
Completion time: 2010-12-10 11:29:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-10 19:29
ComboFix2.txt 2010-11-24 05:04
ComboFix3.txt 2010-11-14 15:43
ComboFix4.txt 2010-11-13 16:39
ComboFix5.txt 2010-12-10 19:00

Pre-Run: 43,030,142,976 bytes free
Post-Run: 42,800,500,736 bytes free

- - End Of File - - 75FCDF82C307DE57FB3FF472CA97C4B8

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.12th December 2010, 7:14 pm

more_horiz
Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Rootkit::
    c:\windows\system32\drivers\svzdjvhl.sys

    Driver::
    svzdjvhl

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Message I get from the icon to System Tool malware after removing the malware. - Page 2 Cfscriptb4

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

............................................................................................

I'm livin' life in the fast lane.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyCombofix Log12th December 2010, 9:47 pm

more_horiz
ComboFix 10-12-09.04 - Imy 12/12/2010 13:04:36.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1192 [GMT -8:00]
Running from: c:\users\Imy\Desktop\commy.exe
Command switches used :: c:\users\Imy\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_svzdjvhl


((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-12 21:18 . 2010-12-12 21:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-12 21:18 . 2010-12-12 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-10 19:29 . 2010-12-12 21:31 -------- d-----w- c:\users\Imy\AppData\Local\temp
2010-12-10 18:46 . 2010-12-10 18:47 -------- d-----w- C:\commy30863c
2010-11-26 17:50 . 2010-11-26 17:50 -------- d-----w- c:\program files\ESET
2010-11-26 17:50 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-22 00:43 . 2010-12-08 13:51 0 ----a-w- C:\backup.reg
2010-11-20 15:36 . 2010-12-08 13:51 574 ----a-w- C:\cleanup.bat
2010-11-14 15:16 . 2010-11-14 15:53 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-13 15:43 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-31 17:49 . 2010-10-31 17:42 8280880 ----a-w- c:\users\Imy\FreeDVDDecrypter.exe
2010-10-31 17:32 . 2010-10-31 17:32 1117491 ----a-w- c:\users\Imy\dvdshrink32setup.exe
2010-08-20 21:32 . 2008-07-25 23:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-07-30 23:45 . 2008-04-12 17:06 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-30 23:45 . 2008-04-12 17:06 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-30 23:45 . 2008-04-12 17:06 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-09-04 21:09 . 2010-09-21 19:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-07-30 23:45 . 2008-04-12 17:06 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-30 23:45 . 2008-04-12 17:06 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Mediafly SyncClient"="c:\program files\Mediafly\Mediafly SyncClient\Mediafly.SyncClient.App.exe" [2009-07-21 988672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-20 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-01-19 323280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-21 202256]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-13 1195920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca9e93133c12a;Google Update Service (gupdate1ca9e93133c12a);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 133104]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-20 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-12-06 92288]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-09-04 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-09-04 164808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-28 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-09-04 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-09-04 141792]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2010-03-16 689392]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-09-04 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-09-04 312904]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-09-04 84264]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\nwdelmdm.sys [2007-12-06 92288]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\DRIVERS\nwdelser.sys [2007-12-06 92288]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=16148&l=dis
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - hxxp://racing.youbet.com/wr_9_3/controls/YBUICtrl.cab
DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - hxxps://video.globalwageringservice.com/canvid/canvidplayer8.cab
FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://bing.zugo.com/?cfg=2-80-0-1m2SN
FF - prefs.js: keyword.URL - hxxp://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-80-0-1m2SN&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 13:30
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\S-1-5-21-2913991826-235692695-175414458-1000\Software\SecuROM\License information*]
"datasecu"=hex:27,71,f3,b3,d8,b2,dc,cf,3d,98,05,b7,16,cc,93,97,a4,47,90,01,ff,
31,54,b9,04,07,85,b3,75,47,6e,20,cb,e5,8f,56,98,29,61,98,0e,71,5f,6c,48,df,\
"rkeysecu"=hex:94,c3,24,e1,fc,ed,c3,f2,3e,03,25,20,fa,3a,7c,63

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4084)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcccoms.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\System32\bcmwltry.exe
c:\program files\McAfee\VirusScan\mcods.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Completion time: 2010-12-12 13:37:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-12 21:36
ComboFix2.txt 2010-12-10 19:29
ComboFix3.txt 2010-11-24 05:04
ComboFix4.txt 2010-11-14 15:43
ComboFix5.txt 2010-12-12 21:01

Pre-Run: 42,882,408,448 bytes free
Post-Run: 42,699,931,648 bytes free

- - End Of File - - 0D49BFB693EFD9CEAF7EF4C655157AE9

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.13th December 2010, 4:31 am

more_horiz
Hi,

Message I get from the icon to System Tool malware after removing the malware. - Page 2 Bf_new Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

===========

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

............................................................................................

I'm livin' life in the fast lane.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyMalewarebyte Log13th December 2010, 9:55 pm

more_horiz
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5308

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

12/13/2010 1:52:50 PM
mbam-log-2010-12-13 (13-52-50).txt

Scan type: Quick scan
Objects scanned: 151240
Time elapsed: 14 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyESET log14th December 2010, 12:30 am

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.14th December 2010, 12:43 am

more_horiz
Hi,

How is your computer running now?

............................................................................................

I'm livin' life in the fast lane.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 Empty:)14th December 2010, 8:12 pm

more_horiz
Looks like its running good now, its faster thats for sure and nothing is being picked up from my scanner. Thank you very much for your help, I wasn't sure what I was going to be able to do with how that little sucker kept on poping up everytime I would think I had it dealt with.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.16th December 2010, 6:38 pm

more_horiz
You're welcome, glad to help. Smile...

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools

Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


============

Service Pack upgrade

Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: Here

============

Update Programs

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

===============

Staying Protected

If you don't have a Anti-Virus I recommend to download these free Anti-Virus programs:
1. Avast!
2. Avira
3. Microsoft Security Essentials

If you don't have a good firewall I recommend these free firewalls:
1. Comodo Firewall
2. Tallemu Online Armor

I recommend using MalwareBytes Anti-Malware for a anti-malware program.

If you don't have a anti-spyware I recommend to download these free programs to help keep you spyware free:
1. SpywareBlaster
2. Spybot - Search & Destroy

Please don't download more than one Anti-virus, firewall, or anti-spyware because they will conflict with each other making your computer slow, data loss, and false results so please just don't do it.

================

Here are some prevention tips:

1. Torrents are a conduit of malware; this is why we highly recommend not using them as chances are extremely high that you will be infected from them.

2. Cracks/warez/keygens are another conduit of malware and are illegal so don't use them.

3. Disable auto-run to prevent auto-run worms from infecting your machine through USB drives.XP or Vista/7

4. Always make sure you have the latest Windows update.

5. Use a Site Advisor so you don't go to sites that will infect you. Web-of-Trust or Mcafee Siteadvisor

6. Also there are many holes and flaws in Internet Explorer I recommend using Firefox or Google Chrome to keep you more safe.

7. Always keep your Java and Adobe Reader updated and all older versions removed to keep clear from exploits.

8. Don't fall for Scareware. What is Scareware? A rogue anti-virus on your system that will scare you into buying their fake software due to false detections.

9. Be sure to always have a firewall and anti-virus installed at all times.

Thanks for choosing GeekPolice, see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information on keeping yourself safe please visit Here

............................................................................................

I'm livin' life in the fast lane.

descriptionMessage I get from the icon to System Tool malware after removing the malware. - Page 2 EmptyRe: Message I get from the icon to System Tool malware after removing the malware.

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum