"disk antivirus professional"- removal

Hi
I got the disk antivirus proffesional virus late last week from trying to stream a movie from letmewatchthis.com

I initially had trouble starting my computer in safe mode w/ networking because my F8 button will not work.. so I was connected to a network for approximately 20 mins while it was popping up its ads and not letting me open anything

so i shut down and turned my laptop off over the weekend to do some research, change all my passwords from a secure computer, and then i followed the READ and RUN ME thread completely.
however before i found your forum was when i ran the maleware bytes (1st attatchement) this morning. i had also run the rouge killer this morning. with both of these i deleted/quarentined after. the other scans i did this evening (hitpro,mg,tdss) i did not act upon due to your warning.

I have attatched 5 of the reports, I have more reports for malwarebytes and rougekiller if those would be neccesary to see as well.

Any information I could get from you would be so appreciated, I am worried after reading about backdoor trojans/rootkits...
thanks very much and hope to hear back

 

Hello TimW
I have attatched the hitmanpro log after deleting both:
C:\Windows\iscsdmin.dll
C:\Windows\System32\iscsdmin64.dll

and rebooting.

i have attatched the final RK report [7] of what it looks like today, after the reboot from Hitmanpro.

report [2] and [3] show the before and after initial scans which i ran (and then deleted the whole list...) before I found your forum!!!!:-o

this was yesturday morning, which is when i restarted my laptop after 5 days of avoiding it and ***was suprised to see that the disk antivirus pop ups did not start popping up...***

let me know if thats an issue ( the deleting), and what I do with the RK_quarantine folder now on my desktop?

sincerely thank you for your follow up,
B.B.

 

none, i have switched all my passwords post these scans, so I should be secure now to work on my laptop with banking and school?
Thanks very much for your help, can I delete the RK-quarantine folder on my desktop??

B.B

 

Dear TimW
my laptop is definitly not running properly, it has slowed down significantly and my university mail (run by Zimbra) will not ever load,.. i have to use the " click here if you are using a slow connection or old computer, to the standard HTML version".. this has never happened before.

Also, I just recieved 3 text messages from microsoft to my phone, verification code's, which as far as I can research means that someone is trying to get into my hotmail account? The first verification code got text to me the night I got the virus. Then i recieved none until today (3 in a row).

also, my internet explorer keeps having a issue, needs to search for a solution and then close the tab.
This happens consistantly, almost everytime I open it up.

plus, I can physically hear my laptop running from somewhere inside, under the left side, making alittle scratching noise.

I am in the last 2 weeks of school right now,writing papers and researching, I dont have the time to reformat it but I feel that damage has been done by this rootkit.zeroaccess/trojan that has not been elimated with the scans.

What do you recommend?
I would like to just use it the next 2 weeks to get school over with and then have summer break to reformat, but are all of my accounts continuing to be comprimised? I feel that a keystroke logger dosent exist if this person is needing to ask Microsoft for a verification code to try and change my hotmail password.

Let me know what you think!
B.B